Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Trojans & Worms


  • This topic is locked This topic is locked
7 replies to this topic

#1 paintboxz

paintboxz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 24 January 2016 - 10:56 PM

Windows Defender finds them but never gets rid of them.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by William (administrator) on WILLIAM-PC (25-01-2016 14:38:13)
Running from C:\Users\William\Desktop\BleepingComputer
Loaded Profiles: William (Available Profiles: William & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cepstral, LLC) C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
(EasyTech) C:\Program Files (x86)\Easy-Hide-IP VPN\rdr\EasyRedirect.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Easy-Hide-IP VPN\eh.vpn.service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
() C:\ProgramData\Google\update\GoogleUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SanDisk Corporation) C:\Users\William\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Corel Corporation) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Cisco WebEx LLC) C:\ProgramData\WebEx\WebEx\500\nbrplay.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\natspeak.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking13\dgnuiasvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking13\x64\dgnuiasvr_x64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dnsspserver.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking13\dragonbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-12-23] (alch)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1696288 2015-02-27] (SPAMfighter ApS)
HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1050656 2015-12-03] (SPAMfighter ApS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [BingSvc] => C:\Users\William\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [Spotify Web Helper] => C:\Users\William\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-05] (Spotify Ltd)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [Spotify] => C:\Users\William\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-11-05] (Spotify Ltd)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [EADM] => "C:\Users\Public\Desktop\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Run: [SansaDispatch] => C:\Users\William\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465288 2016-01-01] (SanDisk Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-01-09]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-01-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk [2016-01-09]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\Windows\system32\EasyRedirect64.dll [549808 2015-09-12] (EasyTech)
Winsock: Catalog9-x64 02 C:\Windows\system32\EasyRedirect64.dll [549808 2015-09-12] (EasyTech)
Winsock: Catalog9-x64 03 C:\Windows\system32\EasyRedirect64.dll [549808 2015-09-12] (EasyTech)
Winsock: Catalog9-x64 04 C:\Windows\system32\EasyRedirect64.dll [549808 2015-09-12] (EasyTech)
Winsock: Catalog9-x64 05 C:\Windows\system32\EasyRedirect64.dll [549808 2015-09-12] (EasyTech)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{29f93166-8448-43f2-99d3-0feeb783be98}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{97f35d49-6872-4a73-8079-80ddb74b82a4}: [DhcpNameServer] 50.57.66.64
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130968578656855263&GUID=231ECDAF-E854-40C7-81D0-3A25F6553540
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130968578656862095&GUID=231ECDAF-E854-40C7-81D0-3A25F6553540
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3624931555-994906809-619854106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-3624931555-994906809-619854106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-08] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-23] (Nuance Communications, Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-23] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-09] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://dorseywrightspecialevents.webex.com/client/WBXclient-T30L10NSP4EP1-10006/nbr/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-3624931555-994906809-619854106-1000 -> hxxp://www.google.com
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-23] (Nuance Communications, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-23] (Nuance Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/calendar/render
CHR StartupUrls: Default -> "hxxps://calendar.google.com/calendar/render#main_7"
CHR DefaultSearchKeyword: Default -> google.com.au__
CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-10]
CHR Extension: (SEOquake) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-01-19]
CHR Extension: (Theme Creator) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-11-28]
CHR Extension: (Fairshare Unlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae [2016-01-08]
CHR Extension: (Web Developer) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-12-11]
CHR Extension: (ColorZilla) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-11-10]
CHR Extension: (Adblock Plus) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-06]
CHR Extension: (Dragon Web Extension) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-11-12]
CHR Extension: (MozBar) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-01-24]
CHR Extension: (Cleanflight - Configurator) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\enacoimjcgeinfnnnpajinjgmkahmfgb [2015-11-30]
CHR Extension: (Google Sheets) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10]
CHR Extension: (SEO Site Tools, Site Analysis) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\femogmcmjpjkokoojcljkpfdifkpbbpp [2016-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20]
CHR Extension: (Bookmark Manager) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-11-12]
CHR Extension: (SEO & Website Analysis) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2016-01-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-10]
CHR Extension: (Delicious Bookmarks) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnapbapmncaacbfijemonkinanfaebhm [2015-12-11]
CHR Extension: (Poppit!) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-01-18]
CHR Extension: (Print Friendly & PDF) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2016-01-15]
CHR HKU\S-1-5-21-3624931555-994906809-619854106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\William\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-10]
CHR HKU\S-1-5-21-3624931555-994906809-619854106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [71680 2013-10-21] (Cepstral, LLC) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-23] (Nuance Communications, Inc.)
R2 Easy-Hide-IP VPN Controller; C:\Program Files (x86)\Easy-Hide-IP VPN\eh.vpn.service.exe [13744 2015-09-12] ()
R2 EasyRedirect; C:\Program Files (x86)\Easy-Hide-IP VPN\rdr\EasyRedirect.exe [4309424 2015-09-12] (EasyTech)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2631760 2014-12-25] (NCH Software)
R2 gprotect; C:\ProgramData\Google\update\GoogleUpdate.exe [308016 2016-01-13] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2015-12-03] (SPAMfighter ApS)
R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2015-11-13] (SPAMfighter ApS)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TBFTPSyncService; C:\Program Files\TurboFTP\tftpsvc.exe [3944448 2014-11-17] (TurboSoft,Inc) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WMModules; C:\ProgramData\Google\update\GoogleUpdate.exe [308016 2016-01-13] ()
S3 Origin Client Service; "C:\Users\Public\Desktop\Origin\OriginClientService.exe" [X]
S2 WSModules; "C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-04] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-16] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-21] (Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 14:12 - 2016-01-25 14:12 - 00017173 _____ C:\Users\William\AppData\Local\recently-used.xbel
2016-01-25 14:00 - 2016-01-25 14:00 - 00001141 _____ C:\Users\William\Downloads\google-analytics-for-content-marketers-1.ics
2016-01-25 12:15 - 2016-01-25 12:15 - 00021778 _____ C:\Users\William\Documents\logo2016_grey.xcf
2016-01-25 12:12 - 2016-01-25 12:12 - 00000058 _____ C:\Users\William\.gtk-bookmarks
2016-01-25 12:09 - 2016-01-25 12:09 - 00052422 _____ C:\Users\William\Downloads\save_for_web_0.28.6_win32.zip
2016-01-25 12:09 - 2016-01-25 12:09 - 00000000 ____D C:\Users\William\Downloads\save_for_web_0.28.6_win32
2016-01-25 11:01 - 2016-01-25 11:01 - 00000000 ____D C:\Users\William\AppData\Local\WebEx
2016-01-25 11:01 - 2016-01-25 11:01 - 00000000 ____D C:\ProgramData\WebEx
2016-01-25 11:00 - 2016-01-25 11:01 - 00000000 ____D C:\Users\William\AppData\LocalLow\WebEx
2016-01-24 14:10 - 2016-01-24 14:10 - 00118409 _____ C:\Users\William\Downloads\[kat.cr]adobe.creative.cloud.2015.v3.0.15.01.2016.master.collection.sadeempc (2).torrent
2016-01-24 14:09 - 2016-01-24 14:09 - 00118409 _____ C:\Users\William\Downloads\[kat.cr]adobe.creative.cloud.2015.v3.0.15.01.2016.master.collection.sadeempc (1).torrent
2016-01-24 14:05 - 2016-01-24 14:05 - 00118409 _____ C:\Users\William\Downloads\[kat.cr]adobe.creative.cloud.2015.v3.0.15.01.2016.master.collection.sadeempc.torrent
2016-01-24 12:59 - 2016-01-24 13:00 - 00000275 _____ C:\Users\William\Desktop\settings.htm
2016-01-24 11:34 - 2016-01-24 11:34 - 00044092 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e07.hdtv.x264.fleet.rartv.torrent
2016-01-24 11:33 - 2016-01-24 11:33 - 00126160 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e08.720p.hdtv.x264.killers.rartv.torrent
2016-01-24 10:51 - 2016-01-24 10:51 - 00006435 _____ C:\Users\William\Downloads\[kat.cr]betty.edwards.garantiert.zeichnen.lernen.torrent
2016-01-24 10:50 - 2016-01-24 10:50 - 00003067 _____ C:\Users\William\Downloads\[kat.cr]color.by.betty.edwards.a.course.in.mastering.the.art.of.mixing.colors.the.new.drawing.on.the.right.side.of.the.brain.torrent
2016-01-24 10:38 - 2016-01-24 10:38 - 00000000 ___HD C:\OneDriveTemp
2016-01-23 19:17 - 2016-01-23 19:18 - 1667524380 ____N C:\Users\William\Desktop\GOPR0493.MP4
2016-01-23 19:17 - 2016-01-23 19:17 - 22208100 ____N C:\Users\William\Desktop\GOPR0492.MP4
2016-01-23 19:17 - 2016-01-23 19:17 - 15003415 ____N C:\Users\William\Desktop\GOPR0491.MP4
2016-01-23 19:16 - 2016-01-23 19:17 - 1528471263 ____N C:\Users\William\Desktop\GOPR0490.MP4
2016-01-23 19:04 - 2016-01-23 19:04 - 00000548 _____ C:\Users\William\Downloads\[kat.cr]secrets.to.creating.passive.income.and.becoming.financially.free.torrent
2016-01-23 19:03 - 2016-01-23 19:04 - 00000969 _____ C:\Users\William\Downloads\[kat.cr]a.guide.to.making.passive.income.pdf.torrent
2016-01-23 19:03 - 2016-01-23 19:03 - 00002344 _____ C:\Users\William\Downloads\[kat.cr]the.critical.guide.to.passive.income.a.thorough.exploration.glodls.torrent
2016-01-23 18:15 - 2016-01-23 19:11 - 00014615 _____ C:\Users\William\Documents\untitled_AutoSave.gcs
2016-01-23 12:51 - 2016-01-23 12:51 - 00010865 _____ C:\Users\William\Downloads\[kat.cr]klimt.world.of.art.ebook.pdf.torrent
2016-01-23 12:50 - 2016-01-23 12:50 - 00018133 _____ C:\Users\William\Downloads\[kat.cr]klimt.judith.i.100.paintings.art.ebook.pdf.torrent
2016-01-23 12:50 - 2016-01-23 12:50 - 00011649 _____ C:\Users\William\Downloads\[kat.cr]gustav.klimt.1862.1918.the.world.in.female.form.art.ebook.pdf.torrent
2016-01-23 12:20 - 2016-01-23 12:20 - 00000000 ____D C:\Users\William\Documents\Add-in Express
2016-01-23 11:05 - 2016-01-23 11:05 - 00097660 _____ C:\Users\William\Downloads\[kat.cr]oxford.advanced.learner.s.dictionary.8th.edition.3.0.30.android.torrent
2016-01-23 10:39 - 2016-01-23 11:07 - 72658944 _____ C:\Users\William\Downloads\calibre-64bit-2.49.0.msi
2016-01-22 20:01 - 2016-01-22 20:01 - 00000000 ____D C:\Users\William\AppData\Roaming\MPC-HC
2016-01-22 20:00 - 2016-01-22 20:00 - 00005315 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e05.web.dl.xvid.fum.ettv.torrent
2016-01-22 16:33 - 2016-01-22 16:36 - 00001344 _____ C:\Users\William\Desktop\footer.php
2016-01-22 16:04 - 2016-01-22 16:04 - 00007240 _____ C:\Users\William\Downloads\elegant-themes-updater (1).zip
2016-01-22 16:01 - 2016-01-22 16:03 - 00044512 _____ C:\Users\William\Downloads\et-shortcodes.zip
2016-01-22 16:01 - 2016-01-22 16:01 - 03648546 _____ C:\Users\William\Downloads\divi-builder (1).zip
2016-01-22 15:39 - 2016-01-22 15:40 - 00000504 _____ C:\Users\William\Desktop\functions.php
2016-01-22 13:13 - 2016-01-22 13:13 - 00045270 _____ C:\Users\William\Downloads\[kat.cr]egon.schiele.141.dipinti.espressionisti.jpg.jpeg.torrent
2016-01-22 13:12 - 2016-01-22 13:12 - 00013586 _____ C:\Users\William\Downloads\[kat.cr]egon.schiele.paintings.art.ebook.pdf.torrent
2016-01-22 13:12 - 2016-01-22 13:12 - 00011232 _____ C:\Users\William\Downloads\[kat.cr]egon.schiele.world.of.art.ebook.pdf.torrent
2016-01-22 13:03 - 2016-01-25 14:12 - 00000000 ____D C:\Users\William\AppData\Local\gtk-2.0
2016-01-22 12:11 - 2016-01-22 12:11 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-01-22 12:03 - 2016-01-22 12:08 - 96819488 _____ (The GIMP Team ) C:\Users\William\Downloads\gimp-2.8.16-setup.exe
2016-01-22 10:26 - 2016-01-22 10:29 - 00000157 _____ C:\Users\William\Documents\what.omm
2016-01-22 10:23 - 2016-01-22 10:29 - 00000000 ____D C:\Users\William\Documents\OmmWriter
2016-01-22 10:23 - 2016-01-22 10:23 - 00000000 ____D C:\Users\William\AppData\Local\HerraizSoto
2016-01-22 10:21 - 2016-01-22 10:22 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-01-22 10:21 - 2016-01-22 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-22 10:20 - 2016-01-22 10:20 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OmmWriter
2016-01-22 10:20 - 2016-01-22 10:20 - 00000000 ____D C:\Program Files (x86)\HerraizSoto
2016-01-22 10:19 - 2016-01-22 10:20 - 38248161 _____ (KLCP ) C:\Users\William\Downloads\K-Lite_Codec_Pack_1185_Full.exe
2016-01-22 10:15 - 2016-01-22 10:20 - 148411034 _____ C:\Users\William\Downloads\OmmWriter_Dana_II_pc_2013.zip
2016-01-22 10:04 - 2016-01-22 10:05 - 00012990 _____ C:\Users\William\Downloads\[kat.cr]scrivener.2.6.for.mac.os.x.torrent
2016-01-21 15:59 - 2016-01-25 11:50 - 00000000 ____D C:\Users\William\.thumbnails
2016-01-21 15:55 - 2016-01-25 14:12 - 00000000 ____D C:\Users\William\.gimp-2.8
2016-01-21 15:55 - 2016-01-21 15:55 - 00000000 ____D C:\Users\William\AppData\Local\gegl-0.2
2016-01-21 15:55 - 2016-01-21 15:55 - 00000000 ____D C:\Users\William\AppData\Local\fontconfig
2016-01-21 15:47 - 2016-01-22 12:11 - 00000000 ____D C:\Program Files\GIMP 2
2016-01-21 15:46 - 2016-01-21 15:46 - 00033656 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e06.hdtv.x264.fleet.rartv.torrent
