Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Access Through Trojan/Worm/Malware, Wifi Port Attacks


  • This topic is locked This topic is locked
17 replies to this topic

#1 grrrl2

grrrl2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 06 April 2016 - 03:02 AM

Hi, my windows 7 home premium pc, with a Ethernet router, was running BitDefender Security 2016 as my main AV and firewall. I had peerblock with various blacklists. I also had a few port / firewall watchers installed as well. I added them when I noticed BitDefender was acting strange - i.e all the sensitivities on the modules were lowered "by themselves", password access was denied and the "reset password" links disappeared. 

 

Also, when I would scan w/ BitDefender - I kept getting a notice to update firefox, because the version was old and could be exploited --- I uninstalled that program a year+ ago! I would do file search and the actual exe for that program would never appear, just old reg files.

 

My browsers IP was being hijacked. Hosts - 2 Computers mainly, were joining my network, my router's settings were being changed, local network dns changed, mac address changes to all devices. Also remotely someone was connecting their iphone and android devices to my computer, authorizing themselves to mine and my kid's kindles. Ultimately they put themselves with higher authority over my admin status on the pc, as to remain stealthy (I found their hidden user names) - configuring a dns server to file share, and BitDefender was used to dismantle my system (changing ini files and disabling system processes and updaters, enabling remote access), while they could gain access with no problem and reap the rewards.

 

I had to keep reseting my router passwords and resetting.

 

The big hurray was them turning my connection to public, getting bombarded by dns (?) attacks on my ports to the point I had no choice but to disconnect my router (we're talking hundreds of hits at once through the firewall). Ultimately I was forced to shutdown my pc, which enabled a destroy file mechanism upon boot. Trouble was there was no boot - it was a black screen.

 

I tried booting in safemode - couldn't. Had to access advanced BOIS to reconfigure. 

 

Finally got rebooted in safe mode. I looked at the drives - "it" had decimated them, so I ran a system restore back 4 days - the furthest I could go, as the others were deleted. 

 

I know they were using an OS exploit through BDSP - I found a zip file with my computer's name and that acronym as the title. I found their hidden user names.

 

 None of the files were discoverable as malware etc, until a rebooted in safemode. I did however do an initial scan  through an exe  scanner on a disc I had burned, it was Emisoft Emergency Kit, I found through this forum, see screen shots below.

 

I also booted Hiron's CD, but I know there are sometimes false positives for checksums and wanted someone much more knowledgeable to help me - review what I see. 

 

So far after running malware bytes, and ClamWin - I am seeing exes attached to temp files --- variants of  Win.Trojan.Poebot, Win.Worm.Runouce,  Win.Worm.Chir, various adware and malware. But I haven't been too comprehensive in using all the programs on Hiron's.

 

I was also given an exe from BitDefender to reverse and reset what was done. I wanted to repair the drives first before install in safe mode, especially if dealing with a Trojan.

 

I attached some screen shots of the Emisoft results [h + l], the hidden users [uuuu], the fake local service [99], the  BDSP file [hkl]. 

Attached Files

  • Attached File  h.PNG   38.84KB   0 downloads
  • Attached File  99.PNG   15.67KB   0 downloads
  • Attached File  hkl.PNG   32.93KB   0 downloads
  • Attached File  uuuu.png   40.79KB   0 downloads
  • Attached File  l.PNG   34.85KB   0 downloads

Edited by grrrl2, 06 April 2016 - 03:51 AM.


BC AdBot (Login to Remove)

 


#2 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 06 April 2016 - 05:26 PM

*



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 07 April 2016 - 08:06 PM

Greetings grrrl2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this after booting into Safe Mode with Networking.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • RogueKiller log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 05:09 AM