2016-01-21 15:45 - 2016-01-21 15:45 - 00109113 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e05.720p.hdtv.x264.fleet.rartv.torrent
2016-01-21 15:43 - 2016-01-21 15:43 - 00014159 _____ C:\Users\William\Downloads\[kat.cr]the.last.kingdom.s01e04.720p.hdtv.x264.killers.ettv.torrent
2016-01-21 15:38 - 2016-01-21 15:38 - 00000000 ____D C:\Users\William\Desktop\New folder
2016-01-21 15:25 - 2016-01-21 15:26 - 00009617 _____ C:\Users\William\Downloads\gimp-2.8.16-setup.exe.torrent
2016-01-21 13:05 - 2016-01-22 14:34 - 00000000 ____D C:\Users\William\Desktop\radtest
2016-01-21 10:31 - 2016-01-21 10:31 - 00130972 _____ C:\Users\William\Downloads\Analytics All Web Site Data Audience Overview 20151221-20160120.pdf
2016-01-20 16:12 - 2015-06-26 00:00 - 00028579 _____ C:\Users\William\Desktop\index.htm
2016-01-20 14:32 - 2016-01-25 14:38 - 00000000 ____D C:\Users\William\Desktop\BleepingComputer
2016-01-20 14:31 - 2016-01-25 14:38 - 00000000 ____D C:\FRST
2016-01-20 08:43 - 2016-01-24 19:34 - 00000000 ____D C:\Users\William\AppData\Roaming\tixati
2016-01-20 08:43 - 2016-01-20 08:43 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-01-20 08:43 - 2016-01-20 08:43 - 00000000 ____D C:\Program Files\tixati
2016-01-19 18:17 - 2016-01-19 19:30 - 00000000 ____D C:\Users\William\Downloads\Billions.S01E02.HDTV.x264-BATV[ettv]
2016-01-19 18:12 - 2016-01-19 18:16 - 00000000 ____D C:\Users\William\Downloads\Truth.2015.BRRip.XviD.AC3-ETRG
2016-01-19 18:11 - 2016-01-19 19:56 - 00000000 ____D C:\Users\William\Downloads\Spectre 2015 1080p BluRay x264 DTS-JYK
2016-01-19 18:10 - 2016-01-19 18:59 - 00000000 ____D C:\Users\William\Downloads\Band.of.Robbers.2015.HDRip.XViD-ETRG
2016-01-19 15:25 - 2016-01-19 15:25 - 02265088 _____ C:\Users\William\Desktop\RadTest.mdb
2016-01-18 23:13 - 2016-01-20 03:36 - 00000000 ____D C:\EEK
2016-01-18 15:00 - 2016-01-18 15:02 - 00000000 ____D C:\AdwCleaner
2016-01-18 14:58 - 2016-01-18 14:59 - 00093772 _____ C:\TDSSKiller.3.1.0.9_18.01.2016_14.58.15_log.txt
2016-01-18 14:14 - 2016-01-19 18:13 - 00000000 ____D C:\Users\William\Downloads\Abraham-Hicks 2009 ALL 52 FULL Workshops Collection v1
2016-01-18 14:14 - 2016-01-18 14:25 - 00000000 ____D C:\Users\William\Downloads\Abraham-Hicks Vortex Guided Meditations CD+Guide
2016-01-18 14:13 - 2016-01-18 14:19 - 00000000 ____D C:\Users\William\Downloads\Abraham-Hicks 2008 CDs
2016-01-17 10:05 - 2016-01-17 10:07 - 00000000 ____D C:\Users\William\Downloads\Seth Speaks by Jane Roberts [audiobook]
2016-01-16 18:22 - 2016-01-16 18:22 - 00000000 _____ C:\autoexec.bat
2016-01-16 18:21 - 2016-01-16 18:21 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-01-15 15:36 - 2016-01-15 15:36 - 00046460 _____ C:\Users\William\Downloads\elthamwebdesign.com.au-Professional Web Site Design Package  Eltham Web Design.pdf
2016-01-14 14:15 - 2016-01-14 14:15 - 00000000 ____D C:\Users\William\Documents\Electronic Arts
2016-01-14 10:22 - 2016-01-14 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-14 10:22 - 2016-01-14 10:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-14 10:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-14 10:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-14 10:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-14 10:19 - 2016-01-14 10:21 - 22908888 _____ (Malwarebytes ) C:\Users\William\Downloads\mbam-setup-2.2.0.1024 (1).exe
2016-01-14 10:04 - 2016-01-14 10:04 - 00927824 _____ (Google Inc.) C:\Users\William\Downloads\ChromeSetup.exe
2016-01-14 08:53 - 2016-01-14 08:53 - 00000000 ____D C:\Users\William\Documents\security_outlook
2016-01-14 08:51 - 2016-01-14 08:51 - 00000000 ____D C:\Users\William\AppData\Local\Downloaded Installations
2016-01-14 08:27 - 2016-01-25 11:01 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
2016-01-13 19:05 - 2016-01-13 19:05 - 00000000 ____D C:\ProgramData\Google
2016-01-13 16:32 - 2016-01-05 13:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 16:32 - 2016-01-05 13:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 16:32 - 2016-01-05 13:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 16:32 - 2016-01-05 13:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 16:32 - 2016-01-05 13:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 16:32 - 2016-01-05 13:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 16:32 - 2016-01-05 13:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 16:32 - 2016-01-05 13:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 16:32 - 2016-01-05 13:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 16:32 - 2016-01-05 13:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 16:32 - 2016-01-05 13:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 16:32 - 2016-01-05 13:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 16:32 - 2016-01-05 13:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 16:32 - 2016-01-05 13:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 16:32 - 2016-01-05 13:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 16:32 - 2016-01-05 13:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 16:32 - 2016-01-05 13:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 16:32 - 2016-01-05 13:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 16:32 - 2016-01-05 13:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 16:32 - 2016-01-05 13:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 16:32 - 2016-01-05 13:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 16:32 - 2016-01-05 13:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 16:32 - 2016-01-05 13:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 16:32 - 2016-01-05 13:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 16:32 - 2016-01-05 12:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 16:32 - 2016-01-05 12:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 16:32 - 2016-01-05 12:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 16:32 - 2016-01-05 12:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 16:32 - 2016-01-05 12:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 16:32 - 2016-01-05 12:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 16:32 - 2016-01-05 12:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 16:32 - 2016-01-05 12:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 16:32 - 2016-01-05 12:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 16:32 - 2016-01-05 12:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 16:32 - 2016-01-05 12:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 16:32 - 2016-01-05 12:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 16:32 - 2016-01-05 12:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 16:32 - 2016-01-05 12:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 16:32 - 2016-01-05 12:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 16:32 - 2016-01-05 12:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 16:32 - 2016-01-05 12:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 16:32 - 2016-01-05 12:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 16:32 - 2016-01-05 12:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 16:32 - 2016-01-05 12:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 16:32 - 2016-01-05 12:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 16:32 - 2016-01-05 12:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 16:32 - 2016-01-05 12:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 16:32 - 2016-01-05 12:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 16:32 - 2016-01-05 12:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 16:32 - 2016-01-05 12:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 16:32 - 2016-01-05 12:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 16:32 - 2016-01-05 12:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 16:32 - 2016-01-05 12:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 16:32 - 2016-01-05 12:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 16:32 - 2016-01-05 12:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 16:32 - 2016-01-05 12:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 16:32 - 2016-01-05 12:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 16:32 - 2016-01-05 12:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 16:32 - 2016-01-05 12:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 16:32 - 2016-01-05 12:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 16:32 - 2016-01-05 12:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 16:32 - 2016-01-05 12:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 16:32 - 2016-01-05 12:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 16:32 - 2016-01-05 12:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 16:32 - 2016-01-05 12:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 16:32 - 2016-01-05 12:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 16:32 - 2016-01-05 12:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 16:32 - 2016-01-05 12:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 16:32 - 2016-01-05 12:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 16:32 - 2016-01-05 12:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 16:32 - 2016-01-05 12:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 16:32 - 2016-01-05 12:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 16:32 - 2016-01-05 12:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 16:32 - 2016-01-05 12:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 16:32 - 2016-01-05 12:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 16:32 - 2016-01-05 12:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 09:31 - 2016-01-19 21:33 - 00000000 ____D C:\Users\William\AppData\Roaming\FileZilla
2016-01-13 09:31 - 2016-01-13 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-01-13 09:31 - 2016-01-13 09:34 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-01-13 09:31 - 2016-01-13 09:31 - 06539752 _____ (Tim Kosse) C:\Users\William\Downloads\FileZilla_3.14.1_win64-setup.exe
2016-01-13 09:30 - 2016-01-13 09:30 - 06477032 _____ (Tim Kosse) C:\Users\William\Downloads\FileZilla_3.11.0.2_win64-setup.exe
2016-01-13 09:27 - 2016-01-14 11:26 - 00000000 ____D C:\Users\William\AppData\Roaming\FileZilla Server
2016-01-13 09:25 - 2016-01-13 09:26 - 02162320 _____ (FileZilla Project) C:\Users\William\Downloads\FileZilla_Server-0_9_54.exe
2016-01-12 19:48 - 2016-01-12 19:48 - 01088135 _____ C:\Users\William\Desktop\AE, Systematically Attract AAA Customers v1.9.1.pdf
2016-01-12 19:00 - 2016-01-12 19:00 - 00220942 _____ C:\Users\William\Desktop\BID-e-Commerce-Hosting-Brochure.pdf
2016-01-12 18:59 - 2016-01-12 18:59 - 00227182 _____ C:\Users\William\Desktop\BID-Pro-Package-Hosting-Brochure.pdf
2016-01-11 11:09 - 2016-01-23 14:51 - 00003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForWilliam
2016-01-11 11:09 - 2016-01-23 14:51 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job
2016-01-09 16:27 - 2016-01-09 16:32 - 00000000 ____D C:\Users\William\Downloads\Eartha Kitt Smoke Gets in Your Eyes The Ultimate Collection of Her Greatest Hits(mp3@320)[rogercc][h33t]
2016-01-09 14:57 - 2016-01-10 16:33 - 838991791 _____ C:\Users\William\Downloads\The.Revenant.2015.DVDSCR.800MB.ShAaNiG.mkv
2016-01-09 14:57 - 2016-01-09 14:58 - 00000000 ____D C:\Users\William\Downloads\Diablo.2016.HDRip.XviD.AC3-EVO
2016-01-09 14:50 - 2016-01-09 14:51 - 02321672 _____ (Acute Systems ) C:\Users\William\Downloads\tmsetup.exe
2016-01-09 14:39 - 2016-01-09 14:43 - 00000000 ____D C:\ProgramData\Oracle
2016-01-09 14:39 - 2016-01-09 14:39 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\Users\William\AppData\Roaming\Sun
2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\Users\William\AppData\LocalLow\Sun
2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\Users\William\.oracle_jre_usage
2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-09 14:39 - 2016-01-09 14:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-09 14:35 - 2016-01-09 14:35 - 00000000 ____D C:\Users\William\AppData\LocalLow\Oracle
2016-01-09 14:34 - 2016-01-09 14:34 - 01704531 _____ C:\Users\William\Downloads\hfsexplorer-0.23.1-setup.exe
2016-01-09 13:06 - 2016-01-09 13:06 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-01-09 12:54 - 2016-01-09 13:01 - 330494760 _____ (AMD Inc.) C:\Users\William\Downloads\whql-radeon-software-crimson-edition-16.1-64bit-win10-win8.1-win7-jan7.exe
2016-01-09 12:51 - 2016-01-09 12:51 - 00000000 ____D C:\Users\William\AppData\Roaming\ATI
2016-01-09 12:51 - 2016-01-09 12:51 - 00000000 ____D C:\Users\William\AppData\Local\ATI
2016-01-09 12:51 - 2016-01-09 12:51 - 00000000 ____D C:\ProgramData\ATI
2016-01-08 18:23 - 2016-01-08 18:23 - 00020257 _____ C:\Users\William\Downloads\[kat.cr]the.10x.rule.audiobook.torrent
2016-01-08 16:32 - 2016-01-08 16:32 - 00007966 _____ C:\Users\William\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-01-08 16:20 - 2016-01-21 18:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-08 16:19 - 2016-01-08 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 16:15 - 2016-01-08 16:19 - 22908888 _____ (Malwarebytes ) C:\Users\William\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 12:11 - 2016-01-15 17:17 - 00000000 ____D C:\Users\William\Documents\BlogCasts for Eltham Web Design
2016-01-08 10:44 - 2016-01-08 10:44 - 00069095 _____ C:\Users\William\Downloads\[kat.cr]goosebumps.2015.1080p.web.dl.aac2.0.h264.rarbg.torrent
2016-01-07 13:31 - 2016-01-14 11:56 - 00000132 _____ C:\Users\William\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-07 13:28 - 2016-01-07 13:28 - 00000000 ____D C:\Users\William\AppData\Local\AMD
2016-01-07 12:33 - 2016-01-07 12:33 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-07 11:29 - 2016-01-07 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-01-07 11:29 - 2016-01-07 11:29 - 00000000 ____D C:\Program Files\ATI Technologies
2016-01-07 09:09 - 2016-01-07 09:09 - 00000000 ____D C:\Users\William\AppData\Roaming\library_dir
2016-01-07 09:07 - 2016-01-19 08:53 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-01-07 09:07 - 2016-01-07 11:29 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-01-07 09:07 - 2016-01-07 11:28 - 00000000 ____D C:\Program Files (x86)\AMD
2016-01-07 09:06 - 2016-01-07 09:06 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-01-07 09:06 - 2016-01-07 09:06 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-01-07 09:05 - 2016-01-09 13:03 - 00000000 ____D C:\Program Files\AMD
2016-01-07 09:04 - 2016-01-25 11:01 - 00000000 ____D C:\AMD
2016-01-07 08:52 - 2016-01-07 08:52 - 06737632 _____ (Advanced Micro Devices) C:\Users\William\Downloads\amdcleanuputility.exe
2016-01-07 08:50 - 2016-01-07 08:50 - 04947168 _____ (Advanced Micro Devices, Inc.) C:\Users\William\Downloads\autodetectutility.exe
2016-01-06 18:12 - 2016-01-18 14:44 - 00000000 ____D C:\Users\William\Downloads\Barbara Bonney, Geoffrey Parsons - Schubert Lieder
2016-01-06 18:11 - 2016-01-06 18:11 - 00014005 _____ C:\Users\William\Downloads\[kat.cr]barbara.bonney.geoffrey.parsons.schubert.lieder.torrent
2016-01-06 18:11 - 2016-01-06 18:11 - 00014005 _____ C:\Users\William\Downloads\[kat.cr]barbara.bonney.geoffrey.parsons.schubert.lieder (2).torrent
2016-01-06 18:11 - 2016-01-06 18:11 - 00014005 _____ C:\Users\William\Downloads\[kat.cr]barbara.bonney.geoffrey.parsons.schubert.lieder (1).torrent
2016-01-06 11:36 - 2016-01-06 11:36 - 00082057 _____ C:\Users\William\Downloads\impreza-retina-responsive-wordpress-theme-license.pdf
2016-01-06 11:34 - 2016-01-06 11:34 - 00000820 _____ C:\Users\William\Downloads\impreza-retina-responsive-wordpress-theme-license.txt
2016-01-05 19:05 - 2016-01-05 19:05 - 00197389 _____ C:\Users\William\Downloads\R5D4 (1).pdf
2016-01-05 17:14 - 2016-01-05 17:14 - 00002727 _____ C:\Users\William\Downloads\2016.01.05INGDirectTransactions.csv
2016-01-05 16:57 - 2016-01-05 16:57 - 01098800 _____ C:\Users\William\Downloads\statement-42665566.pdf
2016-01-05 16:10 - 2016-01-05 16:10 - 00197389 _____ C:\Users\William\Downloads\R5D4.pdf
2016-01-05 15:07 - 2016-01-05 15:07 - 02392335 _____ C:\Users\William\Downloads\i2.m4a
2016-01-05 11:54 - 2016-01-05 11:54 - 00045888 _____ C:\Users\William\Downloads\socialmention_keywords.csv
2016-01-05 10:49 - 2016-01-05 10:49 - 00330910 _____ C:\Users\William\Downloads\Back-Links-With-Image-Directories.pdf
2016-01-05 10:45 - 2016-01-08 17:29 - 00000000 ____D C:\Users\William\Desktop\SEO Resources
2016-01-04 14:22 - 2016-01-09 12:53 - 00000923 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2016-01-04 08:53 - 2016-01-04 08:53 - 00000000 ____D C:\Users\William\AppData\Roaming\Hewlett-Packard
2016-01-03 18:03 - 2016-01-03 18:03 - 00000000 ____D C:\System.sav
2016-01-03 18:03 - 2016-01-03 18:03 - 00000000 ____D C:\ProgramData\Visan
2016-01-03 18:03 - 2016-01-03 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-01-03 18:02 - 2016-01-19 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-03 18:02 - 2016-01-10 18:47 - 00000000 ____D C:\Users\William\AppData\Roaming\HpUpdate
2016-01-03 18:02 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM9511.dll
2016-01-03 18:01 - 2016-01-03 18:02 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-03 18:01 - 2016-01-03 18:01 - 00000057 _____ C:\ProgramData\Ament.ini
2016-01-03 18:01 - 2016-01-03 18:01 - 00000000 ____D C:\Users\William\AppData\Roaming\hpqLog
2016-01-03 18:01 - 2016-01-03 18:01 - 00000000 ____D C:\ProgramData\HP
2016-01-03 18:01 - 2016-01-03 18:01 - 00000000 ____D C:\Program Files\HP
2016-01-03 18:00 - 2016-01-03 18:04 - 00000000 ____D C:\Users\William\AppData\Local\HP
2016-01-03 17:53 - 2016-01-11 11:09 - 00000000 ____D C:\Users\William\AppData\Local\Hewlett-Packard
2016-01-03 17:53 - 2016-01-03 17:57 - 00000000 ____D C:\Users\William\Downloads\HP Downloads
2016-01-03 17:52 - 2016-01-07 08:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-01-03 17:52 - 2016-01-03 18:03 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-01-01 14:25 - 2016-01-01 14:26 - 00000000 ____D C:\Users\William\Downloads\Write. Publish. Repeat Guide to Self-Publishing Success - Johnny Truant & Sean Platt [Epub & Mobi] [StormRG]
2016-01-01 14:24 - 2016-01-01 14:24 - 00000000 ____D C:\Users\William\Downloads\Digital Writer Success How to Make a Living Blogging, Freelance Writing, & Publishing 2015 {PRG}
2016-01-01 14:11 - 2016-01-01 15:03 - 00000000 ____D C:\Users\William\Downloads\Lynda - Ebook Publishing Fundamentals
2016-01-01 14:10 - 2016-01-01 14:12 - 01407040 _____ C:\Users\William\Downloads\Developmental Editing A Handbook Scott Norton.pdf
2016-01-01 13:56 - 2016-01-01 14:11 - 00000000 ____D C:\Users\William\Downloads\Kindle Publishing - Format, Publish & Promote your Books on Kindle
2016-01-01 11:28 - 2016-01-01 11:28 - 00000000 ____D C:\Users\William\AppData\Roaming\SanDisk
2016-01-01 11:28 - 2016-01-01 11:28 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2015-12-31 15:54 - 2015-12-31 15:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-30 22:57 - 2016-01-14 11:13 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-30 22:54 - 2015-12-30 22:54 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-30 22:54 - 2015-12-30 22:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-30 22:54 - 2015-12-30 22:54 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-30 22:54 - 2015-12-30 22:54 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-30 22:54 - 2015-12-30 22:54 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-30 22:54 - 2015-12-30 22:54 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-30 22:54 - 2015-12-30 22:54 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-30 22:54 - 2015-12-30 22:54 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-30 22:54 - 2015-12-30 22:54 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 00000000 ____D C:\Windows.old
2015-12-30 22:46 - 2015-12-30 22:46 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-30 22:44 - 2016-01-09 13:30 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\Program Files\MSBuild
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-30 22:44 - 2015-12-30 22:44 - 00000000 ____D C:\inetpub
2015-12-30 22:43 - 2015-10-24 12:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-30 22:43 - 2015-10-24 12:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-30 22:43 - 2015-10-24 12:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-30 22:43 - 2015-10-24 12:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-30 22:43 - 2015-10-24 12:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-30 22:43 - 2015-10-24 12:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-30 14:33 - 2015-12-30 14:54 - 00000000 ____D C:\Users\William\Downloads\Software
2015-12-30 14:33 - 2015-12-07 15:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-30 14:33 - 2015-12-07 15:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-30 14:33 - 2015-12-07 15:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-30 14:33 - 2015-12-07 15:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-30 14:33 - 2015-12-07 15:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-30 14:33 - 2015-12-07 15:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-30 14:33 - 2015-12-07 15:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-30 14:33 - 2015-12-07 15:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-30 14:33 - 2015-12-07 15:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-30 14:33 - 2015-12-07 14:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-30 14:33 - 2015-12-07 14:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-30 14:33 - 2015-12-07 14:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-30 14:33 - 2015-12-07 14:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-30 14:33 - 2015-12-07 14:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-30 14:33 - 2015-12-07 14:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-30 14:33 - 2015-12-07 14:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-30 14:33 - 2015-12-07 14:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-30 14:33 - 2015-12-07 14:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-30 14:33 - 2015-12-07 14:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-30 14:33 - 2015-12-07 14:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-30 14:33 - 2015-12-07 14:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-30 14:33 - 2015-12-07 14:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-30 14:32 - 2015-12-07 15:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-30 14:32 - 2015-12-07 15:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-30 14:32 - 2015-12-07 15:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-30 14:32 - 2015-12-07 15:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-30 14:32 - 2015-12-07 15:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-30 14:32 - 2015-12-07 15:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-30 14:32 - 2015-12-07 15:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-30 14:32 - 2015-12-07 15:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-30 14:32 - 2015-12-07 15:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-30 14:32 - 2015-12-07 15:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-30 14:32 - 2015-12-07 15:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-30 14:32 - 2015-12-07 15:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-30 14:32 - 2015-12-07 15:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-30 14:32 - 2015-12-07 15:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-30 14:32 - 2015-12-07 15:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-30 14:32 - 2015-12-07 15:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-30 14:32 - 2015-12-07 15:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-30 14:32 - 2015-12-07 15:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-30 14:32 - 2015-12-07 15:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-30 14:32 - 2015-12-07 15:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-30 14:32 - 2015-12-07 15:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-30 14:32 - 2015-12-07 15:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-30 14:32 - 2015-12-07 15:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-30 14:32 - 2015-12-07 15:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-30 14:32 - 2015-12-07 15:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-30 14:32 - 2015-12-07 14:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-30 14:32 - 2015-12-07 14:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-30 14:32 - 2015-12-07 14:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-30 14:32 - 2015-12-07 14:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-30 14:32 - 2015-12-07 14:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-30 14:32 - 2015-12-07 14:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-30 14:32 - 2015-12-07 14:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-30 14:32 - 2015-12-07 14:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-30 14:32 - 2015-12-07 14:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-30 14:32 - 2015-12-07 14:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-30 14:32 - 2015-12-07 14:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-30 14:32 - 2015-12-07 14:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-30 14:32 - 2015-12-07 14:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-30 14:32 - 2015-12-07 14:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-30 14:32 - 2015-12-07 14:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-30 14:32 - 2015-12-07 14:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-30 14:32 - 2015-12-07 14:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-30 14:32 - 2015-12-07 14:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-30 14:32 - 2015-12-07 14:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-30 14:32 - 2015-12-07 14:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-30 14:31 - 2015-12-30 14:55 - 00000000 ____D C:\Users\William\Downloads\Wordpress + Themes
2015-12-30 14:25 - 2016-01-14 08:23 - 00000000 ____D C:\Users\William\Downloads\Movies
2015-12-30 14:25 - 2016-01-03 16:30 - 00000000 ____D C:\Users\William\Downloads\Books + Audio
2015-12-30 09:44 - 2015-12-30 09:44 - 00000000 ____D C:\Users\William\AppData\Local\ActiveSync
2015-12-30 09:42 - 2015-12-30 09:42 - 00000020 ___SH C:\Users\William\ntuser.ini
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-30 04:29 - 2015-12-30 04:29 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-30 04:25 - 2016-01-21 18:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 04:16 - 2016-01-09 12:52 - 00001483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-12-30 04:16 - 2015-12-30 04:16 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-12-30 04:11 - 2015-12-30 04:11 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-30 04:10 - 2015-12-30 04:18 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-30 04:07 - 2016-01-25 12:12 - 00000000 ____D C:\Users\William
2015-12-30 04:07 - 2016-01-22 20:05 - 01013696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-30 04:07 - 2016-01-21 18:53 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-30 04:07 - 2015-12-30 04:07 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\William\My Documents
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\William\Documents\My Videos
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\William\Documents\My Pictures
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\William\Documents\My Music
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-30 04:07 - 2015-12-30 04:07 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-30 04:03 - 2016-01-15 08:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-30 04:03 - 2015-12-30 04:11 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-12-30 04:03 - 2015-12-30 04:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-30 04:03 - 2015-12-30 04:03 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-30 04:03 - 2015-12-30 04:03 - 00000000 ____D C:\Program Files\Realtek
2015-12-30 04:01 - 2015-10-30 18:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-30 03:58 - 2016-01-07 08:43 - 05106152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 14:38 - 2015-08-31 21:52 - 00000000 ____D C:\Users\William\Documents\Outlook Files
2016-01-25 14:38 - 2015-08-27 13:07 - 00000000 ____D C:\ProgramData\TEMP
2016-01-25 14:38 - 2015-08-26 21:26 - 00000000 ____D C:\Users\William\AppData\Roaming\Skype
2016-01-25 14:27 - 2015-10-30 17:28 - 00000000 ____D C:\Windows
2016-01-25 14:07 - 2015-08-30 14:40 - 00001915 _____ C:\Users\William\AppData\Roaming\SAS7_000.DAT
2016-01-25 13:57 - 2015-08-26 15:46 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-25 13:57 - 2015-08-26 15:46 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-25 11:00 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-01-25 11:00 - 2015-09-03 10:15 - 00000000 ____D C:\Users\William\AppData\LocalLow\Temp
2016-01-25 09:36 - 2015-09-01 09:58 - 00000000 ____D C:\Users\William\AppData\Local\Packages
2016-01-25 09:34 - 2015-10-30 18:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-25 09:34 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-25 09:26 - 2015-08-26 18:02 - 00000000 ____D C:\Users\William\AppData\Local\Adobe
2016-01-25 09:21 - 2015-09-07 15:52 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{37EFB4ED-2F3B-4676-BA95-8A718C385F2A}