Hi Gary, I am Amber. Your help is appreciated. I have to make 2 separate posts, as the website is saying both combined is too long.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Amby (administrator) on SEXY-bleep (08-04-2016 02:42:39)
Running from C:\Users\Amby\Desktop
Loaded Profiles: Amby (Available Profiles: Amby & Amber)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-17] (Bitdefender)
HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23260000 2016-02-24] (Google)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Run: [Amazon Music] => C:\Users\Amby\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10787840 2016-03-28] (SecureMix LLC)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {3fd4f87d-134c-11e5-9b53-e0cb4e3160b3} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {49763f71-12c7-11e2-b69d-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {9c944784-f3bc-11e1-95dc-7a8020000200} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {aa3297c4-1432-11e1-b493-7a8020000200} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {c16f70d3-5ae0-11df-9ea9-e0cb4e3160b3} - J:\Start.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {d9c4b6fa-193c-11df-a0ab-e0cb4e3160b3} - J:\start.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2016-04-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2016-03-30]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
Startup: C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2016-04-05] ()
GroupPolicyUsers\S-1-5-21-1118247773-2797080340-1104804865-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
URLSearchHook: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No File
SearchScopes: HKLM -> DefaultScope {21F2E698-FFBB-451C-ACCF-09989B21AD75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {21F2E698-FFBB-451C-ACCF-09989B21AD75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {21F2E698-FFBB-451C-ACCF-09989B21AD75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> DefaultScope {D21BBA4C-9739-41D7-8A1A-38C94811B1A3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {21F2E698-FFBB-451C-ACCF-09989B21AD75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {73ea9fa8-3839-41f3-af23-09f7abef23bb} URL = hxxp://isearch.shopathome.com?user_id={b736463f-79b1-41f1-bfbf-001d00a4f5b8}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {D21BBA4C-9739-41D7-8A1A-38C94811B1A3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-09] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: @hulu.com/Hulu Desktop -> C:\Users\Amby\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll [2010-08-17] (Hulu LLC)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: @talk.google.com/O1DPlugin -> C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Amby\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Amby\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1118247773-2797080340-1104804865-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010-03-21] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-09] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amby\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amby\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Amazon Toolbar - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\amznUWL@amazon.com.xpi [2011-05-18] [not signed]
FF Extension: Blank Canvas Signatures for Gmail - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\gmail_sigs@blankcanvasweb.com.xpi [2012-06-14] [not signed]
FF Extension: Lazarus: Form Recovery - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\lazarus@interclue.com.xpi [2011-12-13] [not signed]
FF Extension: Multi Links - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\multilinks@plugin.xpi [2012-01-11] [not signed]
FF Extension: Element Properties - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\properties@darktrojan.net [2016-04-05] [not signed]
FF Extension: Rainbow - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\rainbow@colors.org.xpi [2012-06-14] [not signed]
FF Extension: SEOProfesional - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\seo@profesional.xpi [2012-01-11] [not signed]
FF Extension: WebRank Toolbar - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\webrank-toolbar@probcomp.com [2016-04-05] [not signed]
FF Extension: Linkification - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2016-04-05] [not signed]
FF Extension: MeasureIt - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-12-13] [not signed]
FF Extension: affilorama - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{7822cf50-08ee-4915-9872-ee92472df6cb} [2016-04-05] [not signed]
FF Extension: PrefBar - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754}.xpi [2012-06-14] [not signed]
FF Extension: WOT - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-05] [not signed]
FF Extension: Web Developer - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2016-04-05] [not signed]
FF Extension: Scan Link 2010 - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD381}.xpi [2011-05-18] [not signed]
FF Extension: Download Statusbar - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-12-13] [not signed]
FF Extension: Multifox - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\multifox@hultmann.xpi [2012-01-11] [not signed]
FF Extension: Greasemonkey - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2016-04-05] [not signed]
FF Extension: DownThemAll! - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-06-14] [not signed]
FF Extension: Google Analytics Watcher - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\Extensions\gic2@getinformer.com [2016-04-05] [not signed]
FF Extension: Ancestry.com Advanced Image Viewer - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\Extensions\support@ancestry.com [2016-04-05] [not signed]
FF Extension: VideoSurf Videos at a Glance - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\Extensions\videosurf_enhanced@videosurf.com.xpi [2011-05-18] [not signed]
FF Extension: Google Toolbar for Firefox - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2016-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-02-02]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:
=======
CHR HomePage: Default -> hxxps://www.amazon.com/gp/css/order-history/ref=nav_youraccount_orders
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\plugins/screen_capture.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Users\Amby\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
CHR Profile: C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\achmnghbfplhfomhiohmojicomlgmkam [2016-04-05]
CHR Extension: (Aviary Audio Editor) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajiijeebjcmkhdplmollbjpljcnelfhn [2011-11-19]
CHR Extension: (Website and SEO Analysis) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkomeiemllejmopbbjjngpmmikfedad [2016-04-05]
CHR Extension: (Quttera URL Scanner) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\akakpmcaifloabilokpjlaipdkoofldh [2012-06-11]
CHR Extension: (Smartsheet Chrome App) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alehdleagcgnimdipdmllebddejplpbi [2016-04-05]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2016-04-05]
CHR Extension: (Beatlab) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-05-22]
CHR Extension: (Google Drive) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Web Developer) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-04-05]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-05]
CHR Extension: (Weekdone Employee Status Reports) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjahdjkkjenpigpggpcnlfadlopbpcid [2014-09-02]
CHR Extension: (Hootsuite Hootlet) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2016-04-05]
CHR Extension: (Frank Smith) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgpmafbkgcchdjehdpnfgfgbdfahapa [2016-04-05]
CHR Extension: (Audiotool) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-07]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnahceedpdkaiojgdpddkkdkmjkabfgb [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnajpbphefbkedjhilaoohdpempncdif [2011-11-19]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjcmkhcpdacimmoecmnbeogagmekpmg [2016-04-05]
CHR Extension: (Verbatim Translatio) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon [2016-04-05]
CHR Extension: (ToneCheck™ for Gmail™ beta) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpldoihdgakfacljjecdbeepglelfjjc [2016-04-05]
CHR Extension: (Ge.tt) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2011-12-03]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceoahfhinjgldgpfkjmjghpaidolbeag [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceoomdobfpkpdilfooakcmklkkolppcb [2016-04-05]
CHR Extension: (Adblock Plus) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-05]
CHR Extension: (TrafficLight) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2016-04-05]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-04-05]
CHR Extension: (Pixsta) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc [2016-04-05]
CHR Extension: (Smartsheet Project Management) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm [2015-05-22]
CHR Extension: (ShopLocket) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjaibgdfaifnnjollpannioonpleckpj [2012-06-12]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2016-04-05]
CHR Extension: (MockFlow) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldcgifnkcmflfjfbhedkdfecbaakmcd [2015-05-22]
CHR Extension: (Reference App) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkmefkffmfinedklminbclibddlf [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmjcoiohflenpehfaalahocpmacjloof [2016-04-05]
CHR Extension: (Aviary Image Editor) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo [2011-11-19]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlodfbcplakmddhdlffebcggbbighda [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2016-04-05]
CHR Extension: (Bitdefender Wallet) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhikmcpmloddgnhmnnekekiclhjccgel [2016-04-05]
CHR Extension: (SEO Site Tools) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc [2016-04-05]
CHR Extension: (FlashCards) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb [2012-06-13]
CHR Extension: (Be a Local!) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diiecohgbcgbehcpofpolcnoipmefgbm [2012-06-08]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2016-04-08]
CHR Extension: (Lazarus: Form Recovery Patched) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\djffgnjhndjebbbgmkibfgjfegffmcpm [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbchninmgmgbjcmelhgaodfjbelhjpj [2016-04-05]
CHR Extension: (Cloud Save) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2016-04-05]
CHR Extension: (Parallel Universe) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlgmiidgfdpjcnhnhafijlpinepjkpnd [2016-04-05]
CHR Extension: (Mapnificent) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljjdghcikmaacogeloeooafjopponic [2011-11-23]
CHR Extension: (Cortexit) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnppkfenemlkmcelaoddfabcdopmhmg [2016-04-05]
CHR Extension: (Slick RSS) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfimkdnkkcajpkongkaaebnmidaegip [2016-04-05]
CHR Extension: (Pinterest Right Click) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo [2016-04-05]
CHR Extension: (Search All) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2016-04-05]
CHR Extension: (Pixlr-o-matic) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-07-01]
CHR Extension: (Gmail Offline) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-02]
CHR Extension: (Google Calendar) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-18]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkgcninebemfhajfhmiffbndloiacbe [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkkomimknapgodalnkjeddkjnjkfmfp [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\endnkcdnbldpjmmpmhbejcnjmhpggnje [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\epeckgeilgaojhfffkepefefbmjaefom [2016-04-05]
CHR Extension: (Bitdefender Wallet) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidhlplliphaijlenolgdojklmgbonnf [2016-04-05]
CHR Extension: (FreeAgent) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjemfnfinfkidfkgnkbjebdbpgbkgiba [2014-07-01]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkeenfecmgighpmhfnbgdohplnbihboo [2016-04-05]
CHR Extension: (Paste It) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln [2016-04-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-05]
CHR Extension: (Tampermonkey BETA) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2016-04-05]
CHR Extension: (Court Records Search) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgehcgmhjbiombkkaoepklkiejgcjen [2012-06-11]
CHR Extension: (Taskforce) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgkilempkpocmgbkgkjoeapjajonphj [2016-04-05]
CHR Extension: (Straight to Full-Size for Google Images™) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghhmhdkbiodiengmhbbpjkcjodingned [2016-04-05]
CHR Extension: (Amazon™ MP3 Cloud Music Player) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijcllgbmjegkklelijafediennbnabd [2016-04-05]
CHR Extension: (Social Translate) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\giljlmclogpacbccpelmggfcjnickhhf [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj [2016-04-05]
CHR Extension: (WriteThat.Name) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmekpejbhejfklgapcdolmfhdbnoemji [2011-11-21]
CHR Extension: (Page Rank - LinkExtend) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlhmjoojmepfijdlmhpbdibikkoibjg [2016-04-05]
CHR Extension: (Pin It Button) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-04-05]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegbhhpocfhlnjmemkibgibljklhlfco [2016-04-05]
CHR Extension: (Website Informer Addon) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmkhdckpblkakgojblgmlgaeaimofom [2016-04-05]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2016-04-05]
CHR Extension: (SuperSorter) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2016-04-05]
CHR Extension: (AncestryDNA Helper) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjflmfphflaeehhpdiggobllgffelfee [2016-04-05]
CHR Extension: (TiltShiftMaker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2015-10-02]
CHR Extension: (Geni) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnbeipfaipeokbeoakhfhapcldepimh [2011-05-20]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljhkedklaogpjkpflckfehiidocogjk [2016-04-05]
CHR Extension: (Ancestry Family Search Extension) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibamldnmegipgpiaepcilgcfnmgillfh [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef [2016-04-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-02]
CHR Extension: (Inkscape on rollApp) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjinnaagdniegmfejingjjhljhmkopj [2015-06-08]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnjpdkohdobepefcggjfjhenfcjpgah [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\idniochdimflalanajopnhaomfplfgka [2016-04-05]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2016-04-05]
CHR Extension: (SpellBook - Execute Bookmarklets from Right Click) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihckioenbbjedpocnnennnehjaacojil [2012-06-15]
CHR Extension: (BookedIN - Appointment Booking and Scheduling) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj [2016-03-03]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihnnahkcmnagcenhpmlecofngoogkndb [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan [2016-04-05]
CHR Extension: (InsurePost) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbbbfghokhomppbjkpnicokplbifacmg [2012-06-11]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehaijobeonhempacbjelicepjkhoidi [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonijcbpghmepkamkncbdjdcjkbblkj [2016-04-05]
CHR Extension: (Anti forced like) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfidejpbjcjjcakjmpiejcepnakmdmc [2016-04-05]
CHR Extension: (Klout) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2016-04-05]
CHR Extension: (Instant Retro) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2011-05-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcimpbhnilcgolicdnepifecokinjof [2012-06-18]
CHR Extension: (Autodesk Homestyler) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-09-02]
CHR Extension: (Smart Punctuations) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kemhapeegihkkkjbhnepbpkklbmpbgfn [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflphbnkmeikenpjoomdmebenejpnphj [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kklcfdmglffmfedcgkefbdcggmabpalo [2016-04-05]
CHR Extension: (DirectIQ) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmejjpglpgfglnfpfjpholofdndcalbi [2013-05-16]
CHR Extension: (Word Count) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmndjoipobjfjbhocpoeejjimchnbjje [2016-04-05]
CHR Extension: (Hootsuite) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-07-11]
CHR Extension: (Google Hangouts) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-03]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2016-04-05]
CHR Extension: (Anagram Solver) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagehpplbjnkffgblanjkpchfebpoike [2015-08-08]
CHR Extension: (Ultradox) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\laopdikjalenfglkalhhmkchjcamdfgj [2015-10-06]
CHR Extension: (Webcam Toy) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-26]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2016-04-05]
CHR Extension: (SaferChrome) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpkjjingioekjianemgdobchenebhek [2016-04-05]
CHR Extension: (JSON Editor) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkmoheomjbkfloacpgllgjcamhihfaj [2016-04-05]
CHR Extension: (Recx Security Analyser) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljafjhbjenhgcgnikniijchkngljgjda [2016-04-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-05]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2016-04-05]
CHR Extension: (Large Document) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccldfhipgghpkkamlldhiajioepaklb [2011-12-03]
CHR Extension: (Bookmarklet Finder) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjpejgcgnppclgahinlcnjpceocdkmp [2012-06-15]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehoepkkgogpjjgnbkeinjmiplmiefag [2016-04-05]
CHR Extension: (scroblr) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2016-04-05]
CHR Extension: (MixCloud Downloader) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfpmaaidpgbklpnffchmlmfpjboahej [2016-04-05]
CHR Extension: (WebRank SEO) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-05]
CHR Extension: (Google Play Books) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-05-22]
CHR Extension: (Slick RSS : Feed Finder) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajmofiejfjgeaakelmjklenjaekppa [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndekeigclpmnhmggjakhfmklhhibiokp [2016-04-05]
CHR Extension: (Profile Engine: Advanced Search for Facebook) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnkokeclakfloooiaghcnbpncaddibc [2011-05-20]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\njiapkdadfajalmkmpcbmodldfacnagc [2012-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2016-04-05]
CHR Extension: (GIFPAL) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2012-06-22]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajehffbidgccdedglcogjoolbdmpjmm [2016-04-05]
CHR Extension: (Todo.ly) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2011-11-21]
CHR Extension: (Straight to Google Analytics) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnalgemgaiglcdlkdhnfahhihkiijde [2016-04-05]
CHR Extension: (Chop) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oebekngjcmiocalhcockfggljhgnijde [2012-06-13]
CHR Extension: (Assignments (by HootSuite)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfcehdaekhnbkojcnjijopkecldfdcm [2016-04-05]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oioeohebbahbomemnpdmnicoghkepidd [2016-04-05]
CHR Extension: (Sell Simply) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojaeikpecldleicicnjdbmlabkgfnkmn [2012-06-11]
CHR Extension: (Piktochart) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgpilphbpmpjlicfhhkgnfbedaeegil [2015-06-08]
CHR Extension: (Tynt Blocker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm [2016-04-05]
CHR Extension: (Thesaurus) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem [2013-05-16]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-04-05]
CHR Extension: (Draw.io Desktop) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla [2016-04-08]
CHR Extension: (Social Analytics) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgckigmaefoaemjpijdepakcghjkggmg [2016-04-08]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2012-09-20]
CHR Profile: C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (Novelize Writing App) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgfbheeommcgojlodnikcnekolkjlega [2016-04-03]
CHR Extension: (Audiotool) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-04-03]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-04-03]
CHR Extension: (Story Wars) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coadbejlmmejdkpdcnbikfcplabhgmpo [2016-04-03]
CHR Extension: (Bitdefender Wallet) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-04-03]
CHR Extension: (PicMonkey Extension) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2016-04-03]
CHR Extension: (Polarr Photo Editor 3) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2016-04-03]
CHR Extension: (Soundtrap for Education) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlallcjfneldmakcbklbpbcgdbbkigfi [2016-04-03]
CHR Extension: (Powered by Redstone) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eaafagdemifnmjbmblhleneomcfdmofm [2016-04-03]
CHR Extension: (Soundtrap - Make Music Online) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epaknpicfmoglpinnnjckaobafganajf [2016-04-03]
CHR Extension: (Bitdefender Wallet) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-04-03]
CHR Extension: (Lucidpress
Free Design Tool) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdiljnnpfniifgbaippdemegmlhoohka [2016-04-03]
CHR Extension: (Google Sheets) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (RapPad - Write Better Lyrics) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhadcpjgjandiokfnmeefdcimniinhpe [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Magisto - Magical Video Editor) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2016-04-03]
CHR Extension: (Avast Online Security) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-03]
CHR Extension: (Jellynote) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcbdilcjeejecjnbbhhpkhhocnhlgfnn [2016-04-03]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-03]
CHR Extension: (We Heart It) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae [2016-04-03]
CHR Extension: (Inkscape on rollApp) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icjinnaagdniegmfejingjjhljhmkopj [2016-04-03]
CHR Extension: (This Exquisite Forest) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\illikembakcokcfifcbkneafjjjnckkd [2016-04-03]
CHR Extension: (Panabee: Domain Name Search) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\injaekmmopacmmfiebacognclnackfbc [2016-04-03]
CHR Extension: (SoundCloud) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-04-03]
CHR Extension: (Giphy for Chrome) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlleokkdhkflpmghiioglgmnminbekdi [2016-04-03]
CHR Extension: (Schooltraq) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klgfldonaglinnnpbagllbnekgjdbinb [2016-04-03]
CHR Extension: (Google Hangouts) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-04-03]
CHR Extension: (Until AM Web App) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2016-04-03]
CHR Extension: (Google Play) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-04-03]
CHR Extension: (Evernote Web) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-04-03]
CHR Extension: (AudioSauna) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2016-04-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-03]
CHR Extension: (Canva) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2016-04-03]
CHR Extension: (LINE) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\menkifleemblimdogmoihpfopnplikde [2016-04-03]
CHR Extension: (BeFunky Extension) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo [2016-04-03]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2016-04-03]
CHR Extension: (Google Hangouts) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-04-03]
CHR Extension: (Save to Pocket) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chordify - Tune into Chords) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojbmddiahnkphhipnimckolcndkcgjgn [2016-04-03]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2016-04-03]
CHR Extension: (Movellas.com) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcdekhaaokiblpmgmicjbkniggmhggmg [2016-04-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-03-04] (Amazon.com) [File not signed]
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [9924608 2016-03-28] (SecureMix LLC)
S2 HeimdalSecureDNS; C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [93776 2015-08-14] (Microsoft)
S2 HeimdalService; C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe [132688 2015-08-14] (CSIS Security Group)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-03-17] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-17] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATMFBUS; C:\Windows\System32\DRIVERS\ATMFBUS.sys [63488 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFCVsp; C:\Windows\System32\DRIVERS\ATMFCVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFFLT; C:\Windows\System32\DRIVERS\ATMFFLT.sys [15872 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFMdm; C:\Windows\System32\DRIVERS\ATMFMdm.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFNET; C:\Windows\System32\DRIVERS\ATMFNET.sys [133632 2009-10-01] (DEVGURU Co., LTD.)
S3 ATMFNVsp; C:\Windows\System32\DRIVERS\ATMFNVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ATMFVsp; C:\Windows\System32\DRIVERS\ATMFVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-01-22] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-01-22] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-03-17] (BitDefender LLC)
S1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-28] (SecureMix LLC)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
S0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [290032 2016-03-17] (Bitdefender)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-01-13] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2015-12-21] (Realsil Semiconductor Corporation)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50176 2009-10-16] (Apple, Inc.) [File not signed]
S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-05-27] (Windows ® Win 7 DDK provider)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [30208 2015-01-29] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2015-01-29] (LG Electronics Inc.)
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S1 epp; \??\E:\bin64\epp.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 02:42 - 2016-04-08 02:44 - 00066503 _____ C:\Users\Amby\Desktop\FRST.txt
2016-04-08 02:42 - 2016-04-08 02:42 - 00000000 ____D C:\FRST
2016-04-08 02:41 - 2016-04-08 02:41 - 02374144 _____ (Farbar) C:\Users\Amby\Desktop\FRST64.exe
2016-04-05 07:16 - 2016-04-05 07:16 - 00000861 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2016-04-05 00:17 - 2016-04-05 05:10 - 00000000 ____D C:\Users\Amby\Desktop\DERP OPs
2016-04-04 22:00 - 2016-04-04 22:00 - 00000000 ____D C:\ProgramData\Dumps
2016-04-04 21:22 - 2016-04-04 21:22 - 00000000 ____D C:\ProgramData\Emsisoft
2016-04-04 13:56 - 2016-04-04 14:00 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Comodo
2016-04-03 17:38 - 2016-04-03 17:38 - 00000000 ____D C:\VTRoot
2016-04-03 17:38 - 2016-04-03 17:38 - 00000000 ____D C:\Users\Amby\AppData\Local\Comodo
2016-04-03 17:38 - 2016-04-03 17:38 - 00000000 ____D C:\Program Files (x86)\Comodo
2016-04-03 17:35 - 2016-04-03 17:35 - 00000717 _____ C:\Users\Amby\AppData\Local\recently-used.xbel
2016-04-03 17:15 - 2016-04-05 04:43 - 00000000 ____D C:\Users\Amby\.zenmap
2016-04-03 17:15 - 2016-04-03 17:15 - 00000000 ____D C:\Users\Amby\AppData\Local\Hardcoded Software
2016-04-03 17:08 - 2016-04-05 04:44 - 00000000 ____D C:\Program Files\WinPcap
2016-04-03 17:07 - 2016-04-04 12:16 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-04-03 16:32 - 2016-04-03 16:32 - 00000000 ____D C:\Users\Amby\AppData\Roaming\PeerNetworking
2016-04-03 16:22 - 2016-04-05 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-04-03 16:19 - 2016-04-04 11:15 - 00000000 ____D C:\Program Files\COMODO
2016-04-03 16:14 - 2016-04-04 13:56 - 00000000 ____D C:\ProgramData\Comodo
2016-04-03 16:14 - 2016-04-03 16:14 - 00000000 ____D C:\ProgramData\Shared Space
2016-04-02 06:32 - 2016-04-05 05:10 - 00000000 ____D C:\Users\Amby\Desktop\returns
2016-04-01 02:54 - 2016-04-01 02:54 - 00000000 ____D C:\Program Files\Hardcoded Software
2016-04-01 02:24 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2016-04-01 02:24 - 2016-04-01 02:24 - 00001075 _____ C:\Users\Public\Desktop\herdProtect.lnk
2016-03-31 13:11 - 2016-03-31 13:11 - 00025969 _____ C:\ProgramData\1459455083.bdinstall.bin
2016-03-30 18:06 - 2016-04-05 06:17 - 00000000 ____D C:\Program Files\Reason
2016-03-30 17:59 - 2016-03-30 17:59 - 00000000 ____D C:\Users\Amber\AppData\Temp
2016-03-30 17:49 - 2016-03-30 17:49 - 00000000 ____D C:\Users\Amber\AppData\Local\GlassWire
2016-03-30 02:42 - 2016-03-30 02:40 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-03-30 02:41 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-30 02:41 - 2016-03-30 02:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2016-03-30 02:41 - 2016-03-30 02:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2016-03-30 02:41 - 2016-03-30 02:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-30 01:35 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-30 01:35 - 2016-04-05 06:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-30 01:29 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2016-03-30 00:13 - 2016-03-30 00:13 - 00000000 ____D C:\Users\Amby\AppData\Local\GlassWire
2016-03-30 00:10 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-03-30 00:10 - 2016-03-30 00:10 - 00001907 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-03-30 00:09 - 2016-03-30 00:09 - 00000000 ____D C:\ProgramData\GlassWire
2016-03-30 00:09 - 2015-05-28 21:30 - 00008657 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-03-30 00:09 - 2015-05-28 21:15 - 00033248 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-03-30 00:08 - 2016-04-05 06:43 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-03-30 00:06 - 2016-04-05 06:43 - 00000000 ____D C:\Program Files (x86)\Heimdal
2016-03-30 00:06 - 2016-04-05 06:18 - 00000000 ____D C:\ProgramData\CSIS
2016-03-29 23:26 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2016-03-29 23:13 - 2016-04-05 06:45 - 00000000 ____D C:\ProgramData\Panda Security