2016-01-24 12:20 - 2015-08-27 10:05 - 00000000 ___RD C:\Users\William\Google Drive
2016-01-24 11:51 - 2015-11-25 12:28 - 00004400 _____ C:\WINDOWS\SysWOW64\EasyRedirect.ini
2016-01-24 11:51 - 2015-08-28 10:34 - 00002280 _____ C:\WINDOWS\SysWOW64\EasyRedirectOff.ini
2016-01-24 11:51 - 2015-08-28 10:34 - 00002280 _____ C:\WINDOWS\system32\EasyRedirectOff.ini
2016-01-24 10:38 - 2015-08-26 17:52 - 00000000 ___RD C:\Users\William\OneDrive
2016-01-24 07:17 - 2015-10-30 18:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-24 07:16 - 2015-10-30 21:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-23 19:16 - 2015-08-28 16:05 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2016-01-23 12:32 - 2015-09-01 23:14 - 00000000 ____D C:\Users\William\Documents\Calibre Library
2016-01-23 11:38 - 2015-09-01 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-01-23 11:38 - 2015-09-01 23:13 - 00000000 ____D C:\Program Files\Calibre2
2016-01-22 20:05 - 2015-10-30 18:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-21 18:54 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\IME
2016-01-21 18:53 - 2015-10-29 14:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-21 18:53 - 2015-08-26 21:49 - 00000000 ____D C:\Program Files\Adobe
2016-01-21 18:52 - 2015-08-28 15:37 - 00000000 ____D C:\Program Files (x86)\Color Schemer Studio
2016-01-21 18:52 - 2015-08-26 18:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-21 18:49 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\registration
2016-01-21 18:47 - 2015-08-26 18:04 - 00000000 ____D C:\ProgramData\Adobe
2016-01-21 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-21 18:42 - 2015-08-31 22:46 - 00000000 ____D C:\Users\William\AppData\Local\ElevatedDiagnostics
2016-01-20 17:45 - 2015-08-27 12:23 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
2016-01-20 06:59 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-01-20 06:58 - 2015-10-30 17:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-20 03:36 - 2015-11-28 14:52 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-20 03:36 - 2015-10-02 14:29 - 00000000 ____D C:\WINDOWS\AutoKMS
2016-01-20 03:36 - 2015-09-04 18:46 - 00000000 ____D C:\ProgramData\Easy-Hide-IP VPN
2016-01-20 03:36 - 2015-09-01 11:12 - 00000000 ____D C:\ProgramData\Brother
2016-01-20 03:36 - 2015-08-26 15:48 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-01-20 03:36 - 2015-08-26 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-19 08:49 - 2015-10-30 21:23 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-01-19 08:39 - 2015-08-26 21:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-18 15:03 - 2015-12-17 17:20 - 00000000 ____D C:\WINDOWS\system32\log
2016-01-15 20:34 - 2015-08-26 18:05 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 20:33 - 2015-08-26 18:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 14:00 - 2015-09-01 13:36 - 00001456 _____ C:\Users\William\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-15 03:31 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-15 03:30 - 2015-11-12 17:39 - 00000000 ____D C:\ProgramData\Origin
2016-01-14 14:15 - 2015-11-12 17:39 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-01-14 12:22 - 2015-10-30 18:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-14 12:21 - 2015-08-26 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 12:13 - 2015-08-26 19:01 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-14 11:13 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-14 10:02 - 2015-12-09 19:27 - 00000001 _____ C:\WINDOWS\SysWOW64\au.html
2016-01-09 12:53 - 2015-11-10 16:18 - 00001023 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-01-09 12:53 - 2015-10-08 15:44 - 00001906 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-09 12:53 - 2015-09-01 10:04 - 00002407 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-09 12:52 - 2015-11-20 16:35 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Invoice Invoicing Software.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-09 12:52 - 2015-10-30 21:12 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-09 12:52 - 2015-10-29 14:40 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-01-09 12:52 - 2015-10-29 14:39 - 00001268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-01-09 12:52 - 2015-10-29 14:38 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-01-09 12:52 - 2015-10-29 14:37 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-01-09 12:52 - 2015-10-29 14:35 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-01-09 12:52 - 2015-10-29 14:35 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-01-09 12:52 - 2015-10-29 14:33 - 00001465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-01-09 12:52 - 2015-08-28 15:55 - 00001212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC.lnk
2016-01-09 12:52 - 2015-08-27 12:14 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-09 12:51 - 2015-08-30 14:35 - 00002787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking.lnk
2016-01-09 12:51 - 2015-08-30 14:35 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-01-09 12:51 - 2015-08-28 14:19 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AbsoluteFTP.lnk
2016-01-09 12:51 - 2015-08-27 15:22 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-01-09 12:51 - 2015-08-26 21:25 - 00000000 ____D C:\ProgramData\Skype
2016-01-07 08:51 - 2015-08-28 10:14 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-07 08:45 - 2015-10-29 09:43 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-01-03 18:03 - 2015-08-26 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-03 12:40 - 2015-10-30 18:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 12:40 - 2015-10-30 18:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 23:03 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-31 23:03 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-31 11:25 - 2015-09-01 09:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-31 11:10 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-30 22:57 - 2015-10-30 18:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-30 22:54 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-30 22:54 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-30 22:54 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-30 22:54 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-30 22:54 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-30 22:54 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-30 22:51 - 2015-10-30 20:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-30 22:50 - 2015-10-30 20:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-30 22:50 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-12-30 22:50 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-30 22:50 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-30 22:50 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\servicing
2015-12-30 22:44 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-30 22:44 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-30 22:44 - 2015-10-30 18:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-30 22:44 - 2015-10-30 18:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-30 22:44 - 2015-10-30 18:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-30 22:44 - 2015-10-30 18:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-30 22:44 - 2015-10-30 18:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-30 22:44 - 2015-10-30 18:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-30 22:44 - 2015-10-30 18:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-30 22:44 - 2015-10-30 18:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-30 22:44 - 2015-10-30 18:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-30 22:44 - 2015-10-30 18:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-30 22:44 - 2015-10-30 18:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-30 22:44 - 2015-10-30 18:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-30 22:44 - 2015-10-30 18:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-30 22:44 - 2015-10-30 18:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-30 22:44 - 2015-10-30 18:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-30 22:44 - 2015-10-30 18:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-30 22:44 - 2015-10-30 18:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-30 14:31 - 2015-10-20 14:57 - 00000000 ____D C:\Users\William\Downloads\Divi
2015-12-30 10:10 - 2015-08-26 17:27 - 00000000 ____D C:\Users\William\AppData\Local\Microsoft Help
2015-12-30 10:01 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-30 09:43 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-30 09:43 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-30 04:31 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-30 04:29 - 2015-10-30 17:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-30 04:29 - 2015-09-01 09:15 - 00027594 _____ C:\WINDOWS\diagerr.xml
2015-12-30 04:29 - 2015-09-01 09:15 - 00026673 _____ C:\WINDOWS\diagwrn.xml
2015-12-30 04:27 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-30 04:26 - 2015-09-01 09:55 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-30 04:25 - 2015-12-14 10:52 - 00002388 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-12-30 04:25 - 2015-12-14 10:52 - 00002336 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-12-30 04:25 - 2015-12-14 10:52 - 00002332 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-12-30 04:25 - 2015-12-14 10:52 - 00002318 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-12-30 04:25 - 2015-12-14 10:52 - 00002314 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-12-30 04:25 - 2015-12-11 09:01 - 00002302 _____ C:\WINDOWS\System32\Tasks\{B3DA421D-B89F-40B6-89D3-301D0D42336E}
2015-12-30 04:25 - 2015-11-07 10:12 - 00002554 _____ C:\WINDOWS\System32\Tasks\Format Factory
2015-12-30 04:25 - 2015-10-30 21:23 - 00003108 _____ C:\WINDOWS\System32\Tasks\KMSAutoNet
2015-12-30 04:25 - 2015-08-28 15:57 - 00002762 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-William-PC-William
2015-12-30 04:25 - 2015-08-28 14:08 - 00002338 _____ C:\WINDOWS\System32\Tasks\{4B030D35-1FEF-4FDC-969F-0E1DA02DC625}
2015-12-30 04:25 - 2015-08-26 17:53 - 00002868 _____ C:\WINDOWS\System32\Tasks\{B882A51C-5159-43AD-BBCE-530A67C9AD40}
2015-12-30 04:25 - 2015-08-26 15:46 - 00003440 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-30 04:25 - 2015-08-26 15:46 - 00003216 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-30 04:24 - 2015-10-30 18:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-30 04:24 - 2015-10-30 18:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-30 04:18 - 2015-12-16 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2015-12-30 04:18 - 2015-12-15 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
2015-12-30 04:18 - 2015-12-14 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-12-30 04:18 - 2015-12-12 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-30 04:18 - 2015-12-11 09:31 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-30 04:18 - 2015-12-04 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2015-12-30 04:18 - 2015-11-30 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-12-30 04:18 - 2015-11-28 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2015-12-30 04:18 - 2015-11-27 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atomic Email Hunter
2015-12-30 04:18 - 2015-11-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Hide-IP VPN
2015-12-30 04:18 - 2015-11-12 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-12-30 04:18 - 2015-11-12 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-30 04:18 - 2015-11-07 10:24 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-12-30 04:18 - 2015-10-30 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-30 04:18 - 2015-09-28 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cepstral
2015-12-30 04:18 - 2015-09-24 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-30 04:18 - 2015-09-05 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobirise
2015-12-30 04:18 - 2015-09-03 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Reader
2015-12-30 04:18 - 2015-09-01 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-12-30 04:18 - 2015-08-31 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-12-30 04:18 - 2015-08-30 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking
2015-12-30 04:18 - 2015-08-28 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-30 04:18 - 2015-08-28 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2015-12-30 04:18 - 2015-08-28 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Color Schemer Studio
2015-12-30 04:18 - 2015-08-28 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbsoluteFTP
2015-12-30 04:18 - 2015-08-28 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-12-30 04:18 - 2015-08-27 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-12-30 04:18 - 2015-08-27 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboFTP
2015-12-30 04:18 - 2015-08-27 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7
2015-12-30 04:18 - 2015-08-27 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-30 04:18 - 2015-08-26 21:50 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-30 04:18 - 2015-08-26 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2015-12-30 04:18 - 2015-08-26 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-12-30 04:18 - 2015-08-26 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte Technology Corp
2015-12-30 04:16 - 2015-07-10 20:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-30 04:12 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-30 04:12 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-30 04:12 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-30 04:12 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-30 04:12 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-30 04:12 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-30 04:12 - 2015-08-26 21:13 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-30 04:12 - 2015-08-26 20:43 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-30 04:11 - 2015-12-10 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-30 04:11 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-30 04:11 - 2015-08-26 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2015-12-30 04:11 - 2015-08-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-12-30 04:06 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-30 03:58 - 2015-10-30 20:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-30 03:30 - 2015-10-30 20:42 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== Files in the root of some directories =======
 