2016-03-29 23:13 - 2016-04-05 06:44 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2016-03-29 23:13 - 2016-04-05 06:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-03-29 23:13 - 2016-03-29 23:13 - 00003072 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2016-03-29 20:55 - 2016-04-05 06:45 - 00000000 ____D C:\Users\Amber\Downloads\mio - updated plants II
2016-03-29 03:10 - 2016-03-29 03:10 - 00025968 _____ C:\ProgramData\1459246231.bdinstall.bin
2016-03-29 03:10 - 2016-03-29 03:10 - 00025968 _____ C:\ProgramData\1459246222.bdinstall.bin
2016-03-29 01:43 - 2016-04-04 12:13 - 00000000 ____D C:\Users\Amby\Desktop\LISTS
2016-03-26 14:54 - 2016-03-26 14:54 - 04938366 _____ C:\Users\Amber\Desktop\b04617f567dc3b823ebce6daa625da6f8ccbc9c9_hq.xcf
2016-03-26 14:54 - 2016-03-26 14:54 - 00038492 _____ C:\Users\Amber\.recently-used.xbel
2016-03-26 04:55 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-26 04:55 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-26 04:55 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-26 04:55 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-26 04:55 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-26 04:55 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-26 04:55 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-26 04:55 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-26 04:55 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-26 04:55 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-26 04:55 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-26 04:55 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-26 04:55 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-26 04:55 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-26 04:55 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-26 04:55 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-26 03:56 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-26 03:56 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 15:13 - 2016-02-02 11:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-25 15:13 - 2015-11-05 12:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-03-25 15:13 - 2015-11-05 12:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-03-25 15:12 - 2015-08-05 10:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-03-25 15:12 - 2015-08-05 10:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-03-25 15:11 - 2016-02-05 11:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-25 15:11 - 2016-02-05 11:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-25 15:11 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-03-25 15:11 - 2015-07-22 17:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-25 15:11 - 2015-07-22 17:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-03-25 15:11 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-03-25 15:11 - 2015-07-22 09:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-03-25 15:11 - 2015-06-03 13:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-25 15:10 - 2016-02-01 12:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-25 15:10 - 2016-02-01 11:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-25 15:10 - 2016-02-01 11:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-25 15:10 - 2016-02-01 11:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-25 15:10 - 2016-02-01 11:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-25 15:10 - 2016-02-01 11:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-25 15:10 - 2016-02-01 11:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-25 15:10 - 2016-02-01 11:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-03-25 15:10 - 2016-02-01 11:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-03-25 15:10 - 2016-02-01 11:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-25 15:10 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-25 15:10 - 2015-10-29 10:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-03-25 15:10 - 2015-10-29 10:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-03-25 15:10 - 2015-10-29 10:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-03-25 15:10 - 2015-10-29 10:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-03-25 15:10 - 2015-10-29 10:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-03-25 15:10 - 2015-10-29 10:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-03-25 15:10 - 2015-10-29 10:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-03-25 15:10 - 2015-07-09 10:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-03-25 15:10 - 2015-07-09 10:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-03-25 15:10 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-03-25 15:10 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-03-25 15:09 - 2016-01-20 17:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-25 15:09 - 2016-01-11 12:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-25 15:09 - 2015-12-16 11:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-03-25 15:09 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-03-25 15:09 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-03-25 15:09 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-03-25 15:09 - 2015-12-16 11:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-03-25 15:09 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-03-25 15:09 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-03-25 15:09 - 2015-12-16 11:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-03-25 15:09 - 2015-12-16 07:38 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2016-03-25 15:09 - 2015-12-16 07:37 - 00419928 _____ C:\Windows\system32\locale.nls
2016-03-25 15:09 - 2015-11-19 07:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-25 15:09 - 2015-11-19 07:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-25 15:09 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-25 15:09 - 2015-08-27 11:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-03-25 15:09 - 2015-08-27 11:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-03-25 15:09 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-03-25 15:09 - 2015-08-27 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-03-25 15:09 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-03-25 15:09 - 2015-08-27 10:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-03-25 15:09 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-03-25 15:09 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-03-25 15:09 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-03-25 15:09 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-03-25 15:09 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-03-25 15:09 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-03-25 15:09 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-03-25 15:09 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-03-25 15:09 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-03-25 15:09 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-03-25 14:54 - 2016-02-19 12:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-25 14:54 - 2016-02-19 11:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-25 14:54 - 2016-02-19 07:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-25 14:54 - 2016-02-11 07:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-25 14:54 - 2016-02-05 07:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-25 14:54 - 2016-02-05 07:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-25 14:54 - 2016-02-05 07:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-25 14:54 - 2015-11-16 13:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-03-25 12:17 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-03-25 12:17 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-03-25 12:17 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-03-25 12:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-03-25 12:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-03-25 12:17 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-03-25 12:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-03-25 12:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-03-25 12:17 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-03-25 12:17 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-25 12:17 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-25 12:17 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-03-25 12:17 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-03-25 12:17 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-25 12:17 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-03-25 12:17 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-03-25 12:17 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-03-25 12:17 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-03-25 12:17 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-03-25 12:17 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-03-25 12:17 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-03-25 12:17 - 2012-05-31 22:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2016-03-25 12:17 - 2012-05-31 22:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2016-03-25 12:17 - 2012-05-31 22:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2016-03-25 12:17 - 2012-05-31 22:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2016-03-25 12:17 - 2012-05-31 22:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2016-03-25 12:17 - 2012-05-31 22:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2016-03-25 12:17 - 2012-05-31 21:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2016-03-25 12:17 - 2012-05-31 21:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2016-03-25 12:17 - 2012-05-31 21:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2016-03-25 12:17 - 2012-05-31 21:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2016-03-25 12:17 - 2012-05-31 21:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2016-03-25 12:17 - 2012-05-31 21:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2016-03-25 12:16 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-03-25 12:14 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-25 12:14 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-25 12:14 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-25 12:14 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-25 12:08 - 2016-02-04 10:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-25 12:08 - 2015-11-03 12:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-03-25 12:08 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-25 12:08 - 2015-11-03 11:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-03-25 12:08 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-03-25 12:07 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-03-25 12:05 - 2015-11-10 11:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-25 12:05 - 2015-11-10 11:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-25 12:05 - 2015-11-10 11:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-25 12:05 - 2015-11-10 11:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-25 12:05 - 2015-11-10 11:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-25 12:05 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-03-25 12:05 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-03-25 12:05 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-03-25 12:05 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-03-25 12:04 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-25 12:04 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-25 12:04 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-25 12:04 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-25 12:04 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-25 12:04 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-25 12:04 - 2015-11-05 12:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-03-25 12:04 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-03-25 12:04 - 2015-11-05 02:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-03-25 12:03 - 2016-02-08 23:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-25 12:03 - 2016-02-08 23:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-25 12:03 - 2016-02-08 14:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-25 12:03 - 2016-02-08 13:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-25 12:03 - 2016-02-08 13:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-25 12:03 - 2016-02-08 13:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-25 12:03 - 2016-02-08 13:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-25 12:03 - 2016-02-08 13:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-25 12:03 - 2016-02-08 13:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-25 12:03 - 2016-02-08 13:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-25 12:03 - 2016-02-08 13:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-25 12:03 - 2016-02-08 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-25 12:03 - 2016-02-08 13:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-25 12:03 - 2016-02-08 13:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-25 12:03 - 2016-02-08 13:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-25 12:03 - 2016-02-08 13:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-25 12:03 - 2016-02-08 13:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-25 12:03 - 2016-02-08 13:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-25 12:03 - 2016-02-08 13:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-25 12:03 - 2016-02-08 13:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-25 12:03 - 2016-02-08 13:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-25 12:03 - 2016-02-08 13:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-25 12:03 - 2016-02-08 13:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-25 12:03 - 2016-02-08 13:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-25 12:03 - 2016-02-08 13:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-25 12:03 - 2016-02-08 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-25 12:03 - 2016-02-08 13:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-25 12:03 - 2016-02-08 13:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-25 12:03 - 2016-02-08 13:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-25 12:03 - 2016-02-08 13:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-25 12:03 - 2016-02-08 12:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-25 12:03 - 2016-02-08 12:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-25 12:03 - 2016-02-08 12:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-25 12:03 - 2016-02-08 11:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-25 12:03 - 2016-02-08 11:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-25 12:03 - 2016-02-08 11:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-25 12:03 - 2016-02-08 11:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-25 12:03 - 2016-02-08 11:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-25 12:03 - 2016-02-08 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-25 12:03 - 2016-02-08 11:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-25 12:03 - 2016-02-08 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-25 12:03 - 2016-02-08 11:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-25 12:03 - 2016-02-08 11:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-25 12:03 - 2016-02-08 11:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-25 12:03 - 2016-02-08 11:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-25 12:03 - 2016-02-08 11:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-25 12:03 - 2016-02-08 11:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-25 12:03 - 2016-02-08 11:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-25 12:03 - 2016-02-08 11:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-25 12:03 - 2016-02-08 11:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-25 12:03 - 2016-02-08 11:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-25 12:03 - 2016-02-08 10:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-25 12:03 - 2016-02-08 10:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-25 12:03 - 2016-02-08 10:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-25 12:03 - 2016-02-08 10:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-25 12:03 - 2016-02-08 10:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-25 12:03 - 2016-02-08 10:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-25 12:03 - 2016-02-08 10:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-25 12:03 - 2016-02-08 10:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-25 12:03 - 2016-02-08 10:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-25 12:03 - 2016-02-08 10:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-25 12:03 - 2016-02-08 10:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-25 12:03 - 2016-02-08 10:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-25 12:03 - 2016-02-08 10:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-25 12:03 - 2016-02-08 10:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-25 12:03 - 2016-02-08 09:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-25 12:02 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-25 12:02 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-25 12:02 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-03-25 12:02 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-03-25 12:02 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-03-25 12:02 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-03-25 12:02 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-03-25 12:02 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-03-25 12:02 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-03-25 11:59 - 2016-02-11 11:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-25 11:59 - 2016-02-11 11:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-25 11:59 - 2016-02-11 11:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-25 11:59 - 2016-02-11 11:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-25 11:59 - 2016-02-11 11:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-25 11:59 - 2016-02-11 11:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-25 11:59 - 2016-02-11 11:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-25 11:59 - 2016-02-11 11:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-25 11:59 - 2016-02-11 11:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-25 11:59 - 2016-02-11 11:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-25 11:59 - 2016-02-11 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-25 11:59 - 2016-02-11 11:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-25 11:59 - 2016-02-11 11:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-25 11:59 - 2016-02-11 11:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-25 11:59 - 2016-02-11 11:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-25 11:59 - 2016-02-11 11:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-25 11:59 - 2016-02-11 11:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-25 11:59 - 2016-02-11 11:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-25 11:59 - 2016-02-11 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-25 11:59 - 2016-02-11 11:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-25 11:59 - 2016-02-11 11:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-25 11:59 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-25 11:59 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-25 11:59 - 2016-02-11 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-25 11:59 - 2016-02-11 11:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-25 11:59 - 2016-02-11 11:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-25 11:59 - 2016-02-11 11:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-25 11:59 - 2016-02-11 11:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-25 11:59 - 2016-02-11 11:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-25 11:59 - 2016-02-11 11:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-25 11:59 - 2016-02-11 11:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-25 11:59 - 2016-02-11 11:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-25 11:59 - 2016-02-11 11:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-25 11:59 - 2016-02-11 11:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 10:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-25 11:59 - 2016-02-11 10:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-25 11:59 - 2016-02-11 10:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-25 11:59 - 2016-02-11 10:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-25 11:59 - 2016-02-11 10:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-25 11:59 - 2016-02-11 10:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-25 11:59 - 2016-02-11 10:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-25 11:59 - 2016-02-11 10:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-25 11:59 - 2016-02-11 10:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-25 11:59 - 2016-02-11 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-25 11:59 - 2016-02-11 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-25 11:59 - 2016-02-11 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-25 11:59 - 2016-02-11 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-25 11:59 - 2016-02-11 10:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-25 11:59 - 2016-02-11 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-25 11:59 - 2016-02-11 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-25 11:59 - 2015-11-11 11:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-25 11:59 - 2015-11-11 11:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-03-25 11:59 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-25 11:59 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-03-25 11:57 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-25 11:57 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-25 11:57 - 2015-10-13 09:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-03-25 11:57 - 2015-10-13 09:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-03-25 11:56 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-25 11:56 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-03-25 11:56 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-25 11:56 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-03-25 11:56 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-03-25 11:55 - 2016-02-05 11:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-25 11:55 - 2016-02-05 11:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-25 11:55 - 2016-02-05 11:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-25 11:55 - 2016-02-05 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-25 11:55 - 2016-02-05 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-25 11:55 - 2016-02-05 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-25 11:55 - 2016-02-05 11:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-25 11:55 - 2016-02-05 10:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-25 11:55 - 2016-02-05 10:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-25 11:55 - 2016-02-05 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-25 11:55 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-25 11:55 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-25 11:55 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-25 11:55 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-25 11:55 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-25 11:55 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-25 11:55 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-25 11:55 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-25 11:55 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-25 11:55 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-25 11:55 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-25 11:55 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-25 11:55 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-25 11:55 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-25 11:55 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-25 11:55 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-25 11:55 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-25 11:55 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-25 11:55 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-25 11:55 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-03-25 11:55 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-03-25 11:55 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-03-25 11:55 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-03-25 11:55 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-03-25 11:54 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-25 11:54 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-25 11:54 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-25 11:51 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-25 11:51 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-25 11:51 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-25 11:51 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-25 11:51 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-25 11:51 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-25 11:51 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-25 11:51 - 2015-09-23 06:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-03-25 11:51 - 2015-09-23 06:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-03-25 11:51 - 2015-09-23 06:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-03-25 11:49 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-25 11:49 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-25 11:49 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-25 11:49 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-25 11:49 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-25 11:49 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-25 11:49 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-25 11:49 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-25 11:49 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-25 11:49 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-25 11:49 - 2015-10-12 21:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-03-25 11:45 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-03-25 11:45 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-24 15:24 - 2016-03-24 19:36 - 00000000 ____D C:\mnt
2016-03-24 15:24 - 2016-03-24 15:24 - 00000000 ____D C:\ProgramData\Backup
2016-03-23 23:28 - 2016-03-23 23:28 - 20345024 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-03-23 21:16 - 2016-03-23 21:16 - 00000000 ____D C:\Users\Amber\AppData\Local\Amazon Music
2016-03-23 05:30 - 2016-03-23 05:30 - 00000000 ____D C:\Users\Amby\AppData\Local\Deployment
2016-03-23 05:25 - 2016-01-13 00:32 - 00777944 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2016-03-23 05:25 - 2016-01-05 02:50 - 00328920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2016-03-23 05:25 - 2015-12-24 00:06 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
2016-03-23 05:25 - 2015-12-21 18:39 - 00413912 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2016-03-23 05:25 - 2015-10-15 20:26 - 00367320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2016-03-23 05:21 - 2016-04-05 06:25 - 00000000 ____D C:\Users\Amby\Desktop\0001-RtsUCcid_6.1.7600.00042_WithLogo
2016-03-23 05:09 - 2016-04-05 06:03 - 00000000 ____D C:\inetpub
2016-03-23 05:09 - 2016-03-23 05:09 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2016-03-23 05:09 - 2016-03-23 05:09 - 00000000 ____D C:\Windows\system32\msmq
2016-03-23 05:09 - 2016-03-23 05:09 - 00000000 ____D C:\Windows\system32\BestPractices
2016-03-23 04:29 - 2016-04-05 06:47 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-03-23 04:28 - 2016-04-05 06:25 - 00000000 ____D C:\Users\Amby\Desktop\0004-RtsXStor_10.0.370.125
2016-03-23 03:58 - 2016-04-05 06:45 - 00000000 ____D C:\Users\Amby\AppData\Local\Apps\2.0
2016-03-23 02:33 - 2016-03-23 02:34 - 00000000 ____D C:\KVRT_Data
2016-03-22 14:09 - 2016-04-03 13:54 - 00000000 ____D C:\Users\Amber\Downloads\SimsCC
2016-03-22 09:25 - 2016-03-22 09:25 - 00025970 _____ C:\ProgramData\1458663909.bdinstall.bin
2016-03-20 15:13 - 2016-04-05 06:46 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-19 18:53 - 2016-04-05 06:45 - 00000000 ____D C:\Users\Amber\Desktop\OTher
2016-03-17 02:15 - 2016-04-03 13:54 - 00000000 ____D C:\Users\Amber\Downloads\bleepoffoftumblr
2016-03-16 23:17 - 2016-03-16 23:17 - 00000000 ____D C:\Users\Amber\AppData\Local\GWX
2016-03-16 18:42 - 2016-03-16 18:42 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Hewlett-Packard
2016-03-16 14:11 - 2016-03-21 13:19 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\.minecraft
2016-03-16 14:11 - 2016-03-16 14:16 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Bitdefender
2016-03-16 14:11 - 2016-03-16 14:11 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\java
2016-03-16 14:11 - 2016-03-16 14:11 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Apple Computer
2016-03-16 14:10 - 2016-04-05 06:46 - 00000000 ____D C:\Users\Trevor\AppData\Local\Hewlett-Packard
2016-03-16 14:10 - 2016-03-19 19:55 - 00002261 _____ C:\Users\Trevor\Desktop\Google Chrome.lnk
2016-03-16 14:10 - 2016-03-19 16:58 - 00000000 ____D C:\Users\Trevor\AppData\Local\VirtualStore
2016-03-16 14:10 - 2016-03-16 14:10 - 00001379 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-16 14:10 - 2016-03-16 14:10 - 00000632 __RSH C:\Users\Trevor\ntuser.pol
2016-03-16 14:10 - 2016-03-16 14:10 - 00000020 ___SH C:\Users\Trevor\ntuser.ini
2016-03-16 14:10 - 2016-03-16 14:10 - 00000000 _SHDL C:\Users\Trevor\My Documents
2016-03-16 14:10 - 2016-03-16 14:10 - 00000000 _SHDL C:\Users\Trevor\Documents\My Videos
2016-03-16 14:10 - 2016-03-16 14:10 - 00000000 _SHDL C:\Users\Trevor\Documents\My Pictures
2016-03-16 14:10 - 2016-03-16 14:10 - 00000000 _SHDL C:\Users\Trevor\Documents\My Music
2016-03-16 14:10 - 2016-03-16 14:10 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Adobe
2016-03-16 14:09 - 2016-04-05 06:47 - 00000000 ____D C:\Users\Trevor
2016-03-16 14:09 - 2016-04-05 06:46 - 00000000 ____D C:\Users\Trevor\AppData\Local\HuluDesktop
2016-03-16 14:09 - 2016-04-05 06:28 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Macromedia
2016-03-16 14:09 - 2016-04-05 06:27 - 00000000 ____D C:\Users\Trevor\AppData\Local\Google
2016-03-16 14:09 - 2012-08-06 00:32 - 00000000 ____D C:\Users\Trevor\AppData\LocalGoogle
2016-03-16 14:09 - 2009-12-04 18:47 - 00001976 _____ C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2016-03-16 14:09 - 2009-07-14 00:44 - 00000000 ____D C:\Users\Trevor\AppData\Roaming\Media Center Programs
2016-03-13 21:08 - 2016-03-17 04:31 - 00000000 ____D C:\Users\Amber\Desktop\Wattpad
2016-03-13 21:08 - 2016-03-14 22:48 - 00000000 ____D C:\Users\Amber\Desktop\Misc
2016-03-13 16:40 - 2016-03-13 16:40 - 00000000 ____D C:\Users\Amber\AppData\Roaming\QuickScan
2016-03-09 19:51 - 2016-03-09 19:51 - 02618631 _____ C:\Users\Amber\Documents\MCA-1.8-5.0.7.1-universal.zip.zip
2016-03-09 19:08 - 2016-03-09 19:53 - 00000000 ____D C:\Users\Amber\Documents\MCA-1.8-5.0.7.1-universal.zip
2016-03-09 08:49 - 2016-03-09 08:49 - 00000000 ____D C:\Users\Amber\Desktop\Youtube