2015-10-05 12:06 - 2015-10-28 17:37 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-01-07 13:31 - 2016-01-14 11:56 - 0000132 _____ () C:\Users\William\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-04 16:10 - 2015-12-04 16:10 - 0000046 _____ () C:\Users\William\AppData\Roaming\Camdata.ini
2015-12-04 16:10 - 2015-12-04 16:10 - 0000408 _____ () C:\Users\William\AppData\Roaming\CamLayout.ini
2015-12-04 16:10 - 2015-12-04 16:10 - 0000408 _____ () C:\Users\William\AppData\Roaming\CamShapes.ini
2015-12-04 16:10 - 2015-12-04 16:10 - 0004536 _____ () C:\Users\William\AppData\Roaming\CamStudio.cfg
2015-09-02 10:40 - 2015-09-04 10:37 - 0025323 _____ () C:\Users\William\AppData\Roaming\Comma Separated Values.ADR
2015-08-30 14:40 - 2016-01-25 14:07 - 0001915 _____ () C:\Users\William\AppData\Roaming\SAS7_000.DAT
2015-12-04 12:24 - 2015-12-04 12:24 - 0000096 _____ () C:\Users\William\AppData\Roaming\version2.xml
2015-09-01 13:36 - 2016-01-15 14:00 - 0001456 _____ () C:\Users\William\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-25 14:12 - 2016-01-25 14:12 - 0017173 _____ () C:\Users\William\AppData\Local\recently-used.xbel
2015-09-01 13:24 - 2015-09-01 13:24 - 0000017 _____ () C:\Users\William\AppData\Local\resmon.resmoncfg
2016-01-03 18:01 - 2016-01-03 18:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\William\AppData\Local\Temp\amd-catalyst-15.7.1-win10-64bit.exe
C:\Users\William\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\William\AppData\Local\Temp\Cleanup.dll
C:\Users\William\AppData\Local\Temp\ddu.exe
C:\Users\William\AppData\Local\Temp\msvcm80.dll
C:\Users\William\AppData\Local\Temp\msvcp80.dll
C:\Users\William\AppData\Local\Temp\msvcr80.dll
C:\Users\William\AppData\Local\Temp\raptrpatch.exe
C:\Users\William\AppData\Local\Temp\raptr_stub.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-22 13:24
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 PM