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 10:09 - 2016-03-03 15:18 - 00000000 ___RD C:\Users\Amby\Desktop\Quick Access~!
2016-04-05 10:07 - 2010-10-23 10:49 - 00000000 ___RD C:\Users\Amby\Desktop\FREELANCE
2016-04-05 07:07 - 2010-02-14 00:50 - 00000000 ____D C:\Users\Amby
2016-04-05 06:56 - 2009-07-13 22:13 - 00881478 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 06:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-05 06:51 - 2013-07-10 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VP-EYE
2016-04-05 06:51 - 2012-07-15 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-05 06:47 - 2016-01-05 22:42 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2016-04-05 06:47 - 2015-05-23 05:57 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-05 06:47 - 2014-07-02 04:27 - 00000000 ____D C:\Windows\Temp68D78131-EB7D-276F-B46F-0D823B41F7F3-Signatures
2016-04-05 06:47 - 2011-11-21 12:12 - 00000000 ____D C:\Windows\SysWOW64\Samsung_USB_Drivers
2016-04-05 06:47 - 2011-02-03 09:32 - 00000000 ____D C:\Windows\TempA107EFA2-0352-A764-C0B8-13F9FA299499-Signatures
2016-04-05 06:47 - 2010-11-08 13:03 - 00000000 ____D C:\Windows\SysWOW64\logishrd
2016-04-05 06:47 - 2010-05-23 11:17 - 00000000 ____D C:\Users\Amber
2016-04-05 06:47 - 2010-05-22 21:11 - 00000000 ____D C:\Windows\pss
2016-04-05 06:47 - 2009-12-04 18:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-05 06:47 - 2009-12-04 18:44 - 00000000 ____D C:\Windows\SysWOW64\x64
2016-04-05 06:47 - 2009-12-04 18:44 - 00000000 ____D C:\Windows\SysWOW64\Lang
2016-04-05 06:47 - 2009-12-04 18:35 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-04-05 06:47 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-05 06:47 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-05 06:47 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-04-05 06:47 - 2009-07-13 21:45 - 00000000 ____D C:\Windows\Setup
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\TAPI
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-04-05 06:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\security
2016-04-05 06:46 - 2016-03-03 18:17 - 00000000 ____D C:\Users\Amby\AppData\Roaming\GenJ3
2016-04-05 06:46 - 2016-03-03 18:15 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GenealogyJ
2016-04-05 06:46 - 2016-03-03 17:16 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrampsAIO64 4.2.1
2016-04-05 06:46 - 2016-03-03 17:10 - 00000000 ____D C:\Users\Amby\AppData\Local\GrampsAIO64-4.2.1
2016-04-05 06:46 - 2015-09-06 03:34 - 00000000 ___RD C:\Users\Amby\Desktop\AMZ
2016-04-05 06:46 - 2015-09-03 23:47 - 00000000 ___RD C:\Users\Amby\Desktop\DNA
2016-04-05 06:46 - 2015-08-20 17:03 - 00000000 ___RD C:\Users\Amby\Desktop\KIDS
2016-04-05 06:46 - 2015-06-21 17:10 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2016-04-05 06:46 - 2015-06-21 15:39 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Mael
2016-04-05 06:46 - 2015-06-09 00:35 - 00000000 ____D C:\Users\Amby\Documents\UserTesting
2016-04-05 06:46 - 2015-05-27 14:58 - 00000000 ___RD C:\Users\Amby\Desktop\BEATS
2016-04-05 06:46 - 2015-05-27 14:55 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-04-05 06:46 - 2015-05-22 15:59 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive
2016-04-05 06:46 - 2014-09-02 20:58 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-05 06:46 - 2014-07-28 01:01 - 00000000 ___RD C:\Users\Amby\Google Drive
2016-04-05 06:46 - 2014-07-21 09:26 - 00000000 ____D C:\Users\Amby\AppData\Roaming\.technic
2016-04-05 06:46 - 2014-07-20 19:57 - 00000000 ____D C:\Users\Amby\AppData\Roaming\.minecraft
2016-04-05 06:46 - 2014-07-01 23:06 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Dropbox
2016-04-05 06:46 - 2013-07-15 20:36 - 00000000 ____D C:\Users\Amby\AppData\Roaming\WildTangentv1001
2016-04-05 06:46 - 2012-08-20 09:14 - 00000000 ___RD C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-05 06:46 - 2012-08-13 12:33 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Mp3tag
2016-04-05 06:46 - 2012-07-08 03:22 - 00000000 ____D C:\Users\Amby\Documents\MAGIX Downloads
2016-04-05 06:46 - 2012-07-08 03:22 - 00000000 ____D C:\Users\Amby\AppData\Roaming\MAGIX
2016-04-05 06:46 - 2012-06-27 14:59 - 00000000 ____D C:\Users\Amby\Documents\ELLA AND TREVOR
2016-04-05 06:46 - 2012-06-12 12:24 - 00000000 ____D C:\Users\Amby\AppData\Roaming\QuickScan
2016-04-05 06:46 - 2012-06-07 22:01 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-04-05 06:46 - 2011-05-18 16:01 - 00000000 ___RD C:\Users\Amby\Desktop\Geo
2016-04-05 06:46 - 2011-03-15 09:18 - 00000000 ____D C:\Users\Amby\Downloads\SOFTWARE
2016-04-05 06:46 - 2011-01-16 23:56 - 00000000 ___RD C:\Users\Amby\Desktop\UTILITY
2016-04-05 06:46 - 2010-12-05 11:46 - 00000000 ____D C:\Users\Amby\AppData\LocalLow\AGI
2016-04-05 06:46 - 2010-10-23 10:46 - 00000000 ___RD C:\Users\Amby\Desktop\SECUR
2016-04-05 06:46 - 2010-10-23 10:40 - 00000000 ___RD C:\Users\Amby\Desktop\PUBLISH
2016-04-05 06:46 - 2010-10-23 10:30 - 00000000 ___RD C:\Users\Amby\Desktop\AUDIO
2016-04-05 06:46 - 2010-10-23 10:27 - 00000000 ___RD C:\Users\Amby\Desktop\PHOTO CHOP
2016-04-05 06:46 - 2010-10-23 10:23 - 00000000 ___RD C:\Users\Amby\Desktop\CULINARY
2016-04-05 06:46 - 2010-10-23 10:18 - 00000000 ___RD C:\Users\Amby\Desktop\Geneaology
2016-04-05 06:46 - 2010-08-18 09:51 - 00000000 ____D C:\Windows\Downloaded Installations
2016-04-05 06:46 - 2010-08-17 16:13 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop
2016-04-05 06:46 - 2010-05-18 23:16 - 00000000 ____D C:\Users\Public\CyberLink
2016-04-05 06:46 - 2010-04-28 09:52 - 00000000 ____D C:\Users\Amby\AppData\Roaming\gramps
2016-04-05 06:46 - 2010-04-27 19:30 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Foxit Software
2016-04-05 06:46 - 2010-04-06 19:44 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-04-05 06:46 - 2010-03-15 00:05 - 00000000 ____D C:\Users\Amby\AppData\Roaming\gtk-2.0
2016-04-05 06:46 - 2010-03-12 19:33 - 00000000 ____D C:\Users\Amby\Documents\.gimp-2.6
2016-04-05 06:46 - 2010-02-28 20:27 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Google
2016-04-05 06:46 - 2010-02-23 15:08 - 00000000 ____D C:\Users\Amby\AppData\Roaming\CyberLink
2016-04-05 06:46 - 2010-02-17 00:46 - 00000000 ____D C:\Users\Amby\AppData\Local\Microsoft Help
2016-04-05 06:46 - 2010-02-14 22:32 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Foxit
2016-04-05 06:46 - 2010-02-14 16:05 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Cricket
2016-04-05 06:46 - 2010-02-14 01:10 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Mozilla
2016-04-05 06:46 - 2010-02-14 00:57 - 00000000 ____D C:\Users\Amby\AppData\Roaming\PictureMover
2016-04-05 06:46 - 2010-02-14 00:50 - 00000000 ____D C:\Users\Amby\AppData\Local\HuluDesktop
2016-04-05 06:46 - 2010-02-14 00:50 - 00000000 ____D C:\Users\Amby\AppData\Local\Hewlett-Packard
2016-04-05 06:46 - 2009-12-04 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop
2016-04-05 06:46 - 2009-12-04 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop
2016-04-05 06:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-04-05 06:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-05 06:45 - 2016-03-03 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-04-05 06:45 - 2016-02-28 19:27 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-04-05 06:45 - 2016-02-22 08:52 - 00000000 ____D C:\Users\Amber\Junk I can't delete ._
2016-04-05 06:45 - 2016-02-21 14:07 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Mael
2016-04-05 06:45 - 2016-01-05 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
2016-04-05 06:45 - 2015-10-25 00:19 - 00000000 ____D C:\test
2016-04-05 06:45 - 2015-09-22 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POWERPREP II
2016-04-05 06:45 - 2015-09-14 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2016-04-05 06:45 - 2015-09-07 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Reviewer Analysis Tool
2016-04-05 06:45 - 2015-06-21 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2016-04-05 06:45 - 2015-05-28 00:58 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-04-05 06:45 - 2015-05-27 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mp3splt-gtk
2016-04-05 06:45 - 2015-05-27 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 1.1.3
2016-04-05 06:45 - 2015-05-27 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-04-05 06:45 - 2015-05-27 14:55 - 00000000 ____D C:\Program Files\VB
2016-04-05 06:45 - 2015-05-24 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-05 06:45 - 2015-05-23 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2016-04-05 06:45 - 2014-08-08 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GanttProject
2016-04-05 06:45 - 2014-07-21 01:23 - 00000000 ____D C:\Users\Amby\AppData\Local\Amazon Music
2016-04-05 06:45 - 2014-07-11 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-04-05 06:45 - 2014-07-11 20:04 - 00000000 ____D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2016-04-05 06:45 - 2014-07-07 23:56 - 00000000 ____D C:\ProgramData\AGI
2016-04-05 06:45 - 2014-07-06 11:20 - 00000000 ____D C:\Users\Amby\.gimp-2.6
2016-04-05 06:45 - 2013-10-06 09:02 - 00000000 ____D C:\Users\Amber\AppData\Roaming\gtk-2.0
2016-04-05 06:45 - 2013-09-24 17:59 - 00000000 ____D C:\Users\Amber\AppData\Local\Microsoft Help
2016-04-05 06:45 - 2013-09-17 20:26 - 00000000 ____D C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-05 06:45 - 2013-05-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2016-04-05 06:45 - 2013-05-17 17:57 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-04-05 06:45 - 2013-05-15 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-05 06:45 - 2013-05-15 21:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-05 06:45 - 2012-09-05 00:55 - 00000000 ___RD C:\Users\Amby\AppData\CULINARY STUFF
2016-04-05 06:45 - 2012-08-17 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-04-05 06:45 - 2012-08-17 15:38 - 00000000 ____D C:\Program Files\PeerBlock
2016-04-05 06:45 - 2012-08-13 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-04-05 06:45 - 2012-07-08 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2016-04-05 06:45 - 2012-06-25 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-05 06:45 - 2012-06-07 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-05 06:45 - 2011-05-15 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2016-04-05 06:45 - 2011-02-22 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poladroid
2016-04-05 06:45 - 2011-01-29 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
2016-04-05 06:45 - 2010-12-22 19:49 - 00000000 ____D C:\ProgramData\Real
2016-04-05 06:45 - 2010-11-20 16:13 - 00000000 ____D C:\Users\Amby\AppData\Local\dotPDN_LLC
2016-04-05 06:45 - 2010-08-18 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2016-04-05 06:45 - 2010-06-30 17:03 - 00000000 ____D C:\Users\Amby\AppData\Local\Ancestry.com
2016-04-05 06:45 - 2010-06-30 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ancestry
2016-04-05 06:45 - 2010-06-30 15:46 - 00000000 ____D C:\Users\Amby\AppData\Local\Downloaded Installations
2016-04-05 06:45 - 2010-05-23 11:18 - 00000000 ____D C:\Users\Amber\AppData\Local\Hewlett-Packard
2016-04-05 06:45 - 2010-05-23 11:17 - 00000000 ____D C:\Users\Amber\AppData\Local\HuluDesktop
2016-04-05 06:45 - 2010-05-12 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTK2 Runtime
2016-04-05 06:45 - 2010-05-12 00:28 - 00000000 ____D C:\Python26
2016-04-05 06:45 - 2010-05-10 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricket Broadband Connect
2016-04-05 06:45 - 2010-05-10 12:23 - 00000000 ____D C:\Program Files\PANTECH
2016-04-05 06:45 - 2010-04-28 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GomezPEER
2016-04-05 06:45 - 2010-04-28 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphviz 2.26
2016-04-05 06:45 - 2010-04-28 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PyGTK
2016-04-05 06:45 - 2010-04-28 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.6
2016-04-05 06:45 - 2010-04-28 10:14 - 00000000 ____D C:\Program Files\Python26
2016-04-05 06:45 - 2010-03-21 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-04-05 06:45 - 2010-03-19 15:07 - 00000000 ____D C:\Program Files\Paint.NET
2016-04-05 06:45 - 2010-03-12 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2016-04-05 06:45 - 2010-03-11 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMPshop
2016-04-05 06:45 - 2010-02-17 00:47 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-05 06:45 - 2010-02-16 16:06 - 00000000 ____D C:\ProgramData\Apple Computer
2016-04-05 06:45 - 2010-02-16 16:05 - 00000000 ____D C:\ProgramData\Apple
2016-04-05 06:45 - 2010-02-14 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-04-05 06:45 - 2010-02-14 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-05 06:45 - 2010-02-14 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2016-04-05 06:45 - 2009-12-04 19:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2016-04-05 06:45 - 2009-12-04 19:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-04-05 06:45 - 2009-12-04 19:24 - 00000000 ____D C:\ProgramData\Norton
2016-04-05 06:45 - 2009-12-04 19:13 - 00000000 ____D C:\ProgramData\WildTangent
2016-04-05 06:45 - 2009-12-04 19:00 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-04-05 06:45 - 2009-12-04 18:59 - 00000000 ____D C:\Program Files\PC-Doctor for Windows
2016-04-05 06:45 - 2009-12-04 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2016-04-05 06:45 - 2009-12-04 18:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-05 06:45 - 2009-12-04 18:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-04-05 06:45 - 2009-12-04 18:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-04-05 06:45 - 2009-12-04 18:47 - 00000000 ____D C:\ProgramData\Temp
2016-04-05 06:45 - 2009-12-04 18:47 - 00000000 ____D C:\Program Files\PlayReady
2016-04-05 06:45 - 2009-12-04 18:43 - 00000000 ___DC C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
2016-04-05 06:45 - 2009-12-04 18:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2016-04-05 06:45 - 2009-12-04 18:35 - 00000000 ____D C:\Program Files\Realtek
2016-04-05 06:44 - 2016-03-03 13:42 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-04-05 06:44 - 2016-01-05 22:42 - 00000000 ____D C:\Program Files (x86)\MONOPRICE TABLET 10593
2016-04-05 06:44 - 2015-06-21 09:55 - 00000000 ____D C:\Program Files (x86)\HxD
2016-04-05 06:44 - 2015-05-28 00:58 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2016-04-05 06:44 - 2015-05-27 17:10 - 00000000 ____D C:\Program Files (x86)\mp3splt-gtk
2016-04-05 06:44 - 2015-05-27 16:06 - 00000000 ____D C:\Program Files\LMMS
2016-04-05 06:44 - 2015-05-22 21:15 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-05 06:44 - 2013-05-17 17:57 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-04-05 06:44 - 2013-05-15 21:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-05 06:44 - 2012-08-13 12:32 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2016-04-05 06:44 - 2012-06-25 22:47 - 00000000 ____D C:\Program Files\CCleaner
2016-04-05 06:44 - 2012-06-07 23:29 - 00000000 ____D C:\Program Files (x86)\Safari
2016-04-05 06:44 - 2012-06-07 23:16 - 00000000 ____D C:\Program Files\iTunes
2016-04-05 06:44 - 2012-06-07 23:16 - 00000000 ____D C:\Program Files\iPod
2016-04-05 06:44 - 2011-12-01 16:20 - 00000000 ____D C:\Program Files\Bonjour
2016-04-05 06:44 - 2011-02-22 10:09 - 00000000 ____D C:\Program Files (x86)\Poladroid
2016-04-05 06:44 - 2010-07-22 11:33 - 00000000 ____D C:\Program Files (x86)\MFInstall
2016-04-05 06:44 - 2010-02-17 04:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-04-05 06:44 - 2010-02-16 18:22 - 00000000 ____D C:\Program Files (x86)\Last.fm
2016-04-05 06:44 - 2010-02-16 16:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-05 06:44 - 2010-02-16 16:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-05 06:44 - 2010-02-14 01:36 - 00000000 ____D C:\Program Files\7-Zip
2016-04-05 06:44 - 2010-02-14 01:23 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-05 06:44 - 2010-02-14 01:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-05 06:44 - 2010-02-14 01:00 - 00000000 ____D C:\Program Files\Cricket
2016-04-05 06:44 - 2009-12-04 19:13 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-04-05 06:44 - 2009-12-04 19:13 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-04-05 06:44 - 2009-12-04 19:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-04-05 06:44 - 2009-12-04 18:59 - 00000000 ____D C:\Program Files (x86)\PictureMover
2016-04-05 06:44 - 2009-12-04 18:44 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-04-05 06:44 - 2009-12-04 18:43 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-04-05 06:44 - 2009-12-04 18:43 - 00000000 ____D C:\Program Files (x86)\hp
2016-04-05 06:44 - 2009-12-04 18:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-05 06:44 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-04-05 06:44 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-05 06:43 - 2016-03-03 18:15 - 00000000 ____D C:\Program Files (x86)\GenealogyJ
2016-04-05 06:43 - 2015-09-07 18:42 - 00000000 ____D C:\Program Files (x86)\Amazon Reviewer Analysis Tool
2016-04-05 06:43 - 2015-05-22 13:07 - 00000000 ____D C:\Program Files (x86)\GUMD6AF.tmp
2016-04-05 06:43 - 2014-08-08 00:47 - 00000000 ____D C:\Program Files (x86)\GanttProject-2.6
2016-04-05 06:43 - 2013-05-17 17:57 - 00000000 ____D C:\Program Files (x86)\Coupons
2016-04-05 06:43 - 2011-12-01 16:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-04-05 06:43 - 2011-12-01 12:11 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-05 06:43 - 2011-05-18 11:47 - 00000000 ____D C:\Program Files (x86)\GetMore
2016-04-05 06:43 - 2010-09-10 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-05 06:43 - 2010-06-16 12:32 - 00000000 ____D C:\Program Files (x86)\Flickr Uploadr
2016-04-05 06:43 - 2010-05-12 01:12 - 00000000 ____D C:\Program Files (x86)\GTK2-Runtime
2016-04-05 06:43 - 2010-05-10 12:23 - 00000000 ____D C:\Program Files (x86)\Cricket Broadband Connect
2016-04-05 06:43 - 2010-03-12 09:33 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2016-04-05 06:43 - 2009-12-04 18:32 - 00000000 ____D C:\hp
2016-04-05 06:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-05 06:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-05 06:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-05 06:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-05 06:39 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Web
2016-04-05 06:39 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Vss
2016-04-05 06:39 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-04-05 06:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-05 06:37 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Performance
2016-04-05 06:37 - 2009-07-13 21:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-04-05 06:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\schemas
2016-04-05 06:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Resources
2016-04-05 06:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-05 06:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PLA
2016-04-05 06:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
2016-04-05 06:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Globalization
2016-04-05 06:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Branding
2016-04-05 06:28 - 2013-07-10 22:09 - 00000000 ____D C:\VP-EYE
2016-04-05 06:27 - 2014-07-01 23:10 - 00000000 ___RD C:\Users\Amby\Dropbox
2016-04-05 06:27 - 2010-12-05 11:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-04-05 06:27 - 2010-12-05 11:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-04-05 06:26 - 2015-07-24 13:27 - 00000000 ____D C:\Users\Amby\Documents\Fax
2016-04-05 06:26 - 2015-06-14 13:17 - 00000000 ____D C:\Users\Amby\Documents\mmc-stable-win32
2016-04-05 06:26 - 2014-12-11 20:01 - 00000000 ____D C:\Users\Amby\Documents\Ella- Mods, Minecraft
2016-04-05 06:26 - 2013-08-08 12:13 - 00000000 ____D C:\Users\Amby\Documents\A.A.D (Blog)
2016-04-05 06:26 - 2012-07-10 18:30 - 00000000 ____D C:\Users\Amby\Documents\MAGIX
2016-04-05 06:25 - 2010-12-22 19:49 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Real
2016-04-05 06:24 - 2010-06-22 17:31 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Flickr
2016-04-05 06:24 - 2010-02-14 01:03 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Macromedia
2016-04-05 06:24 - 2010-02-14 01:03 - 00000000 ____D C:\Users\Amby\AppData\Roaming\Adobe
2016-04-05 06:23 - 2011-11-20 04:27 - 00000000 ____D C:\Users\Amby\AppData\Local\Logitech® Webcam Software
2016-04-05 06:23 - 2011-05-27 22:32 - 00000000 ____D C:\Users\Amby\AppData\Local\Trend Micro
2016-04-05 06:23 - 2010-05-03 21:34 - 00000000 ____D C:\Users\Amby\AppData\Local\Microsoft Games
2016-04-05 06:23 - 2010-02-16 18:23 - 00000000 ____D C:\Users\Amby\AppData\Local\Last.fm
2016-04-05 06:23 - 2010-02-14 18:36 - 00000000 ____D C:\Users\Amby\AppData\LocalLow\Sun
2016-04-05 06:23 - 2010-02-14 00:54 - 00000000 ____D C:\Users\Amby\AppData\Local\VirtualStore
2016-04-05 06:22 - 2010-02-15 12:33 - 00000000 ____D C:\Users\Amby\AppData\Local\Google
2016-04-05 06:20 - 2016-03-03 21:24 - 00000000 ____D C:\Users\Amber\Desktop\assets
2016-04-05 06:20 - 2015-07-23 06:58 - 00000000 ____D C:\Users\Amby\AppData\Local\Dropbox
2016-04-05 06:20 - 2014-09-07 15:59 - 00000000 ____D C:\Users\Amber\AppData\Roaming\.minecraft
2016-04-05 06:20 - 2012-06-07 22:00 - 00000000 ____D C:\Users\Amby\AppData\Local\Amazon
2016-04-05 06:20 - 2010-06-22 17:31 - 00000000 ____D C:\Users\Amby\AppData\Local\Flickr
2016-04-05 06:20 - 2010-02-16 16:07 - 00000000 ____D C:\Users\Amby\AppData\Local\Apple Computer
2016-04-05 06:19 - 2015-05-22 15:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-05 06:19 - 2013-10-05 16:42 - 00000000 ____D C:\Users\Amber\.gimp-2.6
2016-04-05 06:19 - 2013-09-17 19:57 - 00000000 ____D C:\Users\Amber\AppData\Local\Google
2016-04-05 06:19 - 2012-11-29 12:43 - 00000000 ____D C:\Users\Amber\AppData\Local\Microsoft Games
2016-04-05 06:19 - 2012-01-31 09:54 - 00000000 ____D C:\Users\Amber\AppData\Local\Logitech® Webcam Software
2016-04-05 06:19 - 2010-12-23 16:10 - 00000000 ____D C:\SYSTEM.SAV
2016-04-05 06:19 - 2010-12-23 16:10 - 00000000 ____D C:\swsetup
2016-04-05 06:19 - 2010-05-23 16:15 - 00000000 ____D C:\Users\Amber\AppData\LocalLow\Sun
2016-04-05 06:19 - 2010-05-23 11:17 - 00000000 ____D C:\Users\Amber\AppData\Local\VirtualStore
2016-04-05 06:19 - 2010-04-01 13:24 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-04-05 06:19 - 2009-12-04 18:59 - 00000000 ____D C:\ProgramData\PictureMover
2016-04-05 06:18 - 2016-03-03 15:13 - 00000000 ____D C:\ProgramData\Bitdefender
2016-04-05 06:18 - 2015-05-23 15:55 - 00000000 ____D C:\ProgramData\BDLogging
2016-04-05 06:18 - 2013-05-17 17:56 - 00000000 ____D C:\ProgramData\HP
2016-04-05 06:18 - 2012-07-08 03:31 - 00000000 ____D C:\ProgramData\MAGIX
2016-04-05 06:18 - 2010-11-08 13:03 - 00000000 ____D C:\ProgramData\Logitech
2016-04-05 06:18 - 2010-05-10 12:23 - 00000000 ____D C:\ProgramData\BVRP Software
2016-04-05 06:18 - 2010-02-16 18:26 - 00000000 ____D C:\ProgramData\Last.fm
2016-04-05 06:18 - 2010-02-14 01:47 - 00000000 ____D C:\ProgramData\LogiShrd
2016-04-05 06:17 - 2015-09-14 00:57 - 00000000 ____D C:\Program Files\R
2016-04-05 06:17 - 2010-12-05 11:46 - 00000000 ____D C:\ProgramData\Adobe
2016-04-05 06:17 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-05 06:17 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-05 06:17 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-05 06:17 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-05 06:17 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Windows NT
2016-04-05 06:16 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\MSBuild
2016-04-05 06:12 - 2014-07-26 18:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-05 06:12 - 2013-05-17 17:55 - 00000000 ____D C:\Program Files\HP
2016-04-05 06:12 - 2010-02-14 01:47 - 00000000 ____D C:\Program Files\Logitech
2016-04-05 06:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-04-05 06:12 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-05 06:12 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-04-05 06:11 - 2016-03-03 15:12 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-04-05 06:11 - 2016-03-03 13:51 - 00000000 ____D C:\Program Files\Bitdefender
2016-04-05 06:11 - 2015-05-27 14:51 - 00000000 ____D C:\Program Files (x86)\VB
2016-04-05 06:11 - 2012-08-29 21:32 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-04-05 06:11 - 2012-07-12 23:48 - 00000000 ____D C:\Program Files (x86)\Oracle
2016-04-05 06:11 - 2011-11-21 12:12 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-04-05 06:11 - 2009-12-04 19:17 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-04-05 06:11 - 2009-12-04 18:44 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-05 06:11 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-05 06:11 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-05 06:11 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-05 06:11 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-05 06:11 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-04-05 06:10 - 2010-06-30 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft WSE
2016-04-05 06:09 - 2015-06-30 17:34 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-04-05 06:09 - 2012-07-08 03:31 - 00000000 ____D C:\Program Files (x86)\MAGIX
2016-04-05 06:09 - 2011-11-19 11:30 - 00000000 ____D C:\Program Files (x86)\LogiShrd
2016-04-05 06:09 - 2010-02-14 01:49 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-04-05 06:09 - 2009-12-04 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-05 06:08 - 2010-02-14 18:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-05 06:05 - 2015-09-22 23:49 - 00000000 ____D C:\Program Files (x86)\ETS
2016-04-05 06:05 - 2011-05-15 21:24 - 00000000 ____D C:\Program Files (x86)\Gadwin Systems
2016-04-05 06:05 - 2010-02-14 22:32 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-04-05 06:05 - 2009-12-04 18:48 - 00000000 ____D C:\Program Files (x86)\Cyberlink
2016-04-05 06:03 - 2014-08-04 00:27 - 00000000 ___RD C:\MSOCache
2016-04-05 06:03 - 2010-12-05 11:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-05 06:03 - 2010-08-18 09:54 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-04-05 06:03 - 2010-06-30 15:47 - 00000000 ____D C:\Program Files (x86)\Ancestry
2016-04-05 05:50 - 2010-02-14 01:08 - 00000000 ____D C:\Users\Amby\AppData\Local\ElevatedDiagnostics
2016-04-05 05:17 - 2015-05-23 16:37 - 00030823 _____ C:\bdlog.txt
2016-04-05 05:17 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 05:17 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-05 05:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-04-05 04:40 - 2011-05-26 21:08 - 00000000 ____D C:\Windows\Minidump
2016-04-05 00:25 - 2015-05-24 06:45 - 05299200 ___SH C:\Users\Amby\Desktop\Thumbs.db
2016-04-04 21:47 - 2010-02-14 22:33 - 00000000 ____D C:\Users\Amby\AppData\Local\CrashDumps
2016-04-04 21:34 - 2011-05-15 21:24 - 00000000 ____D C:\Users\Amby\Documents\PrintScreen Files
2016-04-03 13:54 - 2016-03-08 21:33 - 00000000 ____D C:\Users\Amber\Downloads\Skins
2016-04-02 13:17 - 2014-07-02 06:45 - 00000000 __SHD C:\Users\Amber\AppData\LocalLow\EmieSiteList
2016-04-01 19:32 - 2010-12-05 11:46 - 00000000 ____D C:\Users\Amby\AppData\Local\Adobe
2016-04-01 19:31 - 2015-05-30 22:47 - 00000000 ____D C:\Users\Amby\Downloads\Bitdefender Safepay
2016-04-01 02:27 - 2011-05-18 15:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 02:12 - 2015-07-23 06:58 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job
2016-03-31 20:37 - 2016-03-03 21:46 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAmby
2016-03-31 20:37 - 2016-03-03 21:46 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAmby.job
2016-03-31 17:16 - 2011-05-18 15:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-31 10:06 - 2010-02-15 11:46 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2016-03-31 07:09 - 2015-07-23 06:58 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job
2016-03-30 17:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-30 13:30 - 2016-03-03 15:06 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-28 22:36 - 2013-11-03 12:47 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DB1F562D-752E-4F9C-95F0-4C4A68709590}
2016-03-27 11:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-03-26 04:28 - 2009-07-13 21:45 - 01438064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-26 03:24 - 2014-07-02 05:55 - 00000000 ____D C:\Windows\system32\MRT
2016-03-26 03:04 - 2010-02-14 16:07 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-25 16:32 - 2015-05-23 05:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-25 16:32 - 2014-07-02 06:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-23 22:56 - 2010-02-14 01:24 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-03-23 08:23 - 2010-03-19 15:07 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-03-23 08:13 - 2011-02-03 09:32 - 00873472 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-23 05:09 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\0409
2016-03-23 04:59 - 2009-12-04 18:44 - 00000000 ____D C:\Program Files (x86)\Temp
2016-03-17 05:59 - 2016-03-03 15:17 - 00290032 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-03-14 13:51 - 2014-07-26 20:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-09 18:51 - 2015-12-01 13:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-05-22 13:07 - 2015-05-22 13:07 - 6420480 _____ () C:\Program Files (x86)\GUTE179.tmp
2015-05-24 01:27 - 2015-08-13 15:37 - 0009372 _____ () C:\Users\Amby\AppData\Roaming\Comma Separated Values.EML
2011-02-22 10:10 - 2014-07-06 15:33 - 0000472 _____ () C:\Users\Amby\AppData\Roaming\Poladroid prefs.plist
2015-05-27 15:24 - 2016-01-10 20:58 - 0002824 _____ () C:\Users\Amby\AppData\Roaming\VoiceMeeterDefault.xml
2010-08-16 12:26 - 2010-12-13 20:21 - 0000630 _____ () C:\Users\Amby\AppData\Roaming\wklnhst.dat
2013-10-24 07:10 - 2013-10-24 07:12 - 0006656 _____ () C:\Users\Amby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 17:35 - 2016-04-03 17:35 - 0000717 _____ () C:\Users\Amby\AppData\Local\recently-used.xbel
2011-05-21 16:45 - 2011-05-21 16:46 - 0007597 _____ () C:\Users\Amby\AppData\Local\resmon.resmoncfg
2012-07-18 02:35 - 2012-07-18 02:35 - 0367724 _____ () C:\Users\Amby\AppData\Local\tmpIPHONE 369-POLA01.0
2012-07-18 02:35 - 2012-07-18 02:35 - 0242515 _____ () C:\Users\Amby\AppData\Local\tmpIPHONE 369-POLA01.1
2012-07-18 02:35 - 2012-07-18 02:35 - 0241436 _____ () C:\Users\Amby\AppData\Local\tmpIPHONE 369-POLA01.2
2012-07-18 02:35 - 2012-07-18 02:35 - 0245944 _____ () C:\Users\Amby\AppData\Local\tmpIPHONE 369-POLA01.JPG
2011-02-08 12:19 - 2011-02-08 12:19 - 2854122 _____ () C:\Users\Amby\AppData\Local\tmpPARKER ICE CREAM DAY 002.0
2011-02-08 12:19 - 2011-02-08 12:19 - 0728036 _____ () C:\Users\Amby\AppData\Local\tmpPARKER ICE CREAM DAY 002.JPG
2011-12-15 23:25 - 2011-12-15 23:25 - 2400635 _____ () C:\Users\Amby\AppData\Local\tmpWINTER 010.0
2011-12-15 23:25 - 2011-12-15 23:25 - 0647643 _____ () C:\Users\Amby\AppData\Local\tmpWINTER 010.JPG
2016-03-03 15:22 - 2016-03-03 15:22 - 0416962 _____ () C:\ProgramData\1457043157.bdinstall.bin
2016-03-22 09:25 - 2016-03-22 09:25 - 0025970 _____ () C:\ProgramData\1458663909.bdinstall.bin
2016-03-29 03:10 - 2016-03-29 03:10 - 0025968 _____ () C:\ProgramData\1459246222.bdinstall.bin
2016-03-29 03:10 - 2016-03-29 03:10 - 0025968 _____ () C:\ProgramData\1459246231.bdinstall.bin
2016-03-31 13:11 - 2016-03-31 13:11 - 0025969 _____ () C:\ProgramData\1459455083.bdinstall.bin
2010-05-10 12:23 - 2010-05-10 12:23 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpeFAD.dll
2015-09-07 18:43 - 2015-09-07 18:43 - 0000118 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\hpeFAD.dll


Some files in TEMP:
====================
C:\Users\Amby\AppData\Local\Temp\msvcp110.dll
C:\Users\Amby\AppData\Local\Temp\msvcr110.dll
C:\Users\Amby\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Amby\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 00:39

==================== End of FRST.txt ============================

#5 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 05:12 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Amby (2016-04-08 02:44:54)
Running from C:\Users\Amby\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-14 07:50:12)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1118247773-2797080340-1104804865-500 - Administrator - Disabled)
Amber (S-1-5-21-1118247773-2797080340-1104804865-1001 - Limited - Enabled) => C:\Users\Amber
Amby (S-1-5-21-1118247773-2797080340-1104804865-1000 - Administrator - Enabled) => C:\Users\Amby
Guest (S-1-5-21-1118247773-2797080340-1104804865-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1118247773-2797080340-1104804865-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Amazon Cloud Drive (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Amazon Cloud Drive) (Version: 2.4.1.20 - Amazon Digital Services, LLC.)
Amazon Kindle (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Reviewer Analysis Tool 3.12.1 (HKLM-x32\...\Amazon Reviewer Analysis Tool) (Version: 3.12.1 - kghodges software)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.1.0.124 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.1.0.124 - Amazon.com) Hidden
Ancestry World Archives Project - Keying Tool (HKLM-x32\...\{A0C7647C-8DCD-4446-A48D-E595ABD7E15B}) (Version: 1.1.0069 - Ancestry.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.25.1378 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.25.1378 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cricket Broadband Connect (HKLM-x32\...\{6336C0CC-BA32-4949-9D3D-C86B76147CCA}) (Version: 1.33 - Avanquest Software)
Cricket EVDO Modem (HKLM\...\{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}) (Version: 1.1.3683.1001 - Cal-Comp Electronics and Communications Company Limited)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Flickr Uploadr 3.2.1 (HKLM-x32\...\Flickr Uploadr) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.2.0.303 - Foxit Corporation)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.6 - Gadwin Systems, Inc.)
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
GenealogyJ 6755 (HKLM-x32\...\GenealogyJ 6755) (Version: 6755 - )
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.54 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GrampsAIO64 (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\GrampsAIO64 4.2.1) (Version: 4.2.1 - The GRAMPS project)
Graphviz (HKLM-x32\...\{80F0B640-3A5E-45B6-ACA0-445AFF78CE85}) (Version: 2.26 - AT&T Research Labs)
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.16.6-2010-02-24-ash - Alexander Shaduri)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Heimdal (HKLM-x32\...\Heimdal) (Version: 1.10.5.0 - CSIS Security Group)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{1A570BFA-D775-47EE-8071-06E9559C14F5}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LG VZW United Drivers (HKLM-x32\...\{AB43784D-1EE5-4111-95C8-918B25EFDC4B}) (Version: 2.22.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc. Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.0) (Version: 12.0.1278 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.3 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.3 - MAGIX AG) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.)
Mobile PhoneTools (x32 Version: 3.55 - BVRP Software) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version: - )
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MS Access 97 SP2 (HKLM-x32\...\MS Access 97 SP2) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFonts Order M1805396 (A) (HKLM-x32\...\{A9312A11-3FCB-6A45-543C-9B74E7C14F8E}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 ( B) (HKLM-x32\...\{6E2CE831-93F3-8A3C-9DE1-B7237C5A3414}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (C-D) (HKLM-x32\...\{6E1653CD-ED27-0B25-D61F-F81228973E96}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (E-F) (HKLM-x32\...\{B4A639E7-CBD0-3E92-1C61-B8BE32E33201}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (G-H) (HKLM-x32\...\{4F27E580-824B-9100-AD70-BC2D93651553}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (I-K) (HKLM-x32\...\{7292FB61-8651-7417-8EF4-9677F90BF4F8}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (N-O) (HKLM-x32\...\{A481E71D-2DAB-57C9-FFE3-9447CF4F7AA7}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (P) (HKLM-x32\...\{6C344CB3-4AAE-12CC-9C3A-EA23F5A4AE41}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (Q-R) (HKLM-x32\...\{73E7A3CF-9AAB-3193-3351-478565161A8D}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (S) (HKLM-x32\...\{825EAB1D-EAF0-5A97-E64F-95C8B0426C3F}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (T-V) (HKLM-x32\...\{01810D07-B425-94EC-26B6-CA9415A01567}) (Version: 1.0 - MyFonts.com, Inc.)
MyFonts Order M1805396 (W-Z) (HKLM-x32\...\{A212E1EC-9CB5-F9E0-CC56-B808E2D045B1}) (Version: 1.0 - MyFonts.com, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
PANTECH USB Modem V2 (HKLM\...\{1C336D20-A089-4818-9C56-96AD81BF5A11}) (Version: 1.2.3937.1022 - PANTECH CO.,LTD)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Python 2.6 pycairo-1.8.6 (HKLM-x32\...\pycairo-py2.6) (Version: - )
Python 2.6 pygobject-2.20.0 (HKLM-x32\...\pygobject-py2.6) (Version: - )
Python 2.6 pygobject-2.20.0 (HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\pygobject-py2.6) (Version: - )
Python 2.6 pygtk-2.16.0 (HKLM-x32\...\pygtk-py2.6) (Version: - )
Python 2.6.5 (HKLM-x32\...\{4723f199-fa64-4233-8e6e-9fccc95a18ee}) (Version: 2.6.5150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R for Windows 3.2.2 (HKLM\...\R for Windows 3.2.2_is1) (Version: 3.2.2 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: - )
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Tablet Driver V8.01 (HKLM-x32\...\TabletDriver) (Version: - )
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Amby\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amby\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D2E9A2D-1EB1-4DF2-9AEA-FA035ECFD254} - System32\Tasks\{ABE8B27B-890F-4771-BB16-D8210F42940D} => C:\Program Files (x86)\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe
Task: {1026806E-A498-4E65-AD2E-EBC2EB993871} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {10FBC09F-78A3-41F2-9015-7C69E2123099} - System32\Tasks\{2D904F72-B945-4D4A-B280-CED097E04DE5} => pcalua.exe -a E:\VP-EYE4.0\Setup.exe -d E:\VP-EYE4.0
Task: {12458E72-38B6-479C-B194-EE4CEA8D594C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {173A89F4-FEBD-47D7-AE66-A41DBC19DA56} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {1ADCBA8A-7104-49BD-9267-0EED3DE39269} - System32\Tasks\{AD392F81-119C-454E-A2B3-EDAB44DEC905} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {27F1A88C-7DC1-4A01-BCBE-BCDC2B480BD4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {3381068F-BF19-4E0D-A718-A82DB9FF8E3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3643714F-F609-4974-90AD-2698CB333470} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
Task: {4349E8B3-032F-4AB0-9EF1-2E8D0BB000FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C1EAA99-C561-42AC-941C-B91BDDA930B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core => C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {51A2B820-7769-49E7-AD58-E28AECE25D8F} - System32\Tasks\{7AC58962-433F-4C7F-A475-AE3B7E2A9897} => C:\Python26\pythonw.exe [2010-03-19] ()
Task: {5F6A1B44-3FE5-46C0-808C-F4E9335AA66B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {6D13DA29-4721-4EE7-AEDF-1D9952325D38} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {79E1A00E-FC2F-4D9B-933E-8AEC61AD594C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {7DEE858D-FFCB-4303-AE79-24A84EFA1985} - System32\Tasks\{CF0CF1D0-7970-44D7-B712-6E9F938182C4} => pcalua.exe -a "C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe" -d "C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GomezPEER"
Task: {802CFB27-A876-4627-884E-499F7FD4E2F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {80FF56D8-5ADA-4A89-B808-675E44CBE478} - System32\Tasks\{5BB5BABE-D4C3-459F-B8DD-349B95BF8CBD} => C:\Program Files (x86)\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe
Task: {84589E82-C73E-4E8D-B29F-7B867BFB2635} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {8464D6E2-A999-4659-9FB0-A4AF2BA2C8D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8EE11B3B-2FF2-49F5-B43B-4DA99949C5B7} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {8F16B134-50F1-49D2-82E1-AC98E6D14A3D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1118247773-2797080340-1104804865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {981D7CD9-3C62-47B7-ABEB-53D1513867BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core => C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-23] (Dropbox, Inc.)
Task: {994A3032-D173-4818-BE23-5B793B7F6DEF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA => C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-23] (Dropbox, Inc.)
Task: {9A281333-B1CA-4948-B84C-E8E520C3B6BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {9C910B5B-857C-4221-B412-0E887920C7DA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {A29193DE-3885-4831-B7EB-57DF76CF7D25} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA => C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {BC86AD26-4A34-4909-9F78-4DF27B849D72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C07E5834-266F-491E-A28A-5A3F51B496A7} - System32\Tasks\HPCeeScheduleForAmby => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C1A6D57A-95E8-464F-B328-CF0672B600F5} - System32\Tasks\{A75B0EEF-A798-48AF-A22A-B1AB5009BDE3} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {C874F4C8-D637-4969-AD5B-4D11D7C3BF5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {C9EA9D44-FFF3-4094-BB31-B6EB6390029B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1118247773-2797080340-1104804865-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D43C8952-81D1-4CF0-969D-23B878A71A76} - System32\Tasks\{86038C92-C59E-4AFB-BEF0-03A7B9DE2022} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\setup.exe" -c -runfromtemp -l0x0409
Task: {DE04EC44-D013-42FA-9E37-171ADD2B8ABB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-22] (Google Inc.)
Task: {E6D7D467-8D05-4E75-A32B-6C0C3BAB342D} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {EA24BABE-B79F-41A3-921B-137C1D675C1E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {F1666F42-861F-4C64-93DF-ADEAC8966BB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.)
Task: {F3613F84-B947-4E51-A331-41921A3AA819} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {F6CBD024-9FC0-4B09-8309-D02AD861F210} - System32\Tasks\{7E931A55-E1DF-421E-9F02-EB52C6D3C32C} => pcalua.exe -a C:\Users\Amby\AppData\Roaming\.minecraft\mods\forge-1.7.2-10.12.2.1147-installer-win.exe -d C:\Users\Amby\AppData\Roaming\.minecraft\mods
Task: {F882C175-4075-42DF-8078-8163E0D2D586} - System32\Tasks\{3443FFD0-228B-4A5C-B759-01B8EE45882A} => Chrome.exe
Task: {FC50D3B7-9039-4B07-AB04-9E36ED940019} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {FF8F325E-ADFE-4D89-9C24-FF3E376C7578} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job => C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job => C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job => C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job => C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAmby.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:35 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-30 03:35 - 2015-09-01 05:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-08-18 02:24 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Amby\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-18 02:24 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Amby\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Amby\Downloads\MatchMaker221HD.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-04-01 02:10 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ADVService => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Trend Micro SafeSync.lnk => C:\Windows\pss\Trend Micro SafeSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots Daily Features.lnk => C:\Windows\pss\Webshots Daily Features.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WebshotsWidget.lnk => C:\Windows\pss\WebshotsWidget.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync =>
MSCONFIG\startupreg: Google Update => "C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NortonOnlineBackupReminder =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: WsdtReplacer =>
MSCONFIG\startupreg: {9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B} => "C:\Program Files (x86)\Cricket Broadband Connect\AvqAutoRun.exe" "C:\Program Files (x86)\Cricket Broadband Connect\mphonetools.exe" /OnPlug=%s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMPTRAP-In-UDP] => (Block) %SystemRoot%\system32\snmptrap.exe
FirewallRules: [SNMPTRAP-In-UDP-NoScope] => (Block) %SystemRoot%\system32\snmptrap.exe
FirewallRules: [WMP-In-UDP-x86] => (Block) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Block) %ProgramFiles%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-QWave-In-UDP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-QWave-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-In-UDP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP-NoScope] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMPNSS-WMP-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-In-UDP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [WMPNSS-In-TCP] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PNRPMNRS-PNRP-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PNRPMNRS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-VDS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP-NoScope] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RVM-VDS-In-TCP] => (Block) %SystemRoot%\system32\vds.exe
FirewallRules: [RVM-VDSLDR-In-TCP] => (Block) %SystemRoot%\system32\vdsldr.exe
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Collab-P2PHost-In-TCP] => (Block) %SystemRoot%\system32\p2phost.exe
FirewallRules: [Collab-P2PHost-WSD-In-UDP] => (Block) %SystemRoot%\system32\p2phost.exe
FirewallRules: [Collab-PNRP-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Collab-PNRP-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [FPS-SpoolSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [FPS-SpoolSvc-In-TCP] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [FPS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-DHCP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-DHCPV6-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-Teredo-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PerfLogsAlerts-PLASrv-In-TCP-NoScope] => (Block) %systemroot%\system32\plasrv.exe
FirewallRules: [PerfLogsAlerts-DCOM-In-TCP-NoScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [MsiScsi-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MsiScsi-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMI-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMI-WINMGMT-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMI-ASYNC-In-TCP-NoScope] => (Block) %systemroot%\system32\wbem\unsecapp.exe
FirewallRules: [WMI-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMI-WINMGMT-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WMI-ASYNC-In-TCP] => (Block) %systemroot%\system32\wbem\unsecapp.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteSvcAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteSvcAdmin-In-TCP] => (Block) %SystemRoot%\system32\services.exe
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteTask-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-In-TCP-NoScope] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-KTMRM-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-In-TCP] => (Block) %SystemRoot%\system32\msdtc.exe
FirewallRules: [MSDTC-KTMRM-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MSDTC-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP-NoScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteFwAdmin-RPCSS-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [WPDMTP-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-SSDPSrv-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-In-TCP] => (Block) %SystemRoot%\ehome\ehshell.exe
FirewallRules: [MCX-QWave-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-QWave-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-In-UDP] => (Block) %SystemRoot%\ehome\ehshell.exe
FirewallRules: [{9B25FCC6-AC10-4639-BD45-4DD50F7CF909}] => (Block) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C904700A-4C69-489E-8FD0-2CF5E7DA34AC}] => (Block) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{FE289F61-6449-42F5-9C18-921D8349C03B}] => (Block) svchost.exe
FirewallRules: [{D0C897E4-51A0-480E-AF31-B040B221A1CC}] => (Block) C:\Users\Amby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{AB6F5936-547E-46AA-969A-0D0A7547B4D5}] => (Block) C:\Users\Amby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{62FB6EFD-AB92-44C1-97F7-079BA1D9E694}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{63260E26-3031-4C49-8794-D8C52DA0B309}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{833AE267-7DC6-455A-A459-355E44132312}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{4A4E9701-691A-45AE-910C-43B43EAADA6C}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{8D91EC3C-E46A-4822-A2B7-B77BD370B5BE}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [TCP Query User{C68620DE-BFBA-4C44-9570-D409FD44FFB9}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{4633B1CB-9550-4BF5-AA85-96EDD499B361}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{B46656D2-8119-4EB4-8CC2-4F9F4DD40A2A}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{6211722E-9BEE-45CB-8E0E-432C8BC849A3}] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [{E2B1AC4E-90EC-4D05-A219-15E6EA7A2DFC}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{F4B1804C-22BD-4FDE-AC38-28E8A7FC0BE3}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{294730C2-451A-4347-8272-F8DB741D0A61}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{B05A43E5-ACDD-4B8B-9F77-B8FC589B773C}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{7CAFAED6-8E62-48EA-AF53-9956EFADE759}] => (Block) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{6133349D-9043-4F54-B44B-2A68412390C5}] => (Block) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [TCP Query User{0B5F03D9-3375-43D0-99C7-ED9F6CCEFC56}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{3D9B7BAA-E870-470B-A759-F4C4470C5936}C:\program files (x86)\logitech\vid hd\vid.exe] => (Block) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{03A7D3A1-C88B-49D2-8679-345BB064FF49}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{6AF4E752-B0CC-4D70-B923-C9F7765645EF}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{27B98ED0-2949-4CC0-8AB5-8302F263A055}] => (Block) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82810C3C-46C6-475C-B80F-DD79651206DA}] => (Block) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BE3B0B5C-6E09-4786-A669-4B8F6E0860D6}] => (Block) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BD47BFF9-1CDB-48A0-A50E-2A6D7AD5DD23}] => (Block) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F80D05B8-7CC8-4BD2-8BDE-7436551F4519}] => (Block) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3AA96227-B5A4-4914-B2BB-1538DF3FEF33}] => (Block) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{FC9916BF-6FF1-461E-BC0C-9F76BCC6A2E1}] => (Block) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{B601060F-1DDE-4F97-9A6D-25FB2AA94DE6}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{E4D56CE1-C81D-44EA-BA75-596BC39EB2CC}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{9BD1B100-29B0-4910-92BA-C99286F67933}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{55ABF953-7F56-487C-AA53-1CC8AB509E74}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{FAA551C7-0D4E-4791-9060-67ACBAB1F2C3}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{53A7897B-E3BC-4885-9F82-D1F086489B7F}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{F1624917-663C-418D-B475-4C027A3BDF09}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{566AFFD0-2BF5-4BC0-A3EF-AE0F9EB14D33}] => (Block) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{C90565F4-1A3D-4493-A313-C2ABE3484E11}] => (Block) svchost.exe
FirewallRules: [{FEF4A397-8479-48CE-9252-038CBBF2C9DE}] => (Block) svchost.exe
FirewallRules: [{AFDC7132-5AAE-4677-A72D-7EA0107F124C}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [TCP Query User{2B1910D5-3525-422A-A269-B9FD81477931}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [UDP Query User{817B42D7-C269-429C-945F-271DBD6CB479}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{59A70C34-9D15-45BF-AE8C-1A5CFCD13B82}] => (Block) LPort=65535
FirewallRules: [{77DBCEDB-7744-46ED-BF68-67FACFE3886F}] => (Block) LPort=65432
FirewallRules: [{F4C2B635-E92A-49C7-A414-B2C81EAE5143}] => (Block) LPort=65535
FirewallRules: [{E2B7BB26-0D95-47A1-8358-664C67DFE301}] => (Block) LPort=65432
FirewallRules: [{DBF4353D-0773-4EB9-8343-CBBD03F23B2C}] => (Block) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{49F97042-8287-43E8-A1CF-6FB8FF4A127A}] => (Allow) C:\Users\Amby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{B6AFFBC3-ABCC-46BF-A977-8A0E5657555C}] => (Allow) C:\Users\Amby\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{5D6BF516-C249-4119-ACA3-44547608AE2B}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{600533A0-234D-4CCF-A851-E6F3296A17DF}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{F6BAEC30-E369-47C4-A1C6-FE6A376FFD00}] => (Block) %ProgramFiles%\Windows Media Player\wmplayer.exe
FirewallRules: [{C463E3DC-6DE9-47C4-B0CA-6B89A2874D18}] => (Block) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{AEBECCE2-F64C-4CE6-B3D0-7B5FD08644EB}] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [{A690C0EF-4098-41DD-A21D-70B0EF39118A}] => (Block) %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
FirewallRules: [{C17C2B66-A561-46C9-838F-FD91A1D0132E}] => (Block) %PROGRAMFILES%\Windows Media Player\wmplayer.exe
FirewallRules: [{9A971863-396D-424C-973F-C4244BB77922}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{9DFC5513-50B3-4347-B679-A0A598E895C6}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{66338C35-C547-459E-8DE3-AB0444FBC6B9}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{977634F1-59EA-4440-8A98-ED259C9B3F48}] => (Allow) C:\Users\Amby\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{97B8ABA6-E3CC-4861-A1F7-01918BF5594B}] => (Allow) C:\Users\Amby\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{D9C917D1-DCCD-437E-9030-7FD3F782E7AB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{CBFA7186-A7B9-489D-B44C-38535937ECD1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{410C058F-19DC-4215-871C-BEB2F8D23EB4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{5E2DE746-4B6E-461D-AAF7-4C7A809DEBD7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{94A0D64A-19BD-4454-9A33-E34394C844AD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{2EE2260F-CC5D-463D-A5D8-E11821A1570F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9627E5D5-0725-483E-BE1D-A7EFF1E30589}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{060B06EE-3A60-4CAD-A5CD-5F6AFA95FECB}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{374B70D6-6688-4C91-A8B0-9E66D99A8CD1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8C4205E8-6383-4AF9-A23B-5F7DF164EDC3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9D0001B1-8A3A-46E1-BEFF-E135A198E50E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{08F1CFC3-D241-4AAA-8FE3-F524704D01EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F407F190-4DF9-44F6-BA7F-F1F858675204}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{8D620DA4-7BFA-432E-B980-303D429484A5}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{EA3EA1EB-390D-4724-8379-ED186B06083B}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{EF8C0740-0874-4C27-B05E-85D7490E9108}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{608B90D4-E21B-4BBE-8E3A-4E1EFBBDA664}] => (Block) c:\program files (x86)\microsoft\bingbar\seaport.exe
FirewallRules: [{14F7B2F9-E2E0-4049-823C-FDDF2E7F9200}] => (Block) c:\program files (x86)\microsoft\bingbar\seaport.exe
FirewallRules: [{5C81D777-8CE0-47C2-B769-D2F7FC00233A}] => (Block) c:\users\amby\appdata\local\dropbox\update\dropboxupdate.exe
FirewallRules: [{500DD594-ECAC-455D-9EF1-972FEDB4FE8F}] => (Block) c:\users\amby\appdata\local\dropbox\update\dropboxupdate.exe
FirewallRules: [{3A584140-DE29-4C1C-8B12-582527F16909}] => (Block) c:\windows\ehome\mcupdate.exe
FirewallRules: [{8A3AF80A-9B77-4991-9978-E7D6399D78BE}] => (Block) c:\windows\ehome\mcupdate.exe
FirewallRules: [{A1E5DA18-6112-4510-9153-33905CB21EB4}] => (Block) c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
FirewallRules: [{1F15B021-EEA2-495C-A135-AE1BE905A952}] => (Block) c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
FirewallRules: [{14DD7542-E452-4BFD-8396-575613BC721A}] => (Block) c:\users\amby\appdata\local\google\update\googleupdate.exe
FirewallRules: [{2429295F-B281-4BEF-8231-348620151693}] => (Block) c:\users\amby\appdata\local\google\update\googleupdate.exe
FirewallRules: [{F7E9DD38-3D7D-401E-A441-F6005C295E8A}] => (Block) c:\program files\microsoft office 15\clientx64\officec2rclient.exe
FirewallRules: [{EEEC3283-C1AD-4A9B-AAEF-03F199D33019}] => (Block) c:\program files\microsoft office 15\clientx64\officec2rclient.exe

==================== Restore Points =========================

03-04-2016 16:17:44 Installing COMODO Firewall
03-04-2016 16:21:06 Device Driver Package Install: COMODO Network Service
04-04-2016 12:21:12 Removed dupeGuru
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: ignis Service
Description: ignis Service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ignis
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: VB-Audio VoiceMeeter VAIO
Description: VB-Audio VoiceMeeter VAIO
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: VB-Audio Software
Service: VBAudioVMVAIOMME
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2016 05:17:07 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/05/2016 05:15:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program systempropertiesremote.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 102c

Start Time: 01d18f3477dd3403

Termination Time: 16

Application Path: C:\Windows\system32\systempropertiesremote.exe

Report Id: 136ec673-fb28-11e5-82b9-d905d989d0b4

Error: (04/05/2016 05:02:07 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={633323DC-AFB9-4CAB-8F8A-16EB2D414DAD}: The user Sexy-bleep\Amby dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/05/2016 05:01:06 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={BEA5714D-DC34-4420-B52B-71C25AFF9278}: The user Sexy-bleep\Amby dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/05/2016 04:58:42 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={9C80CC0B-6A77-4431-BBB4-C8984CA4ED73}: The user Sexy-bleep\Amby dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/05/2016 04:58:34 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={1E32447F-74C3-4713-B755-A9BEF3636CBD}: The user Sexy-bleep\Amby dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/05/2016 04:53:46 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7064B4FE-F973-41B7-AAF7-9DA80BC6ED8B}: The user Sexy-bleep\Amby dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (04/05/2016 04:09:42 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/05/2016 03:58:40 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/04/2016 11:06:58 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


System errors:
=============
Error: (04/08/2016 02:41:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (04/08/2016 02:41:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (04/08/2016 02:41:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (04/08/2016 02:35:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (04/08/2016 02:35:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/08/2016 02:35:24 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/08/2016 02:35:14 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/08/2016 02:35:02 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/08/2016 02:34:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
BDVEDISK
discache
epp
gzflt
ignis
spldr
trufos
Wanarpv6

Error: (04/08/2016 02:34:47 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8157.18 MB
Available physical RAM: 5750.96 MB
Total Virtual: 16312.57 MB
Available Virtual: 13517.3 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.81 GB) (Free:473.56 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.61 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 05:58 AM

Gary - the exe loaded into my browser (chrome) and did not do a pre-scan. I just clicked the scan button. Is this normal?

RogueKiller V12.1.1.0 [Apr 4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Amby [Administrator]
Started from : C:\Users\Amby\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/08/2016 03:54:39

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AGI -> Found
[PUP] (X64) HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUP] (X86) HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUP] (X64) HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUP] (X86) HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {0BC6E3FA-78EF-4886-842C-5A1258C4455A} : -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[PUP][Folder] C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} -> Found
[PUP][Folder] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found
[PUP][Folder] C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][CHROME:Addon] Default : Alexa Traffic Rank [cknebhggccemgcnbidipinkifmmegdel] -> Found
[PUP][CHROME:Addon] Default : Cloud Save [dlbemabjbfhjcccahjioenmkgimjbbkd] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-65M2B0 ATA Device +++++
--- User ---
[MBR] fada4d6f4f33c617c931df6661dfaf8c
[BSP] 814bff59d618ed61af2369b3a556eb6d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 942905 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1931276288 | Size: 10862 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

#7 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 06:06 AM

Here is the last bit. God speed!

Attached Files



#8 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 07:47 AM

Here is some more diagnostic info (not software related) Name/object/Groups ran and checked [copied verbatim]
 
SEXY-bleep\Users
This Organization Certificate
TERMINAL SERVER USER
SYSTEM
SERVICE
REMOTE INTERACTIVE LOGON
SEXY-bleep\Performance Monitor Users
SEXY-bleep\Performance Log Users
OWNER RIGHTS
NETWORK SERVICE
NETWORK
LOCAL SERVICE
Local account and member of Administrators group
Local account
IUSR
INTERACTIVE
SEXY-bleep\IIS_IUSRS
SEXY-bleep\HomeUsers
SEXY-bleep\HomeGroupUser$
SEXY-bleep\Guests
SEXY-bleep\Guest [2nd entry with disconnect icon]
Everyone
SEXY-bleep\Event Log Readers
SEXY-bleep\Distributed COM Users
DIALUP
CREATOR OWNER
CREATOR GROUP
CONSOLE LOGON
BATCH
BATCH
Authenticated Users
ANONYMOUS LOGON
SEXY-bleep\Amby
SEXY-bleep\Amber
SEXY-bleep\Administrators
SEXY-bleep\Administrator [2nd entry with disconnect icon]
 
 
 
 

 

FYI: The remote hacking is happening in safe mode, right now, before my eyes.

For those who do not know: It IS possible to be hacked in safe mode --- this is not a fail safe.