Posted 26 January 2016 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Extension: (Fairshare Unlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae [2016-01-08]
CHR Extension: (Poppit!) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-01-18]
S3 Origin Client Service; "C:\Users\Public\Desktop\Origin\OriginClientService.exe" [X]
S2 WSModules; "C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe" [X]
U3 idsvc; no ImagePath
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt file and include also the Addition.txt file that was created by the Farbar tool.


Windows Defender finds them but never gets rid of them

If the problem persists please give me some details as to what is identified and not removed by Windows Defender.

#3 paintboxz

paintboxz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 26 January 2016 - 05:54 PM

Hi nasdaq, thanks for help me, I appreciate your assistance.

I have completed the tasks with FRST and the text file fixlist

I have also attached the resulting files as asked for:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-01-2016

Ran by William (2016-01-27 09:30:47) Run:1
Running from C:\Users\William\Desktop\BleepingComputer
Loaded Profiles: William (Available Profiles: William & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Extension: (Fairshare Unlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae [2016-01-08]
CHR Extension: (Poppit!) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-01-18]
S3 Origin Client Service; "C:\Users\Public\Desktop\Origin\OriginClientService.exe" [X]
S2 WSModules; "C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe" [X]
U3 idsvc; no ImagePath
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File) => not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae => moved successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully
Origin Client Service => service removed successfully
WSModules => service removed successfully
idsvc => service removed successfully
RTVLANPT => service removed successfully
"C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae" => not found.
"C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => not found.
EmptyTemp: => 8.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:36:13 ====
 
 
 