Edited by grrrl2, 08 April 2016 - 07:49 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:06 AM

Posted 08 April 2016 - 11:19 AM

Hi Amber, thank you for the information. The RogueKiller report gave us what we wanted.

There is so much stuff on your computer it is hard to know what is legitimate and what is not. By that I mean what you intentionally installed and what may have been added without your knowledge.

Are you aware of this program on your computer?

GomezPEER

Based on your description of events I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {c16f70d3-5ae0-11df-9ea9-e0cb4e3160b3} - J:\Start.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {d9c4b6fa-193c-11df-a0ab-e0cb4e3160b3} - J:\start.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
URLSearchHook: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {73ea9fa8-3839-41f3-af23-09f7abef23bb} URL = hxxp://isearch.shopathome.com?user_id={b736463f-79b1-41f1-bfbf-001d00a4f5b8}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\plugins/screen_capture.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S1 epp; \??\E:\bin64\epp.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Program Files (x86)\Coupons
2015-05-22 13:07 - 2015-05-22 13:07 - 6420480 _____ () C:\Program Files (x86)\GUTE179.tmp
C:\ProgramData\hpeFAD.dll
2016-04-05 06:43 - 2015-05-22 13:07 - 00000000 ____D C:\Program Files (x86)\GUMD6AF.tmp
Task: {C1A6D57A-95E8-464F-B328-CF0672B600F5} - System32\Tasks\{A75B0EEF-A798-48AF-A22A-B1AB5009BDE3} => pcalua.exe -a E:\SETUP.EXE -d E:\
  • Launch FRST and press the Fix button just once
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • Zoek report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 12:51 PM

 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Amby (2016-04-08 10:41:50) Run:1
Running from C:\Users\Amby\Desktop
Loaded Profiles: Amby (Available Profiles: Amby & Amber)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {c16f70d3-5ae0-11df-9ea9-e0cb4e3160b3} - J:\Start.exe
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\...\MountPoints2: {d9c4b6fa-193c-11df-a0ab-e0cb4e3160b3} - J:\start.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
URLSearchHook: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKLM-x32 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b990cb1de-603a-42d1-8fa2-938752d41d6c%7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {73ea9fa8-3839-41f3-af23-09f7abef23bb} URL = hxxp://isearch.shopathome.com?user_id={b736463f-79b1-41f1-bfbf-001d00a4f5b8}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> {75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Toolbar: HKU\S-1-5-21-1118247773-2797080340-1104804865-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\plugins/screen_capture.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S1 epp; \??\E:\bin64\epp.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Program Files (x86)\Coupons
2015-05-22 13:07 - 2015-05-22 13:07 - 6420480 _____ () C:\Program Files (x86)\GUTE179.tmp
C:\ProgramData\hpeFAD.dll
2016-04-05 06:43 - 2015-05-22 13:07 - 00000000 ____D C:\Program Files (x86)\GUMD6AF.tmp
Task: {C1A6D57A-95E8-464F-B328-CF0672B600F5} - System32\Tasks\{A75B0EEF-A798-48AF-A22A-B1AB5009BDE3} => pcalua.exe -a E:\SETUP.EXE -d E:\
*****************
 
"HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16f70d3-5ae0-11df-9ea9-e0cb4e3160b3}" => key removed successfully
HKCR\CLSID\{c16f70d3-5ae0-11df-9ea9-e0cb4e3160b3} => key not found. 
"HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9c4b6fa-193c-11df-a0ab-e0cb4e3160b3}" => key removed successfully
HKCR\CLSID\{d9c4b6fa-193c-11df-a0ab-e0cb4e3160b3} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}" => key removed successfully
HKCR\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}" => key removed successfully
HKCR\Wow6432Node\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} => key not found. 
"HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}" => key removed successfully
HKCR\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} => key not found. 
"HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73ea9fa8-3839-41f3-af23-09f7abef23bb}" => key removed successfully
HKCR\CLSID\{73ea9fa8-3839-41f3-af23-09f7abef23bb} => key not found. 
"HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}" => key removed successfully
HKCR\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26} => key not found. 
HKU\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll => moved successfully
C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found.
C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL => not found.
C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => not found.
C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.2.5_0\plugins/screen_capture.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => not found.
C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully
b06bdrv => service removed successfully
epp => service removed successfully
PcdrNdisuio => service removed successfully
Tablet2k => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => moved successfully
C:\Program Files (x86)\Coupons => moved successfully
C:\Program Files (x86)\GUTE179.tmp => moved successfully
C:\ProgramData\hpeFAD.dll => moved successfully
C:\Program Files (x86)\GUMD6AF.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1A6D57A-95E8-464F-B328-CF0672B600F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1A6D57A-95E8-464F-B328-CF0672B600F5}" => key removed successfully
C:\Windows\System32\Tasks\{A75B0EEF-A798-48AF-A22A-B1AB5009BDE3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A75B0EEF-A798-48AF-A22A-B1AB5009BDE3}" => key removed successfully
 
==== End of Fixlog 10:41:51 ====


#11 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 01:02 PM

Bitdefender, nor any of the other programs are currently running. 

 

Just tried running combofix - it said it was backing up some drive I didn't recognize, then a pop-up for gadwin printscreen said "The capture has been Voided" and they both closed.

 

I ran it as admin a second time and after 15 seconds it said something about a "write error".


Edited by grrrl2, 08 April 2016 - 01:02 PM.


#12 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 01:08 PM

I reinstalled, it scanned but said bitdefender is still active. I have no control to that program - the remote computers have taken authority for it.

 

Running anyway.


Edited by grrrl2, 08 April 2016 - 01:36 PM.


#13 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 01:37 PM

ComboFix 16-04-06.01 - Amby 04/08/2016  11:21:27.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8157.5177 [GMT -7:00]
Running from: c:\users\Amby\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
FW: Bitdefender Firewall *Enabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
SP: Bitdefender Antispyware *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1457043157.bdinstall.bin
c:\programdata\1458663909.bdinstall.bin
c:\programdata\1459246222.bdinstall.bin
c:\programdata\1459246231.bdinstall.bin
c:\programdata\1459455083.bdinstall.bin
c:\users\Amby\AppData\Roaming\Origin
c:\users\Amby\AppData\Roaming\Origin\Cloud Saves\blacklist
c:\users\Amby\AppData\Roaming\Origin\local.xml
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-08 to 2016-04-08  )))))))))))))))))))))))))))))))
.
.
2016-04-08 18:32 . 2016-04-08 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-08 18:32 . 2016-04-08 18:32 -------- d-----w- c:\users\Amber\AppData\Local\temp
2016-04-08 10:15 . 2016-04-08 10:15 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-08 10:14 . 2016-04-08 17:42 -------- d-----w- c:\programdata\RogueKiller
2016-04-08 09:42 . 2016-04-08 17:41 -------- d-----w- C:\FRST
2016-04-05 05:00 . 2016-04-05 05:00 -------- d-----w- c:\programdata\Dumps
2016-04-05 04:22 . 2016-04-05 04:22 -------- d-----w- c:\programdata\Emsisoft
2016-04-04 20:56 . 2016-04-04 21:00 -------- d-----w- c:\users\Amby\AppData\Roaming\Comodo
2016-04-04 19:31 . 2016-04-05 11:46 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2016-04-04 00:38 . 2016-04-04 00:38 -------- d-----w- C:\VTRoot
2016-04-04 00:38 . 2016-04-04 00:38 -------- d-----w- c:\users\Amby\AppData\Local\Comodo
2016-04-04 00:38 . 2016-04-04 00:38 -------- d-----w- c:\program files (x86)\Comodo
2016-04-04 00:15 . 2016-04-04 00:15 -------- d-----w- c:\users\Amby\AppData\Local\Hardcoded Software
2016-04-04 00:15 . 2016-04-05 11:43 -------- d-----w- c:\users\Amby\.zenmap
2016-04-04 00:08 . 2016-04-05 11:44 -------- d-----w- c:\program files\WinPcap
2016-04-04 00:07 . 2016-04-04 19:16 -------- d-----w- c:\program files (x86)\Nmap
2016-04-03 23:32 . 2016-04-03 23:32 -------- d-----w- c:\users\Amby\AppData\Roaming\PeerNetworking
2016-04-03 23:19 . 2016-04-04 18:15 -------- d-----w- c:\program files\COMODO
2016-04-03 23:14 . 2016-04-04 20:56 -------- d-----w- c:\programdata\Comodo
2016-04-03 23:14 . 2016-04-03 23:14 -------- d-----w- c:\programdata\Shared Space
2016-04-01 09:54 . 2016-04-01 09:54 -------- d-----w- c:\program files\Hardcoded Software
2016-03-31 01:06 . 2016-04-05 13:17 -------- d-----w- c:\program files\Reason
2016-03-31 00:49 . 2016-03-31 00:49 -------- d-----w- c:\users\Amber\AppData\Local\GlassWire
2016-03-30 09:41 . 2016-03-30 09:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-03-30 08:35 . 2016-04-05 13:44 -------- d-----w- c:\program files (x86)\QuickTime
2016-03-30 07:13 . 2016-03-30 07:13 -------- d-----w- c:\users\Amby\AppData\Local\GlassWire
2016-03-30 07:09 . 2015-05-29 04:15 33248 ----a-w- c:\windows\system32\drivers\gwdrv.sys
2016-03-30 07:09 . 2016-03-30 07:09 -------- d-----w- c:\programdata\GlassWire
2016-03-30 07:08 . 2016-04-05 13:43 -------- d-----w- c:\program files (x86)\GlassWire
2016-03-30 07:06 . 2016-04-05 13:18 -------- d-----w- c:\programdata\CSIS
2016-03-30 07:06 . 2016-04-05 13:43 -------- d-----w- c:\program files (x86)\Heimdal
2016-03-30 06:13 . 2016-04-05 13:45 -------- d-----w- c:\programdata\Panda Security
2016-03-30 06:13 . 2016-04-05 13:44 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2016-03-26 10:56 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-03-26 10:56 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 22:13 . 2015-11-05 19:02 2048 ----a-w- c:\windows\system32\tzres.dll
2016-03-25 22:13 . 2015-11-05 19:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-03-25 22:13 . 2016-02-02 18:57 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-03-25 22:12 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-03-25 22:12 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-03-25 22:11 . 2015-06-03 20:22 257864 ----a-w- c:\windows\SysWow64\wbem\Win32_Tpm.dll
2016-03-25 22:11 . 2015-06-03 20:21 312600 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2016-03-25 22:11 . 2016-02-05 18:56 20480 ----a-w- c:\windows\system32\tbs.dll
2016-03-25 22:11 . 2016-02-05 17:33 15360 ----a-w- c:\windows\SysWow64\tbs.dll
2016-03-25 22:11 . 2015-06-03 20:21 451080 ----a-w- c:\windows\system32\fveapi.dll
2016-03-25 22:11 . 2016-02-05 18:54 109568 ----a-w- c:\windows\system32\fveapibase.dll
2016-03-25 22:11 . 2016-02-05 18:53 8192 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
2016-03-25 22:11 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
2016-03-25 22:11 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-03-25 22:11 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
2016-03-25 22:11 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2016-03-25 22:09 . 2015-11-19 14:07 994760 ----a-w- c:\windows\system32\ucrtbase.dll
2016-03-25 21:54 . 2016-02-19 19:02 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-03-25 21:54 . 2016-02-19 18:54 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-03-25 21:54 . 2016-02-19 14:07 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-03-25 21:54 . 2016-02-11 14:07 689152 ----a-w- c:\windows\system32\generaltel.dll
2016-03-25 21:54 . 2016-02-05 14:07 696832 ----a-w- c:\windows\system32\invagent.dll
2016-03-25 21:54 . 2016-02-05 14:07 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-25 21:54 . 2016-02-05 14:07 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-25 21:54 . 2015-11-16 20:17 210432 ----a-w- c:\windows\system32\aepic.dll
2016-03-25 19:16 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-03-25 19:16 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2016-03-25 19:14 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2016-03-25 19:14 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-03-25 19:14 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-03-25 19:13 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-03-25 19:13 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2016-03-25 19:13 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2016-03-25 19:13 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2016-03-25 19:13 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2016-03-25 19:13 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-03-25 19:13 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2016-03-25 19:08 . 2015-11-03 19:04 802304 ----a-w- c:\windows\system32\usp10.dll
2016-03-25 19:08 . 2015-11-03 18:56 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-03-25 19:08 . 2016-02-04 17:52 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-03-25 19:08 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2016-03-25 19:08 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2016-03-25 19:07 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2016-03-25 19:05 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-03-25 19:05 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-03-25 19:05 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-03-25 19:05 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
2016-03-25 19:05 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-03-25 19:05 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2016-03-25 19:05 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2016-03-25 19:05 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-03-25 19:05 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-03-25 19:04 . 2016-02-03 18:07 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2016-03-25 19:04 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-03-25 19:04 . 2016-02-03 18:58 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-03-25 19:04 . 2016-02-03 18:49 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-03-25 19:04 . 2016-02-03 18:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-03-25 19:04 . 2016-02-03 18:43 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-03-25 19:04 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
2016-03-25 19:04 . 2015-11-05 19:02 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2016-03-25 19:04 . 2015-11-05 09:53 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2016-03-25 19:02 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2016-03-25 19:02 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
2016-03-25 19:02 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
2016-03-25 19:02 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
2016-03-25 19:02 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-03-25 19:02 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2016-03-25 19:02 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-03-25 19:02 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-03-25 19:02 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2016-03-25 18:57 . 2016-02-05 01:19 381440 ----a-w- c:\windows\system32\mfds.dll
2016-03-25 18:57 . 2016-02-04 18:41 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-03-25 18:57 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys
2016-03-25 18:57 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2016-03-25 18:56 . 2015-12-20 18:50 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2016-03-25 18:56 . 2015-12-20 18:50 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-03-25 18:56 . 2015-12-20 14:08 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-03-25 18:56 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
2016-03-25 18:56 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2016-03-25 18:54 . 2016-02-09 09:55 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-03-25 18:54 . 2016-01-16 19:01 2085888 ----a-w- c:\windows\system32\ole32.dll
2016-03-25 18:54 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-25 18:51 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-03-25 18:51 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-03-25 18:51 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-03-25 18:51 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-03-25 18:51 . 2015-09-23 13:15 460776 ----a-w- c:\windows\system32\drivers\cng.sys
2016-03-25 18:51 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-25 18:51 . 2016-01-22 06:02 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-25 18:51 . 2015-09-23 13:15 299632 ----a-w- c:\windows\system32\bcryptprimitives.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-30 06:58 . 2010-02-28 18:37 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2016-03-29 06:15 . 2010-02-14 09:03 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2016-03-29 06:15 . 2010-02-15 19:31 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2016-03-29 06:15 . 2010-05-19 18:26 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2016-03-26 10:04 . 2010-02-14 23:07 143659408 ----a-w- c:\windows\system32\MRT.exe
2016-03-17 12:59 . 2016-03-03 22:17 290032 ----a-w- c:\windows\system32\drivers\ignis.sys
2016-03-14 20:46 . 2014-07-27 01:22 642328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-02-11 18:30 . 2016-03-25 18:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-22 16:12 . 2016-03-03 22:17 806344 ----a-w- c:\windows\system32\drivers\avckf.sys
2016-01-22 16:11 . 2016-03-03 22:17 1622512 ----a-w- c:\windows\system32\drivers\avc3.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-14 20:47 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-14 20:47 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-14 20:47 1741096 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-15 2513992]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-02-25 23260000]
"Amazon Music"="c:\users\Amby\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-05-07 5886784]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2016-03-28 10787840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
.
c:\users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\onenotem.exe /tsr [2016-2-28 195248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Heimdal.lnk - c:\program files (x86)\Heimdal\Client\HeimdalAgent.exe [2015-8-14 1170000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-3-4 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFBUS.sys [x]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFCVsp.sys [x]
R3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFFLT.sys [x]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFMdm.sys [x]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNET.sys [x]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFNVsp.sys [x]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys;c:\windows\SYSNATIVE\DRIVERS\ATMFVsp.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-30 20:29 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-31 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job
- c:\users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-23 13:57]
.
2016-04-01 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job
- c:\users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-23 13:57]
.
2016-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 21:40]
.
2016-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 21:40]
.
2016-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job
- c:\users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15 21:41]
.
2016-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job
- c:\users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15 21:41]
.
2016-04-01 c:\windows\Tasks\HPCeeScheduleForAmby.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2016-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-02-25 06:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-02-25 06:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-02-25 06:39 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-14 20:47 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-14 20:47 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-14 20:47 2348336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Amby\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2016\bdagent.exe" [2016-03-17 1644824]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-Amazon Amazon Music - c:\users\Amby\AppData\Local\Amazon Music\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-08  11:35:40
ComboFix-quarantined-files.txt  2016-04-08 18:35
.
Pre-Run: 507,986,210,816 bytes free
Post-Run: 508,175,069,184 bytes free
.
- - End Of File - - 622F77C78FAB929F6D15B1529395C813
8C2EE88AF3307F6C702FF46694D582F5
 


#14 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 03:23 PM

Remote user cut off access to this forum while I was posting results of zoek - kept getting "server down" "page not available". In mid posting the computer shutdown and reboot - now zoek backup is missing as well as log file, I am guessing they rebooted the backup.

 

Trying to download and rerun. Not working.



#15 grrrl2

grrrl2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:West Coast!
  • Local time:05:06 AM

Posted 08 April 2016 - 06:21 PM

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Amby on Fri 04/08/2016 at 13:16:09.64.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Amby\Desktop\zoek (1).exe [Scan all users]  [Checkboxes used]
 
==== Older Logs ======================
 
C:\zoek-results2016-04-08-190359.log 182465 bytes
 
==== Running Processes ======================
 
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Users\Amby\Desktop\SECUR\usbdeview-x64\USBDeview.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\prevhost.exe
C:\Users\Amby\Desktop\UTILITY\unhide.exe
C:\Windows\system32\conhost.exe
C:\Users\Amby\Desktop\zoek (1).exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
==== Windows Installer Info ======================
 