..................................................................................................................................................................................
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by William (2016-01-25 14:39:09)
Running from C:\Users\William\Desktop\BleepingComputer
Windows 10 Pro (X64) (2015-12-29 17:30:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3624931555-994906809-619854106-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3624931555-994906809-619854106-503 - Limited - Disabled)
Guest (S-1-5-21-3624931555-994906809-619854106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3624931555-994906809-619854106-1002 - Limited - Enabled)
William (S-1-5-21-3624931555-994906809-619854106-1000 - Administrator - Enabled) => C:\Users\William
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version:  - PDFZilla)
64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atomic Email Hunter (HKLM-x32\...\Atomic Email Hunter_is1) (Version: 3.50 - AtomPark Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{C569C9D1-CE3A-454C-9642-37FDFC6B628D}) (Version: 2.49.0 - Kovid Goyal)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Cepstral Lawrence 6.2.3 (HKLM\...\{B8713894-F069-451D-830C-BF7E5399E202}) (Version: 6.2.3.801 - Cepstral LLC)
ClamWin Free Antivirus 0.99 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Color Schemer Studio (HKLM-x32\...\Color Schemer Studio_is1) (Version: Studio v1.5 - Color Schemer)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{8616305F-122C-4341-9C37-47A9CD322AB2}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x32 Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x32 Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X7 (x32 Version: 17.1 - Corel Corporation) Hidden
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Easy-Hide-IP VPN 3.4.1.0 (HKLM-x32\...\EasyHideIPVPN_is1) (Version: 3.4.1.0 - Easy-Hide-IP VPN)
Express Invoice Invoicing Software (HKLM-x32\...\ExpressInvoice) (Version: 4.32 - NCH Software)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - GIGABYTE Technologies, Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Help (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Codec Pack 11.8.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.5 - KLCP)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mobirise (HKLM-x32\...\Mobirise_is1) (Version:  - )
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
OmmWriter (HKLM-x32\...\{804002A3-ACF2-4DF4-9BD2-092A4F738C73}) (Version: 0.1.0.15 - Herraiz & Soto)
Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picexa (HKLM-x32\...\Picexa) (Version:  - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sansa Updater (HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Sansa Updater) (Version:  - SanDisk Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SPAMfighter (HKLM-x32\...\SPAMfighter) (Version: 7.6.127 - Spamfighter ApS)
SPAMfighter (x32 Version: 7.6.127 - Spamfighter ApS) Hidden
Spotify (HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.14.49.1020 - Electronic Arts Inc.)
Tixati (HKLM-x32\...\tixati) (Version:  - )
TurboFTP (remove only) (HKLM\...\TurboFTP) (Version:  - )
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Van Dyke Technologies AbsoluteFTP 1.9 (HKLM-x32\...\AbsoluteFTP) (Version:  - )
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3624931555-994906809-619854106-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3624931555-994906809-619854106-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {034B1899-07F1-4CDF-91DD-F2AF12E88078} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C08E70A-7847-4762-AFD4-EC665F0E4F89} - \chroomiumCheckTask -> No File <==== ATTENTION
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0E2E0F03-15B5-4D77-B7D8-F0B28CFEC73D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1218DF20-4B4F-4AEE-BCB0-DEE1FFDB1B90} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {12DD919D-CA05-48D5-859F-7977446E42CF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1429BF80-224D-4434-8F28-B1DB87C8FBB2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {1786ACE3-E2A5-40CF-BCB7-A01AA973A916} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1B9D1CC3-151C-4EFC-AFAB-5269658986E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1E75A83B-E522-4EB0-B890-475E9B05F7C4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {22891273-FAF9-4AD6-92B5-48279A4A7AA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {28C9CDD1-A488-42D3-A2B4-C9D9FD8DCABF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {28CFC1B1-6F53-4962-9EB6-607AED6C24AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {30D12235-50C3-41BF-B2E6-5F13A75D574E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {3476FAD8-DCCC-40C7-B5D1-56C3586B6C0F} - System32\Tasks\{B3DA421D-B89F-40B6-89D3-301D0D42336E} => pcalua.exe -a C:\Users\William\AppData\Roaming\yoursearching\UninstallManager.exe -c  -ptid=cor
Task: {36808800-73FA-4B3B-A552-72D9745F1DB7} - \chroomiumBrowserUpdateUA -> No File <==== ATTENTION
Task: {3E0406FF-F892-4F7A-B6B5-084CA92FC11D} - System32\Tasks\{B882A51C-5159-43AD-BBCE-530A67C9AD40} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Windows Live\.cache\6bc9dd781d0dfcb04\onedrivesetup.exe" -d "C:\Program Files (x86)\Common Files\Windows Live\.cache\6bc9dd781d0dfcb04" -c C:\Program Files (x86)\Common Files\Windows Live\.cache\6bc9dd781d0dfcb04\onedrivesetup.exe /silent  /permachine  /silent  /childprocess /cusid:S-1-5-21-3624931555-994906809-619854106-1000
Task: {4C38D023-D89A-4823-998C-0CBC64B91B74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4D51B886-5305-4F0D-9F38-A29C1EBAF634} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {521FEA75-1FE6-4140-B611-644EF6CA683F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {544AFA54-3208-48AB-81C1-AA96B645BCD1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5C21E0F2-39F5-4909-97E8-55AD197E5D76} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5F0229C6-31BF-4605-A22F-71E000D9AF91} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {610AB19C-2A09-490C-B419-E64F738D98A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6495A699-1748-4C88-A68D-CEEE2B7949CA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {65C54F06-497F-470C-8B3C-1E2E7BF4D614} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {665BEC04-F0D8-4060-87AE-FFF39463A817} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {74F4F4EA-93CF-463F-99F3-DC83241C6B5A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {77C86379-7F47-4D3F-803F-17A78DA5F1D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-08] (Microsoft Corporation)
Task: {7DC0B546-5706-4624-ACE9-348E1E547ED9} - \chroomiumBrowserUpdateCore -> No File <==== ATTENTION
Task: {81771583-3E52-4D5A-862D-7981BF97EFE0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {82E8FB9E-837B-4AC9-9F7F-0E0B7E3A5BAD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {92D618CB-101F-4E0D-97B7-7D9B430718E7} - \chroomiumBrowserUpdateUA -> No File <==== ATTENTION
Task: {92F5A283-4F2D-4BF4-A258-46DC44016EDB} - System32\Tasks\{4B030D35-1FEF-4FDC-969F-0E1DA02DC625} => pcalua.exe -a "F:\Software\Adobe Type Manager Deluxe\ATMD INSTALL.EXE" -d "F:\Software\Adobe Type Manager Deluxe"
Task: {9D5BD474-ECE7-4909-8B68-489E9058F866} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A6B87175-08C9-4E1C-B987-04365A62A6D1} - \chroomiumCheckTask -> No File <==== ATTENTION
Task: {A8D3CA31-6B62-47C4-BC86-F113AF8E4FF2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {AA57BB3C-216A-458F-B299-D2020C522A78} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {AD62E343-07A4-4118-8FAF-4F2C68C85BA2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {B18D9CC9-1109-4DE1-8520-21306E3C3A4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B480AFCF-7DCB-4A05-AA98-38BBB233B5B4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B81795FB-3BB2-4383-B127-203857204AF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B89D56F0-189F-4130-AB14-25CC3588E08D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {BA8C74FB-13D4-4E65-A245-1DCA35F039FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-01-08] (Microsoft Corporation)
Task: {C180AD37-A121-4382-9C5B-C833EA2C9B78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-26] (Google Inc.)
Task: {C2DDB452-1CF4-45F5-A71F-2C23450A5F10} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C400F448-2D5E-485C-9298-D2F1F0B67C5C} - System32\Tasks\AdobeAAMUpdater-1.0-William-PC-William => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {D69AC7E5-4441-493D-8A13-D9B73965629F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {D85EDBF1-D888-4CE5-AA4F-BA09E95AF89B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D91E276D-6E85-4FD8-807A-24152AE81D6B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {DE6D1D76-A840-49AB-A151-916D0ADE2736} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {DF859131-B222-4A4F-BB2B-6265F76142ED} - \chroomiumBrowserUpdateCore -> No File <==== ATTENTION
Task: {DFB5EE82-E66C-458D-AA76-87FF465F7AE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E092FBC1-C16F-4FA2-8A2B-A4CD0FF976CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E0C69A0E-F3DD-4CE1-854E-D0266234C2AA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E29D94AD-00BC-4728-82A3-1D704BA05364} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {E80817D3-E913-4299-B436-50B903EBEB47} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBDD66F6-02FE-44B3-AAC2-DB6FC4669A8D} - System32\Tasks\Format Factory => C:\Users\William\AppData\Local\Temp\is-L2EJ7.tmp\prsetup.exe <==== ATTENTION
Task: {F2C219D2-B156-4B66-B000-3CF09F2D8589} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F7ABDAD8-4C34-4015-A9CE-CCCD96439FA2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F7B6683F-01E6-4530-9EA5-8716395FD820} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F8176502-72F6-49AD-B7A3-634F99405F1E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F89D9701-7744-451A-8CD9-C54621E5B05C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {F9046081-1CB2-4A4C-862E-5DA6C1FC066F} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-23] (Advanced Micro Devices, Inc.)
Task: {FAFACA53-B903-42BF-BDA7-DFA995E54164} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-10-02] ()
Task: {FDDC40DF-08DA-4680-96A1-04D1F589E887} - System32\Tasks\HPCeeScheduleForWilliam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {FFBDFE93-644E-4D2E-9A32-EDC4573F7926} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-11 18:12 - 2015-05-11 18:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-11-25 12:27 - 2015-09-12 09:02 - 00013744 _____ () C:\Program Files (x86)\Easy-Hide-IP VPN\eh.vpn.service.exe
2015-08-26 13:31 - 2010-09-07 20:46 - 00072280 _____ () C:\Windows\SysWOW64\XSrvSetup.exe
2016-01-13 19:05 - 2016-01-13 12:15 - 00308016 _____ () C:\ProgramData\Google\update\GoogleUpdate.exe
2015-10-30 18:18 - 2015-10-30 18:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-30 21:08 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-22 09:32 - 2016-01-08 01:14 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-10-16 21:02 - 2015-10-16 21:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-04-11 12:23 - 2014-04-11 12:23 - 00137728 _____ () C:\Program Files\TurboFTP\tbshex.dll
2015-08-26 21:39 - 2008-04-20 03:35 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-12-30 22:54 - 2015-12-30 22:54 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-30 14:32 - 2015-12-07 15:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-30 14:32 - 2015-12-07 15:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-30 14:32 - 2015-12-07 15:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-13 16:32 - 2016-01-05 12:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 16:32 - 2016-01-05 12:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-13 16:32 - 2016-01-05 12:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-13 16:32 - 2016-01-05 12:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-22 09:34 - 2016-01-22 09:35 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-25 12:27 - 2015-09-12 09:02 - 00659888 _____ () C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
2015-09-01 11:12 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-01-22 09:31 - 2016-01-08 00:33 - 01064104 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2015-12-03 10:29 - 2015-12-03 10:29 - 00541216 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
2014-04-30 01:38 - 2014-04-30 01:38 - 00966688 _____ () C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
2016-01-22 09:32 - 2016-01-22 09:32 - 00452776 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2016-01-22 09:32 - 2016-01-08 00:34 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2015-10-16 21:02 - 2015-10-16 21:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-08-26 21:39 - 2005-02-09 03:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2015-08-26 21:39 - 2004-11-20 13:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2015-08-26 21:39 - 2004-10-12 06:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2015-08-26 21:39 - 2004-05-26 07:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2015-08-26 21:39 - 2004-05-26 07:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2015-08-26 21:39 - 2004-05-26 07:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2015-08-26 21:39 - 2004-05-26 07:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2015-08-26 21:39 - 2004-10-12 06:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2015-08-26 21:39 - 2004-11-20 13:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2015-08-26 21:39 - 2004-01-16 00:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2015-08-26 21:39 - 2004-11-20 13:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2015-08-26 21:39 - 2003-10-01 23:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2015-08-26 21:39 - 2003-10-01 21:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2015-08-26 21:39 - 2003-08-10 19:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2015-08-26 21:39 - 2004-05-26 07:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2015-08-26 21:39 - 2004-05-26 07:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00098816 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32api.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00110080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pywintypes27.dll
2016-01-24 10:38 - 2016-01-24 10:38 - 00364544 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pythoncom27.dll
2016-01-24 10:37 - 2016-01-24 10:37 - 00046080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_socket.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 01208320 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_ssl.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00320512 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32com.shell.shell.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00776704 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_hashlib.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 01176576 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._core_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00806400 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._gdi_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00816128 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._windows_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 01067008 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._controls_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00733184 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._misc_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00682496 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pysqlite2._sqlite.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00088064 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_ctypes.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00119808 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32file.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00108544 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32security.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00007168 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\hashobjs_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00017920 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\thumbnails_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00079360 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\usb_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00167936 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32gui.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00018432 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32event.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00128512 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_elementtree.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00127488 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pyexpat.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00013824 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\common.time34.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00036864 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_psutil_windows.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00038912 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32inet.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00525640 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\windows._lib_cacheinvalidation.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00011264 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32crypt.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00077312 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._html2.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00027136 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_multiprocessing.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00020480 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_yappi.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00035840 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32process.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00686080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\unicodedata.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00123392 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._wizard.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00024064 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32pipe.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00010240 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\select.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00025600 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32pdh.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00017408 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32profile.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00022528 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32ts.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00078848 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._animate.pyd
2016-01-22 09:34 - 2016-01-22 09:35 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 09:34 - 2016-01-22 09:35 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-22 09:32 - 2016-01-08 00:34 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-01-19 09:53 - 2016-01-13 03:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-19 09:53 - 2016-01-13 03:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2014-06-04 13:07 - 2014-06-04 13:07 - 00555888 _____ () c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Draw\PsiClient.dll
2016-01-25 11:01 - 2016-01-25 11:01 - 00231160 _____ () C:\ProgramData\WebEx\webex\500\ATJPEG60.DLL
2016-01-22 09:29 - 2016-01-22 09:29 - 00149160 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:EC76150E
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3624931555-994906809-619854106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\William\Desktop\aaart\gauguin122.JPG
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "CommonToolkitTray"
HKLM\...\StartupApproved\Run32: => "sfagent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "GoPro Studio Importer"
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3624931555-994906809-619854106-1000\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B296C953-9EEB-4109-AEF5-E201164E0CEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{935BEC9B-D7DD-450E-B9CE-4BF4E48EF02F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{461268C3-7CBF-4EEA-BA19-55391C314E59}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8310CC08-CBC1-4B14-B864-2020EC5CF9FB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{278A04C4-6EDD-446E-A6C0-B84A40284F7C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6E2AB1D-97F2-462A-9107-AA12A61D1012}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E5E6AD9D-36C8-4BB3-ADA2-D7DADC567B17}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{631A715D-E890-4D68-BD07-0CE4C772D4A5}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{DF63F724-4C4F-4E8B-A639-9AA4B7A10C23}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{C88DC9F6-607E-49A7-8D48-CB22F62E2E06}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{2A6669C5-DFC2-4DF8-9DCB-359ADE848295}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{3AE38F82-A8BE-49FE-8994-72728477FCC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DCA9A89F-A725-4BB8-A3C5-D085EEE7CC30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ED4BA7A9-838F-40F9-BDB3-ABD0DF1ABC8D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{1627A6EA-F48D-4CD0-8A4A-3158FBCEC753}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8D9800B8-BF80-4F24-BDE0-77EEB10B0339}C:\users\william\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\william\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A5B2E5AA-D970-4081-AE8D-7003CE587B34}C:\users\william\desktop\microsoft toolkit.exe] => (Allow) C:\users\william\desktop\microsoft toolkit.exe
FirewallRules: [TCP Query User{20EA47DE-A97F-4578-ADF6-D80584DAF1A9}C:\users\william\desktop\microsoft toolkit.exe] => (Allow) C:\users\william\desktop\microsoft toolkit.exe
FirewallRules: [UDP Query User{ABF710C9-31EA-40BD-86EC-6E87F5A836C9}\\10.1.1.4\website_files\_software\microsoft office proplus 2013 vl x64 en-us aug2013\microsoft toolkit.exe] => (Block) \\10.1.1.4\website_files\_software\microsoft office proplus 2013 vl x64 en-us aug2013\microsoft toolkit.exe
FirewallRules: [TCP Query User{6FE63BC2-0D3D-4A87-81BB-64349BCD7CA2}\\10.1.1.4\website_files\_software\microsoft office proplus 2013 vl x64 en-us aug2013\microsoft toolkit.exe] => (Block) \\10.1.1.4\website_files\_software\microsoft office proplus 2013 vl x64 en-us aug2013\microsoft toolkit.exe
FirewallRules: [{F7AD10C9-59C1-43F7-8204-60C65CC37969}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37FEB60A-00C3-4263-97F2-FABB7FFDED04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACE2417F-8897-4052-B969-A21C6D215016}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6571F0CF-5917-499E-A397-E4D42F148A54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4761116E-1F17-49BA-B8BB-9A7D5BE0182C}] => (Allow) C:\Users\William\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{BAAFA479-3CBA-44E1-8C11-CC8C63AF51CB}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{7D6BBA1C-B6C3-43AC-A052-37EE85263BFC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{BBF34953-4FE4-4BAD-945F-9AAF1F1B7EC5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0FF07163-D042-4F46-A2CD-0D8BBDED518A}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
FirewallRules: [TCP Query User{D7AB4DC4-45D8-4CCF-B4FA-57750E62B7B2}C:\program files (x86)\easy-hide-ip vpn\easy.hide.ip.vpn.exe] => (Allow) C:\program files (x86)\easy-hide-ip vpn\easy.hide.ip.vpn.exe
FirewallRules: [UDP Query User{FA5FEC63-708E-4AA7-8B59-4C87EE19AB04}C:\program files (x86)\easy-hide-ip vpn\easy.hide.ip.vpn.exe] => (Allow) C:\program files (x86)\easy-hide-ip vpn\easy.hide.ip.vpn.exe
FirewallRules: [TCP Query User{6F213017-75E2-443A-B6D1-038116330414}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{8109ED09-F5BB-4731-904C-CD75ECA643C7}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{FCD8F293-D21E-49F8-BD5E-DBEBFA7B5CB3}] => (Allow) LPort=51001
FirewallRules: [{16B0E0A7-3583-4BA6-A272-4EA203897E55}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe
FirewallRules: [{B77EC22F-D439-453B-BD41-FCBB2CE68D75}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2CF65AA2-7022-4681-8D43-80F4F7F51A72}] => (Allow) C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DF0DF992-7414-4539-BD6A-5C16D96166A8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9B353570-3009-4C04-A87B-3A632F082F92}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B0AD0363-0C42-4025-B909-AF19B787E997}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1523DA84-5F4F-4E53-88B9-FCA35E3C2277}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{F411CE19-5613-4CBD-89EA-4AE8C45D884A}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{537A9C8F-B94A-4B54-860D-CD1646B259BC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{2AF42169-75C8-470E-ADFA-DE7A2D7FE1FE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{5F1101CD-EE82-4736-A021-3C278B6730B9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{E863AAD1-FAF6-4358-B2E3-580ACB8EC973}] => (Allow) C:\Program Files (x86)\chroomium Browser\chroomium\chrome.exe
FirewallRules: [{E95296D8-71F1-49E3-B442-85C5F6EB569D}] => (Allow) C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe
FirewallRules: [{23B2CC90-D78A-494D-8E5B-F35F55F46FD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8AB9C6A4-F6EA-40F1-A7AA-F04F2ADD7F85}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{8BB67F9F-67DB-4BBA-958A-A50904DEDE10}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8BE9499F-C7B4-48E1-95F2-9978298D4F63}] => (Allow) C:\ProgramData\Google\update\GoogleUpdate.exe
 