7-Zip 4.65 (x64 edition) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\96F071321C0420724056000010000000]C:\Windows\Installer\2e96c6.msi
Adobe Acrobat Reader DC [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744CAF070E41400]C:\Windows\Installer\a9fbdc5.msi
Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB540C64F3B24CB4E8C4000EFCB89DBD]c:\Windows\Installer\13b83703.msi
Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142617615]C:\Windows\Installer\b672a.msi
Amazon Unbox Video [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E9384A458F781DB469283A949E49F3A0]C:\Windows\Installer\468fe55.msi
Ancestry World Archives Project - Keying Tool [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7467C0ADCD864444AD85E59BA7D1EB5]C:\Windows\Installer\1c654576.msi
Apple Application Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A440F64B8EC691489E4B56D25E563D1]C:\Windows\Installer\4eb2387.msi
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A977DA8BAD2856347A0DDAD3FC5CC5FF]C:\Windows\Installer\41318a.msi
Apple Software Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF]C:\Windows\Installer\300a927b.msi
Bing Bar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5509804B864D4A546AABA531D87D51CF]C:\Windows\Installer\2669618.msi
Bitdefender Agent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EEDDA26FB4AE7874EADBF7221F52B22A]C:\Program
Bitdefender Total Security 2016 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E2C2EF90D0BB84847A60AA42F42AF5AE]C:\Program
Bonjour  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8]C:\Windows\Installer\30edc8f0.msi
CameraHelperMsi  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\10743651ECAB9444B8525176ADC8F93D]C:\Windows\Installer\1506ed00.msi
Compatibility Pack for the 2007 Office system [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109020090400000000000F01FEC]C:\Windows\Installer\fbcd.msi
Google Drive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1930D598F95454D48BDD310FED076CE6]C:\Windows\Installer\c50675b.msi
Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF057718A6CED58499106038EAF6DF1F]C:\Windows\Installer\18d4beb5.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\1d4244.msi
Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\b66f3.msi
Graphviz  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\046B0F08E5A36B54CA0A44A5FF87EC58]C:\Windows\Installer\17ba8dd.msi
Hewlett-Packard ACLM.NET v1.2.2.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\701043F6AA9F6C745BC43C1AF91155F3]C:\Windows\Installer\8b49e99.msi
HP  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\782BB4BF9F7372E4C9D4D283280EE8FF]c:\Windows\Installer\fba3.msi
HP  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9B52EE2B00B5FCA4490F2934C3823CE9]c:\Windows\Installer\886a5c7.msi
HP  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ADBE3203B1FB13843B745E1058552FE6]c:\Windows\Installer\fb7e.msi
HP Advisor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7D8BF048FF62FA4CBB8B0D13BA20FB4]C:\Windows\Installer\fbe1.msi
HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0694AF70830BBE9498B1F95939A05A44]C:\Windows\Installer\8b49ea3.msi
HP Deskjet 1000 J110 series Basic Device Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D411B388E3DBF894D9DAE5A4E8C134AB]C:\Windows\Installer\849b07a.msi
HP Deskjet 1000 J110 series Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77CCFDDDC9F79E543BE827B15A99ABC0]C:\Windows\Installer\849b080.msi
HP Deskjet 1000 J110 series Product Improvement Study [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AFB075A1577DEE740817609E55C9415F]C:\Windows\Installer\849b086.msi
HP MediaSmart SmartMenu [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\12506E88E4E158749B1F71894ADBC003]C:\Windows\Installer\fb84.msi
HP MediaSmart/TouchSmart Netflix [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BFD12053AC9FA204982A749FE1054656]C:\Windows\Installer\fb4e.msi
HP Odometer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\98A1CA8B1DFF79F408155E501A065F26]C:\Windows\Installer\888b.msi
HP Remote Solution [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88FC116CD9696E348A776D6D34D90D18]C:\Windows\Installer\8891.msi
HP Support Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31B3A53EDC877694A88CAAF9AD96E3ED]C:\Windows\Installer\8b49e93.msi
HP Support Information [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B7B30A9BFF0E3BF4AB3867E2851A0BAA]C:\Windows\Installer\8885.msi
HP Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AFC9600B9BB530C41B6C98EC92E0A5EF]C:\Windows\Installer\849b09b.msi
iCloud  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\569584B8EFE8A46448F2FCF8813CFD7D]C:\Windows\Installer\2f2e99.msi
iTunes  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21DFF8FCB206D224FAD115B114E16723]C:\Windows\Installer\413d73.msi
Java 7 Update 79 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF230120797FF]C:\Windows\Installer\388784.msi
JavaFX 2.1.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F6071111A6667304777712318267D401]C:\Windows\Installer\979058b.msi
LabelPrint  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C971C95CD8669A946BAE1012CCCF2134]c:\Windows\Installer\fb58.msi
LG VZW United Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D48734BA5EE11114598C19B852FECDB4]C:\Windows\Installer\1a1e3080.msi
LightScribe System Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2A49E8CC7C55064459C3A297100875C8]c:\Windows\Installer\fb8b.msi
LWS Facebook [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\591761FF4EE90C64C87DBF3A54E788BA]C:\Windows\Installer\1506ecf0.msi
LWS Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3CE67F61B43E63479BF845CD8B7DEDC]C:\Windows\Installer\1506ece6.msi
LWS Help_main [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E6121561DA7E0524291ABFE86D31199C]C:\Windows\Installer\1506ecb9.msi
LWS Launcher [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3AF8C38AE4F4C6438293DEC5373836D]C:\Windows\Installer\1506ecac.msi
LWS Motion Detection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F3D66E17900ABA447848572E18B94AAB]C:\Windows\Installer\1716af2.msi
LWS Pictures And Video [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\89201680EA92B5443BD7FEEB50089276]C:\Windows\Installer\1506ecd2.msi
LWS Twitter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\13B3A47134C4DD3468F6379CBD88B784]C:\Windows\Installer\1716b71.msi
LWS Video Mask Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B720DEE6BD0B404F854D6EF3EA44014]C:\Windows\Installer\1716b0e.msi
LWS VideoEffects [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2704A83146E9DB645B9FBDB23B5993F1]C:\Windows\Installer\1716adc.msi
LWS Webcam Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472D7398182C4E24C8BD0A2BFD791998]C:\Windows\Installer\39e407.msi
LWS WLM Plugin [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B67AEAD9F05E27245A5910428E6255D3]C:\Windows\Installer\1716b8b.msi
LWS YouTube Plugin [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7]C:\Windows\Installer\39e455.msi
MAGIX Video easy SE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC1EAE0C0FBE55A4EB9AAE97AF4F8098]C:\Windows\Installer\6c7d495.msi
MediaSmart DVD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\970DACCDC29FAD442B8526F46C15A7A5]c:\Windows\Installer\fb79.msi
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1735F6DB1CAD0F03D9EDAC6C97E1823C]C:\Windows\Installer\c4ce35.msi
Microsoft Office Outlook Connector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159A70090400000000000F01FEC]C:\Windows\Installer\52d9bf5.msi
Microsoft Office PowerPoint Viewer 2007 (English) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002159FA0090400000000000F01FEC]C:\Windows\Installer\fbc7.msi
Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\9839a9c3.msi
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B7573E6B77E5519368A6CCCFB4D891C4]c:\Windows\Installer\300fac1.msi
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\Windows\Installer\300fac7.msi
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182]C:\Windows\Installer\1b4e424.msi
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\84b9c17023c712640acaf308593282f8]C:\Windows\Installer\1f825.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\e98a2e4.msi
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\1b4e433.msi
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC]c:\Windows\Installer\1f82b.msi
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E]c:\Windows\Installer\fc5e.msi
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\1b4e508.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\1f81f.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\fc57.msi
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\1b4e50f.msi
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\847208.msi
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\8471fe.msi
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C025571B2A687A53689168CD7369889B]C:\Windows\Installer\1edd4d.msi
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC8A59DBF9D1DA5389A1E3975220E6BB]C:\Windows\Installer\1edd47.msi
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\62DBF9290209B993A9A757D1160F9B24]C:\Windows\Installer\6b30ef0.msi
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8D947A316B3EB3F8F540C548BE2AB9]C:\Windows\Installer\6b30eea.msi
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58]C:\Windows\Installer\6b30f00.msi
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21EE4A31AE32173319EEFE3BD6FDFFE3]C:\Windows\Installer\6b30efa.msi
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BEA594979BAED93C82408E6FE57CE7A]c:\Windows\Installer\847259.msi
Microsoft Works 6-9 Converter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159731090400000000000F01FEC]C:\Windows\Installer\46d3fc91.msi
Microsoft WSE 3.0 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\70D17E3E72DCBC644884614DBF92AA31]C:\Windows\Installer\1c654571.msi
Minecraft  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3ACB61C11CBE6F946832F8FB9BCC8C27]C:\Windows\Installer\d5b505.msi
Mobile PhoneTools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8D0F372340235ED4EB43AA66310B8E44]C:\Windows\Installer\a0da971.msi
Mobile PhoneTools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D515B6FCA99D20B4C829E92A5530A5D3]C:\Windows\Installer\a0da977.msi
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\34c2be7.msi
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\34c2bee.msi
Office 15 Click-to-Run Extensibility Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80000000000000000F01FEC]C:\Windows\Installer\adc1415.msi
Office 15 Click-to-Run Licensing Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F80000000100000000F01FEC]C:\Windows\Installer\adc1356.msi
Office 15 Click-to-Run Localization Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80090400000000000F01FEC]C:\Windows\Installer\adc146d.msi
paint.net  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6FA2CDADF9CDFCB4FBECCDCE61FE05C7]C:\Windows\Installer\d1c591.msi
PictureMover  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\217E6981D3B2be54CB9E4572245A0123]C:\Windows\Installer\fb98.msi
PlayReady PC Runtime amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4339ACB9C6B56F4A937CAA523A9D440]C:\Windows\Installer\fb42.msi
Poladroid  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D87FF8EC1D4D2B4CA0876F031F54516]C:\Windows\Installer\8831a14.msi
Power2Go  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\38E1FB04BE028D11795C00905C206085]c:\Windows\Installer\fb53.msi
PowerDirector  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\098990BCF5D15D11E99A0005AB3E711E]c:\Windows\Installer\fb5d.msi
PowerRecover  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA0A2B44E214C8F40B851D8EEACCFD5F]C:\Windows\Installer\fc63.msi
PowerStarter  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42C6FBF1DF1C10144AB2C065F4E9E897]c:\Windows\Installer\fb66.msi
Python 2.6.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\991F327446AF3324E8E6F9CC9CA581EE]C:\Windows\Installer\17ba8d6.msi
QuickTime 7 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\57DB95FFA664A5D4DA32AA8DC7F54DC4]C:\Windows\Installer\4eb2666.msi
Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F2FDFE0D6387BE43AD230B83D1FBFA2]C:\Windows\Installer\300fb24.msi
 
==== Installed Programs ======================
 
7-Zip 4.65 (x64 edition)  
Adobe Acrobat Reader DC  
Adobe AIR  
Adobe Refresh Manager  
Amazon Cloud Drive  
Amazon Kindle  
Amazon MP3 Downloader 1.0.17  
Amazon Reviewer Analysis Tool 3.12.1  
Amazon Unbox Video  
Ancestry World Archives Project - Keying Tool  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Bejeweled 2 Deluxe  
Bing Bar  
Bitdefender Agent  
Bitdefender Total Security 2016  
Blackhawk Striker 2  
Blasterball 2 Revolution  
Bob the Builder Can-Do-Zoo  
Bonjour  
CameraHelperMsi  
CCleaner  
Chuzzle Deluxe  
Compatibility Pack for the 2007 Office system  
Coupon Printer for Windows  
Cricket Broadband Connect  
Cricket EVDO Modem  
CyberLink DVD Suite Deluxe  
Diner Dash  
DirectX for Managed Code Update (Summer 2004)  
Dora's Carnival Adventure  
Dropbox  
DVD Menu Pack for HP MediaSmart Video  
Family Feud 3  
FATE  
Flickr Uploadr 3.2.1  
Foxit Reader  
Gadwin PrintScreen  
GanttProject  
GenealogyJ 6755  
GIMP 2.6.8  
GlassWire 1.2 (remove only)  
Google Chrome  
Google Drive  
Google Earth  
Google Talk Plugin  
Google Update Helper  
GrampsAIO64  
Graphviz  
GTK2-Runtime  
Hardware Diagnostic Tools  
Heimdal  
herdProtect Anti-Malware Scanner  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP Advisor  
HP Customer Experience Enhancements  
HP Deskjet 1000 J110 series Basic Device Software  
HP Deskjet 1000 J110 series Help  
HP Deskjet 1000 J110 series Product Improvement Study  
HP Game Console  
HP Games  
HP MediaSmart DVD  
HP MediaSmart Music/Photo/Video  
HP MediaSmart SmartMenu  
HP MediaSmart/TouchSmart Netflix  
HP Odometer  
HP Photo Creations  
HP Remote Solution  
HP Setup  
HP Support Assistant  
HP Support Information  
HP Update  
Hulu Desktop  
HxD Hex Editor version 1.7.7.0  
iCloud  
Intel® Graphics Media Accelerator Driver  
Internet TV for Windows Media Center  
iTunes  
Java 7 Update 79  
JavaFX 2.1.1  
Jewel Quest Solitaire 2  
LabelPrint  
Last.fm Scrobbler 2.1.37  
LG VZW United Drivers  
LightScribe System Software  
LMMS 1.1.3  
Logitech Vid HD  
Logitech Webcam Software  
Logitech Webcam Software Driver Package  
LWS Facebook  
LWS Gallery  
LWS Help_main  
LWS Launcher  
LWS Motion Detection  
LWS Pictures And Video  
LWS Twitter  
LWS Video Mask Maker  
LWS VideoEffects  
LWS Webcam Software  
LWS WLM Plugin  
LWS YouTube Plugin  
MAGIX Video easy SE  
Mah Jong Medley  
Microsoft .NET Framework 4.6.1  
Microsoft Office Outlook Connector  
Microsoft Office PowerPoint Viewer 2007 (English)  
Microsoft Office Professional Plus 2013 - en-us  
Microsoft Silverlight  
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)  
Microsoft Works 6-9 Converter  
Microsoft WSE 3.0 Runtime  
Minecraft  
MiniTool Power Data Recovery Free Edition 7.0  
Mobile PhoneTools  
Monopoly  
More Games from HP Games  
Movie Theme Pack for HP MediaSmart Video  
mp3splt-gtk  
Mp3tag v2.52  
MS Access 97 SP2  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MyFonts Order M1805396 (A)  
MyFonts Order M1805396 (B)  
MyFonts Order M1805396 (C-D)  
MyFonts Order M1805396 (E-F)  
MyFonts Order M1805396 (G-H)  
MyFonts Order M1805396 (I-K)  
MyFonts Order M1805396 (N-O)  
MyFonts Order M1805396 (P)  
MyFonts Order M1805396 (Q-R)  
MyFonts Order M1805396 (S)  
MyFonts Order M1805396 (T-V)  
MyFonts Order M1805396 (W-Z)  
Mystery P.I. - The New York Fortune  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
paint.net  
Panda USB Vaccine 1.0.1.16  
PANTECH USB Modem V2  
PeerBlock 1.2 (r693)  
Peggle Nights  
Penguins  
PictureMover  
Plants vs. Zombies  
PlayReady PC Runtime amd64  
Poker Superstars III  
Poladroid  
Polar Bowler  
Polar Golfer  
Power2Go  
PowerDirector  
POWERPREP II  
Python 2.6 pycairo-1.8.6  
Python 2.6 pygobject-2.20.0  
Python 2.6 pygtk-2.16.0  
Python 2.6.5  
QuickTime 7  
R for Windows 3.2.2  
Realtek Card Reader  
Realtek High Definition Audio Driver  
Realtek PCIE Card Reader  
Recovery Manager  
SAMSUNG Mobile Modem Driver Set  
Samsung Mobile phone USB driver Drive Software  
SAMSUNG Mobile USB Modem 1.0 Software  
SAMSUNG Mobile USB Modem Software  
Samsung PC Studio 3 USB Driver Installer  
Scrabble  
Security Task Manager 2.0d  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)  
Tablet Driver V8.01  
THE GAME OF LIFE  
Totem Tribe  
Virtual Families  
Virtual Villagers - The Secret City  
Voicemeeter, The Virtual Mixing Console  
Wheel of Fortune 2  
Windows Media Player Firefox Plugin  
Yahtzee  
Zuma Deluxe  
 