==================== Restore Points =========================
 
23-01-2016 11:23:07 Installed calibre 64bit
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/25/2016 02:07:28 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (01/25/2016 02:07:01 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (01/25/2016 11:01:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56542a5e
Faulting module name: EasyRedirect64.dll, version: 2.3.3.1, time stamp: 0x54eef9bc
Exception code: 0xc0000005
Fault offset: 0x00000000000352d5
Faulting process ID: 0x3294
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (01/25/2016 10:57:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56542a5e
Faulting module name: EasyRedirect64.dll, version: 2.3.3.1, time stamp: 0x54eef9bc
Exception code: 0xc0000005
Fault offset: 0x00000000000352d5
Faulting process ID: 0x2414
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (01/25/2016 09:14:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x54dca1de
Faulting module name: EasyRedirect64.dll, version: 2.3.3.1, time stamp: 0x54eef9bc
Exception code: 0xc0000005
Fault offset: 0x00000000000352d5
Faulting process ID: 0x341c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report ID: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5
 
Error: (01/25/2016 09:14:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MOM.exe, version: 4.5.0.0, time stamp: 0x53ad0e3f
Faulting module name: EasyRedirect64.dll, version: 2.3.3.1, time stamp: 0x54eef9bc
Exception code: 0xc0000005
Fault offset: 0x00000000000352d5
Faulting process ID: 0x10c4
Faulting application start time: 0xMOM.exe0
Faulting application path: MOM.exe1
Faulting module path: MOM.exe2
Report ID: MOM.exe3
Faulting package full name: MOM.exe4
Faulting package-relative application ID: MOM.exe5
 
Error: (01/25/2016 09:14:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MOM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Net.UnsafeNclNativeMethods+SafeNetHandlesXPOrLater.freeaddrinfo(IntPtr)
   at System.Net.SafeFreeAddrInfo.ReleaseHandle()
   at System.Runtime.InteropServices.SafeHandle.InternalDispose()
   at System.Net.Dns.TryGetAddrInfo(System.String, System.Net.AddressInfoHints, System.Net.IPHostEntry ByRef)
   at System.Net.Dns.GetAddrInfo(System.String)
   at System.Net.Dns.InternalGetHostByName(System.String, Boolean)
   at System.Net.Dns.GetHostEntry(System.String)
   at System.Runtime.Remoting.Channels.CoreChannel.GetMachineName()
   at System.Runtime.Remoting.Channels.CoreChannel.UpdateCachedIPAddresses()
   at System.Runtime.Remoting.Channels.CoreChannel.OnNetworkAddressChanged(System.Object, System.EventArgs)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
 
Error: (01/25/2016 09:14:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at System.Net.UnsafeNclNativeMethods+SafeNetHandlesXPOrLater.freeaddrinfo(IntPtr)
   at System.Net.SafeFreeAddrInfo.ReleaseHandle()
   at System.Runtime.InteropServices.SafeHandle.InternalDispose()
   at System.Net.Dns.TryGetAddrInfo(System.String, System.Net.AddressInfoHints, System.Net.IPHostEntry ByRef)
   at System.Net.Dns.GetAddrInfo(System.String)
   at System.Net.Dns.InternalGetHostByName(System.String, Boolean)
   at System.Net.Dns.GetHostEntry(System.String)
   at System.Runtime.Remoting.Channels.CoreChannel.GetMachineName()
   at System.Runtime.Remoting.Channels.CoreChannel.UpdateCachedIPAddresses()
   at System.Runtime.Remoting.Channels.CoreChannel.OnNetworkAddressChanged(System.Object, System.EventArgs)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
 
Error: (01/25/2016 09:14:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: William-PC)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/24/2016 08:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1281
 
 
System errors:
=============
Error: (01/25/2016 02:14:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/25/2016 01:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/25/2016 12:14:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/25/2016 11:14:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/25/2016 10:13:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/25/2016 09:13:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/24/2016 07:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/24/2016 06:37:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/24/2016 05:37:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
Error: (01/24/2016 04:37:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Service Modules service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-01-25 14:23:13.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 14:23:13.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 14:18:05.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 14:18:05.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 14:17:11.871
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 14:17:11.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 12:11:00.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 12:11:00.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 11:03:44.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-25 11:03:44.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 661 @ 3.33GHz
Percentage of memory in use: 63%
Total physical RAM: 8119.49 MB
Available physical RAM: 3003.96 MB
Total Virtual: 16311.49 MB
Available Virtual: 8680.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:788.26 GB) (Free:581.67 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Storage) (Fixed) (Total:1074.22 GB) (Free:920.77 GB) NTFS
Drive h: (Spare Disc) (Fixed) (Total:465.66 GB) (Free:290.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D3E38742)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=788.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1074.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B8725541)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 PM

Posted 27 January 2016 - 08:43 AM


Remove this program via the Control Panel > Programs and Features appler.
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {034B1899-07F1-4CDF-91DD-F2AF12E88078} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C08E70A-7847-4762-AFD4-EC665F0E4F89} - \chroomiumCheckTask -> No File <==== ATTENTION
Task: {0E2E0F03-15B5-4D77-B7D8-F0B28CFEC73D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1786ACE3-E2A5-40CF-BCB7-A01AA973A916} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1E75A83B-E522-4EB0-B890-475E9B05F7C4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3476FAD8-DCCC-40C7-B5D1-56C3586B6C0F} - System32\Tasks\{B3DA421D-B89F-40B6-89D3-301D0D42336E} => pcalua.exe -a C:\Users\William\AppData\Roaming\yoursearching\UninstallManager.exe -c  -ptid=cor
Task: {36808800-73FA-4B3B-A552-72D9745F1DB7} - \chroomiumBrowserUpdateUA -> No File <==== ATTENTION
Task: {4C38D023-D89A-4823-998C-0CBC64B91B74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {544AFA54-3208-48AB-81C1-AA96B645BCD1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {610AB19C-2A09-490C-B419-E64F738D98A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7DC0B546-5706-4624-ACE9-348E1E547ED9} - \chroomiumBrowserUpdateCore -> No File <==== ATTENTION
Task: {92D618CB-101F-4E0D-97B7-7D9B430718E7} - \chroomiumBrowserUpdateUA -> No File <==== ATTENTION
Task: {A6B87175-08C9-4E1C-B987-04365A62A6D1} - \chroomiumCheckTask -> No File <==== ATTENTION
Task: {B18D9CC9-1109-4DE1-8520-21306E3C3A4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B81795FB-3BB2-4383-B127-203857204AF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DF859131-B222-4A4F-BB2B-6265F76142ED} - \chroomiumBrowserUpdateCore -> No File <==== ATTENTION
Task: {DFB5EE82-E66C-458D-AA76-87FF465F7AE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E092FBC1-C16F-4FA2-8A2B-A4CD0FF976CA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EBDD66F6-02FE-44B3-AAC2-DB6FC4669A8D} - System32\Tasks\Format Factory => C:\Users\William\AppData\Local\Temp\is-L2EJ7.tmp\prsetup.exe <==== ATTENTION
Task: {FAFACA53-B903-42BF-BDA7-DFA995E54164} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-10-02] ()
2016-01-24 10:38 - 2016-01-24 10:38 - 00098816 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32api.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00110080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pywintypes27.dll
2016-01-24 10:38 - 2016-01-24 10:38 - 00364544 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pythoncom27.dll
2016-01-24 10:37 - 2016-01-24 10:37 - 00046080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_socket.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 01208320 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_ssl.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00320512 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32com.shell.shell.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00776704 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_hashlib.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 01176576 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._core_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00806400 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._gdi_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00816128 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._windows_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 01067008 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._controls_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00733184 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._misc_.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00682496 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pysqlite2._sqlite.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00088064 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_ctypes.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00119808 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32file.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00108544 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32security.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00007168 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\hashobjs_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00017920 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\thumbnails_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00079360 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\usb_ext.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00167936 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32gui.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00018432 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32event.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00128512 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_elementtree.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00127488 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\pyexpat.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00013824 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\common.time34.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00036864 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_psutil_windows.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00038912 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32inet.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00525640 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\windows._lib_cacheinvalidation.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00011264 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32crypt.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00077312 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._html2.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00027136 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_multiprocessing.pyd
2016-01-24 10:37 - 2016-01-24 10:37 - 00020480 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\_yappi.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00035840 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32process.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00686080 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\unicodedata.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00123392 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._wizard.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00024064 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32pipe.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00010240 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\select.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00025600 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32pdh.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00017408 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32profile.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00022528 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\win32ts.pyd
2016-01-24 10:38 - 2016-01-24 10:38 - 00078848 _____ () C:\Users\William\AppData\Local\Temp\_MEI109402\wx._animate.pyd
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:EC76150E
C:\Users\William\AppData\Local\Temp\_MEI109402

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Please post the Fixlog.txt and let me know what problem persists.

#5 paintboxz

paintboxz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 28 January 2016 - 08:09 PM

After a Defender scan the only thing found was this which it has quarantined: TrojanDownloader: O97M/Adnel

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by William (2016-01-27 09:30:47) Run:1
Running from C:\Users\William\Desktop\BleepingComputer
Loaded Profiles: William (Available Profiles: William & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File)
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Extension: (Fairshare Unlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae [2016-01-08]
CHR Extension: (Poppit!) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-01-18]
S3 Origin Client Service; "C:\Users\Public\Desktop\Origin\OriginClientService.exe" [X]
S2 WSModules; "C:\Program Files (x86)\chroomium Browser\chroomium\bin\browserServer.exe" [X]
U3 idsvc; no ImagePath
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3000 J310 series (Network).lnk ->  (No File) => not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae => moved successfully
C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully
Origin Client Service => service removed successfully
WSModules => service removed successfully
idsvc => service removed successfully
RTVLANPT => service removed successfully
"C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\alecjlhgldihcjjcffgjalappiifdhae" => not found.
"C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => not found.
EmptyTemp: => 8.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:36:13 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 PM

Posted 29 January 2016 - 08:15 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 paintboxz

paintboxz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 29 January 2016 - 05:52 PM

Thank you vey much for all your help. I am grateful :) 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:18 PM

Posted 04 February 2016 - 08:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users