==== System Specs ======================
 
Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit
Manufacturer: HP-Pavilion - Model: AY691AA-ABA p6367c
Install Date: 2/13/2010 11:50:12 PM
Last Boot: 4/8/2016 12:40:11 PM
Processor: Intel® Core™2 Quad CPU    Q8300  @ 2.50GHz
Number of Processors: 4
Work Station
Bootmode: Fail-safe with network boot
Total RAM: 8157 MB (free 4933 MB - 60)
Computername: SEXY-bleep
Domain: WORKGROUP
User: Amby (Non-Administrator account)
Local Disk:        C:\ - NTFS - 920 GB (free 474 GB)
Local Disk:        D:\ - NTFS - 10 GB (free 0 GB)
CD \ DVD Drive:    E:\ 
Removable Disk:    G:\ -  -  GB (free  GB)
Removable Disk:    H:\ -  -  GB (free  GB)
Removable Disk:    I:\ -  -  GB (free  GB)
Removable Disk:    K:\ -  -  GB (free  GB)
Bootdevice: \Device\HarddiskVolume1
Windows update: 
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Bitdefender Antispyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Bitdefender Firewall disabled
Internet Explorer Version: 11.0.9600.18230 
Google Chrome version: 49.0.2623.110
Adobe Reader version: 15.10.20056.167417
Sun Java version: 1.7.0_79 (32-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2016-04-08 18:18:09 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2016-04-08 18:18:09 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2016-04-08 18:18:09 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2016-04-08 18:18:09 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2016-04-08 18:18:09 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2016-03-25 18:55:32 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe
====== C:\Users\Amby\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-04-05 14:16:29 27A48D2DED04E28EE4E5ECD1BCEB1118 9224 ----a-w- C:\Windows\SysWOW64\InstallUtil.InstallLog
2016-03-30 09:42:01 756636DD37EEDCE6DC74F56040812647 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2016-03-30 09:41:44 63ACA5A77252F813E769019703278AB6 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2016-03-30 09:41:44 45AFC705754503A8B8DFBFECE6B0B033 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-30 09:41:44 12B35207989A4B0C010722675BCCD4F9 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2016-03-26 11:55:25 E869DDBE1C64BECEA0FF26C2BEE6385C 30208 ----a-w- C:\Windows\SysWOW64\wups.dll
2016-03-26 11:55:25 D432C3E330EC381F18F1D8492FD5A990 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2016-03-26 11:55:25 8C7AF1C5ED43F6A19D14DE7D04CF2D28 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2016-03-26 11:55:25 7F4449BE58F9D9853F010ADEF57C627E 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2016-03-26 11:55:25 363C311357833FAB98788CADDA82781C 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2016-03-26 10:56:01 4FA66A573E9A45D05AD5A25B1E76A35D 103120 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 22:13:20 B0AFC72F5BAE0C06DB30B409B9D05D8A 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2016-03-25 22:11:54 C2E392F3CE66FE21ADB7CA1158790BAA 15360 ----a-w- C:\Windows\SysWOW64\tbs.dll
2016-03-25 22:11:21 0E1490FB24DF3386AF80F66107A8515C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll
2016-03-25 22:10:22 9069FD5257A6A4F3AF8A88B5C07359AB 2364928 ----a-w- C:\Windows\SysWOW64\msi.dll
2016-03-25 22:10:21 66A8DBDC308EC11D654A3553A5131E16 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll
2016-03-25 22:10:21 61DE3EA1791D7CDCB3904AF5A0788BFA 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll
2016-03-25 22:10:21 2C55FD34A7F54C79EC8682A1125A0E97 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll
2016-03-25 22:10:11 D5AFC3A476925CE740B7079D9BD2D269 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll
2016-03-25 22:10:11 2996B3E7BBA42BEA62D386D9386EDE97 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe
2016-03-25 22:10:11 15DDF8D059752C6CBE3DCDCAA1264F45 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll
2016-03-25 22:10:08 A691D4B4B4167F56A717C421F9CF58C7 1372160 ----a-w- C:\Windows\SysWOW64\dwmcore.dll
2016-03-25 22:10:08 52213D271F6804AAA44F57AEFD2B778A 67584 ----a-w- C:\Windows\SysWOW64\dwmapi.dll
2016-03-25 22:10:01 BCBE1BD34AA5E3E585E8A186ECE49FA0 13664 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-25 22:10:01 3A2E6016FF209066F3129543660BE0B5 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-25 22:10:00 E5DE5F75FF6739AC9AABBDD4740B22A9 14176 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-25 22:10:00 E37EC711D51AAF9FD8570739ED8A1AC0 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-25 22:10:00 DB9FEFF915F895BE960E9D1D47639324 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-25 22:10:00 924E2F51DE0177D08AABAB725421D70C 22368 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-25 22:10:00 74126D3BED0E43DE875B66C63C608F42 19808 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-25 22:10:00 522226C519CDD233360BF0CE80B0CEBA 15712 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-25 22:10:00 386C6B538AC4F36737819B79E679132D 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-25 22:10:00 1D96A0D2EF83C6C1176806C02F96384A 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-25 22:09:59 D07F2E1FF3CA24A06ADDE429A0130E50 16224 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-25 22:09:59 B05D416F3162D1686914606E9C794997 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-25 22:09:59 85CF361F1388D42FEEDD3E2516D50CE7 66400 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-25 22:09:59 5E98B6B1D884AE801EEF41C42A080084 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-25 22:09:59 3DF1D7DA8C1493A5A00C0474323FEF20 922432 ----a-w- C:\Windows\SysWOW64\ucrtbase.dll
2016-03-25 22:09:59 0E9D1BCE1BB8A5E25B505CE7B52CCE74 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-25 22:09:33 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2016-03-25 22:09:33 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll
2016-03-25 22:09:33 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2016-03-25 22:09:33 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll
2016-03-25 22:09:20 BF49B5D47D80D8711E3D54C8E0A59130 1241088 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2016-03-25 22:09:19 F615574BF6B81533F3382856BE359237 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll
2016-03-25 22:09:19 4DF7AD468DA9828D4B704805EEE2C7B1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2016-03-25 22:09:19 2032B7698A8DCA5E157FD4ED153E9A76 1391104 ----a-w- C:\Windows\SysWOW64\msxml6.dll
2016-03-25 22:09:12 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\SysWOW64\locale.nls
2016-03-25 22:09:07 B51A17A1820E8940C0F99D5CCE6CD97E 6656 ----a-w- C:\Windows\SysWOW64\KBDAZEL.DLL
2016-03-25 22:09:07 A326E8C5F54D675AC83639FC9ADA8CDA 69120 ----a-w- C:\Windows\SysWOW64\nlsbres.dll
2016-03-25 22:09:07 4D1ED276529A0EA7177A6830BC842A92 6656 ----a-w- C:\Windows\SysWOW64\kbdgeoqw.dll
2016-03-25 22:09:07 4768E74F674F6DF9AEF172F738A1342B 7168 ----a-w- C:\Windows\SysWOW64\KBDAZE.DLL
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-03-26 11:55:25 F50C6862DB860F91051625800F61F71E 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2016-03-26 11:55:25 F0D39C0EB4DEED96714499518156BC6C 3169792 ----a-w- C:\Windows\Sysnative\wucltux.dll
2016-03-26 11:55:25 F09D8A5175BDD9533F7F900CAD213C91 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe
2016-03-26 11:55:25 D7DBB0C85B065CAFD6C5C888220A31E1 37888 ----a-w- C:\Windows\Sysnative\wups2.dll
2016-03-26 11:55:25 86F11B85102AFA6A1A6101DCE2F09386 2610688 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2016-03-26 11:55:25 7BD7019E51A13D5CFAFAE8A68C416C64 36864 ----a-w- C:\Windows\Sysnative\wups.dll
2016-03-26 11:55:25 70A3693BE74AE57DEA201DAD89A6B703 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2016-03-26 11:55:25 6B6050BC5BE9F4ADF7766BCBD34B5F6C 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll
2016-03-26 11:55:25 3DC8EC659B29A47D0DD05A454F4C9FF8 709120 ----a-w- C:\Windows\Sysnative\wuapi.dll
2016-03-26 11:55:25 37795555D27002BF1A59135B60268690 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2016-03-26 11:55:25 1F0038F5B57D5BDA7C1368EA240B4D57 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2016-03-26 10:56:01 52ED64BF80D360B0EA2B6E5F1504CDFF 124624 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 22:13:20 6EDEA5EDF5AA979CB2A99617A8478AD3 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2016-03-25 22:13:08 622C96AFB07BB82C8650B47172137AC4 511488 ----a-w- C:\Windows\Sysnative\rpcss.dll
2016-03-25 22:12:45 2CE2E6C71FD01B1DF8992EE5768A8CAD 22528 ----a-w- C:\Windows\Sysnative\icaapi.dll
2016-03-25 22:11:54 D1035B8EFC83165612F7AAB1816A81B4 451080 ----a-w- C:\Windows\Sysnative\fveapi.dll
2016-03-25 22:11:54 8F39E301AD8B219DADF83BD7DBE9842E 20480 ----a-w- C:\Windows\Sysnative\tbs.dll
2016-03-25 22:11:53 D99F8968C0C5CAD46A6B93A1FA6738B2 109568 ----a-w- C:\Windows\Sysnative\fveapibase.dll
2016-03-25 22:11:36 ED824E1EAE1C16C5B1902213FE093CED 41984 ----a-w- C:\Windows\Sysnative\UtcResources.dll
2016-03-25 22:11:36 EC3F433D00365F1A9BC3411BCA7C7140 1390592 ----a-w- C:\Windows\Sysnative\diagtrack.dll
2016-03-25 22:11:31 3B5D6CAC765E86BE07AA7959A35D553C 879104 ----a-w- C:\Windows\Sysnative\tdh.dll
2016-03-25 22:10:22 CB3F6D92BAA4726A6E2C2CA87659C0CB 1940992 ----a-w- C:\Windows\Sysnative\authui.dll
2016-03-25 22:10:22 A862873A7FF93D9C127F82BFC47C70FB 3243008 ----a-w- C:\Windows\Sysnative\msi.dll
2016-03-25 22:10:21 C60509E8FDD15B99BF09A5E1E3EF25E7 114624 ----a-w- C:\Windows\Sysnative\consent.exe
2016-03-25 22:10:21 2D0B5F22436DACC0115C39FCE41DD30F 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll
2016-03-25 22:10:21 0B49CA61DB9D8C21F309F794D74909A0 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll
2016-03-25 22:10:21 046E837786271237A76C50F7CE1F5BC6 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll
2016-03-25 22:10:11 E9DE8D0A3A7306AF26B25F52F13A9234 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe
2016-03-25 22:10:11 BBD257696E3FB0B8B1D3C115072116C6 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll
2016-03-25 22:10:11 262D7C87D0AC20B96EF9877D3CA478A0 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll
2016-03-25 22:10:11 07EAEA9D3E09340E64918EED526A5FFE 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll
2016-03-25 22:10:09 502237267638281B1365D1F20082AECF 1632256 ----a-w- C:\Windows\Sysnative\dwmcore.dll
2016-03-25 22:10:08 B8542140074D2B51FDC55E6907996CC4 82944 ----a-w- C:\Windows\Sysnative\dwmapi.dll
2016-03-25 22:10:01 EBA98AF7BA9FC4696BFD3F03D43CE07B 13664 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-25 22:10:01 A98EC7EDB339CD967E5CBD5EEC174CEB 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll
2016-03-25 22:10:00 E9C7DF2BC9C5157F2195737948DBFA0B 19808 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-25 22:10:00 D8F7A8440C5B23A587D981E7B9A4892C 15712 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll
2016-03-25 22:10:00 CB20CCF93E34CC08AB4B58A344E76DD1 14176 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll
2016-03-25 22:10:00 CAB18EAC01B9FCF6A0CA74E95FADB8B7 20832 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll
2016-03-25 22:10:00 C2F694722F8D98990B218ECAB729B0FE 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll
2016-03-25 22:10:00 A4FA9CA07855A7F237D1908E62B5B1C7 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll
2016-03-25 22:10:00 1EA4F3D5312C15A64904A6E9E457612D 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll
2016-03-25 22:10:00 0753722E5BD0AF130C1B465F2981477C 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll
2016-03-25 22:10:00 020E0DCC82A7C5AFDEE3FBA57C5F30D3 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-25 22:09:59 92375150AD3F19431B49793DC7111962 63840 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll
2016-03-25 22:09:59 6A2C655BC6B7E2EDFC98B632B521697D 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll
2016-03-25 22:09:59 62ED9DA33AFE5624A08D9427527536FE 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll
2016-03-25 22:09:59 4CDCE034568C1177325799A60F987F27 16224 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-25 22:09:59 1EB17F650462EEA820F4CD727D2D3AB1 994760 ----a-w- C:\Windows\Sysnative\ucrtbase.dll
2016-03-25 22:09:34 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll
2016-03-25 22:09:33 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll
2016-03-25 22:09:33 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll
2016-03-25 22:09:33 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll
2016-03-25 22:09:20 FDE5C7F271A8424B019EEFDAFD8CBD75 2004480 ----a-w- C:\Windows\Sysnative\msxml6.dll
2016-03-25 22:09:20 F06A3A6A49F6E059D6727A215A8FAA70 1887232 ----a-w- C:\Windows\Sysnative\msxml3.dll
2016-03-25 22:09:19 A25E5E8A16E0BA2A74390EA63319BE1D 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2016-03-25 22:09:19 3940461513FE8C7D94D76CCDBC783B93 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll
2016-03-25 22:09:12 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\Sysnative\locale.nls
2016-03-25 22:09:07 E77440D732DA943BA77C38BD9C8FF75D 7168 ----a-w- C:\Windows\Sysnative\kbdgeoqw.dll
2016-03-25 22:09:07 CD33834D9CADE5847806EF981888811C 69120 ----a-w- C:\Windows\Sysnative\nlsbres.dll
2016-03-25 22:09:07 8A4415ED740AA7303FDC98853F7DF6C2 7168 ----a-w- C:\Windows\Sysnative\KBDAZEL.DLL
2016-03-25 22:09:07 307C6A4E1A08B232E6E6A1A0839C5616 7168 ----a-w- C:\Windows\Sysnative\KBDAZE.DLL
2016-03-25 21:54:42 FE323BDBE00DB71740D5C3A47359B823 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll
2016-03-25 21:54:42 F809935C814853C159F97F5809A8A278 1373184 ----a-w- C:\Windows\Sysnative\appraiser.dll
2016-03-25 21:54:42 C96B880CE00D71939A9E982307589029 210432 ----a-w- C:\Windows\Sysnative\aepic.dll
2016-03-25 21:54:42 89333E9BCD30DF68821C8DB1D8534971 1168896 ----a-w- C:\Windows\Sysnative\aeinv.dll
2016-03-25 21:54:42 84E7911058EC06ACDF1E79EC14F13200 38336 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe
2016-03-25 21:54:42 6639BE7D8BFD124CBC51D5E3668D695D 499200 ----a-w- C:\Windows\Sysnative\devinv.dll
2016-03-25 21:54:42 63ABD1E5E37D096A54A383CB5F12D1A7 689152 ----a-w- C:\Windows\Sysnative\generaltel.dll
2016-03-25 21:54:42 4A4C972237F6F087021AA0F43CD9B41D 696832 ----a-w- C:\Windows\Sysnative\invagent.dll
====== C:\Windows\Sysnative\drivers =====
2016-04-08 10:15:29 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2016-03-30 07:09:43 61F60C794F0B40A68BAC6B61A5145311 3102 ----a-w- C:\Windows\Sysnative\drivers\gwdrv.inf
2016-03-30 07:09:43 3CF2C2F026B06D3F6B9A402DD50D5C9B 33248 ----a-w- C:\Windows\Sysnative\drivers\gwdrv.sys
2016-03-30 07:09:43 22C7579BB03241829184D21EF69668AB 8657 ----a-w- C:\Windows\Sysnative\drivers\gwdrv.cat
2016-03-25 22:12:44 19BEDA57F3E0A06B8D5EB6D619BD5624 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
2016-03-25 22:09:25 47B2D0B31BDC3EBE6090228E2BA3764D 1684416 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2016-03-25 22:09:23 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\Sysnative\drivers\disk.sys
2016-03-25 19:17:00 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2016-03-25 19:04:59 D029DD09E22EB24318A8FC3D8138BA43 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
2016-03-25 19:04:56 D7ADC2B83CA0B0381F75A98351F72CEE 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2016-03-25 19:04:43 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys
2016-03-25 19:02:40 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2016-03-25 18:59:28 CC1B3B52F33CBC1CE60867DA4E23537C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-03-25 18:59:28 8856E45D23BFF4D977BF06D0543BCD96 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-03-25 18:59:25 8D383CED28332B5F3894658857472F47 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-03-25 18:59:25 211A379BAAB812A7B437319BD85B2435 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2016-03-25 18:59:25 07F8F6B0CAEC7ADD30EBD94940A315D7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-03-25 18:57:02 AA77EB517D2F07A947294F260E3ACA83 118272 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys
2016-03-25 18:57:02 9A4A1EEE802BF2F878EE8EAB407B21B7 497664 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2016-03-25 18:55:04 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
2016-03-25 18:55:04 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
2016-03-25 18:55:04 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\Sysnative\drivers\drmkaud.sys
2016-03-25 18:51:11 EC0511BB85BAA42A9734011685A6732C 460776 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2016-03-25 18:49:05 F7309F42555F8AAB7144A51A1F2585B0 950720 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys
2016-03-23 12:25:38 CA864D504A5E56AF84A491B4AA1F8A98 328920 ----a-w- C:\Windows\Sysnative\drivers\RtsP2Stor.sys
2016-03-23 12:25:38 AE4607D7C7AA83A863BFA214483E8EE4 413912 ----a-w- C:\Windows\Sysnative\drivers\RtsUer.sys
2016-03-23 12:25:38 5B8A2A5EF34109489D78BBB983B9242E 367320 ----a-w- C:\Windows\Sysnative\drivers\RtsPStor.sys
2016-03-23 12:25:38 4FD2BAD595A2C366FC0312E30362E7AD 313048 ----a-w- C:\Windows\Sysnative\drivers\RtsBaStor.sys
2016-03-23 12:25:38 390594592126D5EBE0C98C0A3094096E 777944 ----a-w- C:\Windows\Sysnative\drivers\RtsPer.sys
====== C:\Windows\Tasks ======
2016-03-30 06:13:33 1C948750F6685BE7AE2C29B2DA4C426F 3072 ----a-w- C:\Windows\Sysnative\Tasks\PandaUSBVaccine
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-04-04 00:08:59 -------- d-----w- C:\Program Files\WinPcap
2016-04-03 23:19:16 -------- d-----w- C:\Program Files\COMODO
2016-04-01 09:54:34 -------- d-----w- C:\Program Files\Hardcoded Software
2016-03-31 01:06:21 -------- d-----w- C:\Program Files\Reason
======= C:\PROGRA~2 =====
2016-04-04 19:31:12 -------- d-----w- C:\PROGRA~2\COMMON~1\COMODO
2016-04-04 00:38:13 -------- d-----w- C:\PROGRA~2\Comodo
2016-04-04 00:07:12 -------- d-----w- C:\PROGRA~2\Nmap
2016-03-30 08:35:08 -------- d-----w- C:\PROGRA~2\QuickTime
2016-03-30 07:08:34 -------- d-----w- C:\PROGRA~2\GlassWire
2016-03-30 07:06:23 -------- d-----w- C:\PROGRA~2\Heimdal
2016-03-30 06:13:25 -------- d-----w- C:\PROGRA~2\Panda USB Vaccine
======= C: =====
====== C:\Users\Amby\AppData\Roaming ======
2016-04-08 18:57:26 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2016-04-08 18:57:26 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2016-04-08 18:57:26 -------- d-----w- C:\Users\Trevor\AppData\Local\temp
2016-04-08 18:57:25 -------- d-----w- C:\Users\Public\AppData\Local\temp
2016-04-08 18:57:25 -------- d-----w- C:\Users\Default\AppData\Local\temp
2016-04-08 18:57:25 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2016-04-08 18:57:25 -------- d-----w- C:\Users\Amby\AppData\Local\Temp
2016-04-08 18:57:25 -------- d-----w- C:\Users\Amber\AppData\Local\temp
2016-04-04 20:56:15 -------- d-----w- C:\Users\Amby\AppData\Roaming\Comodo
2016-04-04 00:38:34 -------- d-----w- C:\Users\Amby\AppData\Local\Comodo
2016-04-04 00:35:19 169C6FCCDF41F3F03459ECA43BCC44E3 717 ----a-w- C:\Users\Amby\AppData\Local\recently-used.xbel
2016-04-04 00:15:41 -------- d-----w- C:\Users\Amby\AppData\Local\Hardcoded Software
2016-04-03 23:32:24 -------- d-----w- C:\Users\Amby\AppData\Roaming\PeerNetworking
2016-04-01 03:33:12 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\hpqlog
2016-03-31 00:49:26 -------- d-----w- C:\Users\Amber\AppData\Local\GlassWire
2016-03-31 00:06:29 E7FEE52178A7D6F8A4AC60954F3690DA 3145624 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2016-03-30 07:13:04 -------- d-----w- C:\Users\Amby\AppData\Local\GlassWire
2016-03-24 04:16:40 -------- d-----w- C:\Users\Amber\AppData\Local\Amazon Music
2016-03-23 12:30:38 -------- d-----w- C:\Users\Amby\AppData\Local\Deployment
2016-03-23 10:58:34 -------- d-----w- C:\Users\Amby\AppData\Local\Apps
2016-03-20 22:13:13 -------- d-----w- C:\Users\Amby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 06:17:09 -------- d-----w- C:\Users\Amber\AppData\Local\GWX
2016-03-17 01:42:30 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Hewlett-Packard
2016-03-16 21:11:35 -------- d-----w- C:\Users\Trevor\AppData\Roaming\java
2016-03-16 21:11:32 -------- d-----w- C:\Users\Trevor\AppData\Roaming\.minecraft
2016-03-16 21:11:22 -------- d-s---w- C:\Users\Trevor\AppData\Locallow\Microsoft
2016-03-16 21:11:04 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Apple Computer
2016-03-16 21:11:00 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Bitdefender
2016-03-16 21:10:39 -------- d-----w- C:\Users\Trevor\AppData\Local\Hewlett-Packard
2016-03-16 21:10:32 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Adobe
2016-03-16 21:10:30 -------- d-----r- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-03-16 21:10:30 -------- d-----r- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-03-16 21:10:19 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Identities
2016-03-16 21:10:11 -------- d-----w- C:\Users\Trevor\AppData\Local\VirtualStore
2016-03-16 21:09:57 -------- d-s---w- C:\Users\Trevor\AppData\Roaming\Microsoft
2016-03-16 21:09:57 -------- d-----w- C:\Users\Trevor\AppData\Roaming\Media Center Programs
2016-03-16 21:09:57 -------- d-----w- C:\Users\Trevor\AppData\Local\Microsoft
2016-03-16 21:09:57 -------- d-----w- C:\Users\Trevor\AppData\Local\HuluDesktop
2016-03-16 21:09:57 -------- d-----w- C:\Users\Trevor\AppData\Local\Google
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-03-13 23:40:08 -------- d-----w- C:\Users\Amber\AppData\Roaming\QuickScan
====== C:\Users\Amby ======
2016-04-08 18:35:42 -------- d-----w- C:\Users\Public\AppData
2016-04-08 10:14:31 -------- d-----w- C:\ProgramData\RogueKiller
2016-04-08 10:13:33 14629E4C79D434972703A359C1FC0ECC 19765320 ----a-w- C:\Users\Amby\Desktop\RogueKiller.exe
2016-04-08 09:41:39 D9D59BD0D90893F9AE9F875B30A382AE 2374144 ----a-w- C:\Users\Amby\Desktop\FRST64.exe
2016-04-05 05:00:39 -------- d-----w- C:\ProgramData\Dumps
2016-04-04 00:15:21 -------- d-----w- C:\Users\Amby\.zenmap
2016-04-03 23:22:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-04-03 23:14:57 -------- d-----w- C:\ProgramData\Shared Space
2016-04-03 23:14:57 -------- d-----w- C:\ProgramData\Comodo
2016-04-01 09:24:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2016-03-30 09:41:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-30 08:35:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-30 08:29:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2016-03-30 07:10:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-03-30 07:09:30 -------- d-----w- C:\ProgramData\GlassWire
2016-03-30 07:06:41 -------- d-----w- C:\ProgramData\CSIS
2016-03-30 06:26:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 7.0
2016-03-26 21:54:20 1896E6EE1B4AD6744E409AF48E3EDE6B 38492 ----a-w- C:\Users\Amber\.recently-used.xbel
2016-03-24 22:24:04 -------- d-----w- C:\ProgramData\Backup
2016-03-23 12:11:24 78F939C56D09158452190E60A2D0C200 262144 ----a-w- C:\Windows\serviceprofiles\networkservice\msmqlog.bak
2016-03-23 12:11:24 1B46A167966B047FB819D60A810A77F9 327680 ----a-w- C:\Windows\serviceprofiles\networkservice\msmqlog.bin
2016-03-16 21:10:30 -------- d-----r- C:\Users\Trevor\Searches
2016-03-16 21:10:17 -------- d-----r- C:\Users\Trevor\Contacts
2016-03-16 21:10:08 7B9D4F33E329C1D41B234B069698B057 632 --sha-r- C:\Users\Trevor\ntuser.pol
2016-03-16 21:10:03 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Trevor\ntuser.ini
2016-03-16 21:09:57 -------- d-----w- C:\Users\Trevor\AppData
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Videos
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Saved Games
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Pictures
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Music
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Links
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Favorites
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Downloads
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Documents
2016-03-16 21:09:57 -------- d-----r- C:\Users\Trevor\Desktop
 
====== C: exe-files ==
2016-04-08 18:18:09 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2016-04-08 18:18:09 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2016-04-08 18:18:09 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2016-04-08 18:18:09 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2016-04-08 18:18:09 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2016-04-08 10:13:33 14629E4C79D434972703A359C1FC0ECC 19765320 ----a-w- C:\Users\Amby\Desktop\RogueKiller.exe
2016-04-08 09:41:39 D9D59BD0D90893F9AE9F875B30A382AE 2374144 ----a-w- C:\Users\Amby\Desktop\FRST64.exe
2016-04-05 17:09:56 DEFFB9B1B8EDC753EF2D3F83E0447B0F 82944 ----a-w- C:\Users\Amby\Desktop\Quick Access~!\Hirens.BootCD.15.2\BurnCDCC.exe
2016-04-05 17:09:56 54F10202EE1A9DC2009D15A50F6BCD78 75776 ----a-w- C:\Users\Amby\Desktop\Quick Access~!\Hirens.BootCD.15.2\HBCDCustomizer.exe
=== C: other files ==
2016-04-08 12:04:25 !HASH: COULD NOT OPEN FILE !!!!! 36683754 ----a-w- C:\Users\Amby\Desktop\DERP OPs.zip
2016-04-08 11:04:27 026D191606B1ABB2DA86B6D20072A059 145657 ----a-w- C:\Users\Amby\Desktop\Amber System Summary.zip
2016-04-05 05:13:12 3601D8C8505F45C3F620D109D713949B 36454022 ----a-w- C:\Users\Amby\Desktop\DERP OPs\BDSP_SEXY-bleep_2016_04_04_22_13.zip
2016-04-03 10:58:53 8F50D6A525CCACA79BC5FCC22E3A7145 114000711 ----a-w- C:\Users\Amby\Desktop\Quick Access~!\(I'm) Stranded - The Saints.zip
2016-04-03 10:58:20 A3468D33CB2E22144A58152ACFCF2BD6 126737356 ----a-w- C:\Users\Amby\Desktop\Quick Access~!\Eternally Yours - The Saints.zip
2016-04-03 10:20:15 C5392D9910AA7845F37561D0072DE6EA 23686748 ----a-w- C:\Users\Amby\Desktop\Quick Access~!\AmazonMusicDownloadpunk.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1118247773-2797080340-1104804865-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"PeerBlock"="C:\Program Files\PeerBlock\peerblock.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Amazon Music"="C:\Users\Amby\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash"
"PeerBlock"="C:\Program Files\PeerBlock\peerblock.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Amazon Music"="C:\Users\Amby\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"hkey"="HKLM"
"item"="BCSSync"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Amby\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Remote Solution]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Remote Solution"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Hewlett-Packard\\HP Remote Solution\\HP_Remote_Solution.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
"hkey"="HKLM"
"item"="HP Software Update"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"
"hkey"="HKLM"
"item"="hpsysdrv"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Vid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logitech Vid"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Logitech\\Vid HD\\Vid.exe\" -bootmode"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LWS"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NortonOnlineBackupReminder"
"hkey"="HKLM"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WsdtReplacer]
"hkey"="HKLM"
"item"="WsdtReplacer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{9ABA99F9-A8FE-7E89-8E99-AE8b85E9AE9B}"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Cricket Broadband Connect\\AvqAutoRun.exe\" \"C:\\Program Files (x86)\\Cricket Broadband Connect\\mphonetools.exe\" /OnPlug=%s"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"item"="McAfee Security Scan Plus"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MCAFEE~1\\21FF9D~1.121\\SSSCHE~1.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OfficeSAS.lnk"
"backup"="C:\\Windows\\pss\\OfficeSAS.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\OFFICE~1\\OFFICE~2.EXE "
"item"="OfficeSAS"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PictureMover.lnk"
"backup"="C:\\Windows\\pss\\PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE -det"
"item"="PictureMover"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Trend Micro SafeSync.lnk]
"item"="Trend Micro SafeSync"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Trend Micro SafeSync.lnk"
"backup"="C:\\Windows\\pss\\Trend Micro SafeSync.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TRENDM~1\\HRFSCL~1.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
"item"="Logitech . Product Registration"
"path"="C:\\Users\\Amby\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech . Product Registration.lnk"
"backup"="C:\\Windows\\pss\\Logitech . Product Registration.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\Logitech\\LOGITE~1\\eReg.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"item"="OneNote 2010 Screen Clipper and Launcher"
"path"="C:\\Users\\Amby\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~2\\Office14\\ONENOTEM.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots Daily Features.lnk]
"path"="C:\\Users\\Amby\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Webshots Daily Features.lnk"
"backup"="C:\\Windows\\pss\\Webshots Daily Features.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\Webshots Daily Features\\Webshots Daily Features.exe "
"item"="Webshots Daily Features"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Amby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WebshotsWidget.lnk]
"path"="C:\\Users\\Amby\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WebshotsWidget.lnk"
"backup"="C:\\Windows\\pss\\WebshotsWidget.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\Webshots Daily Features\\Webshots Daily Features.exe /t"
"item"="WebshotsWidget"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ADVService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]
 
 
==== Startup Folders ======================
 
2016-03-30 07:06:43 1067 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job --a------ C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe [07/23/2015 06:57 AM]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job --a------ C:\Users\Amby\AppData\LoC:al\Dropbox\Update\DropboxUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/22/2015 02:40 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/22/2015 02:40 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core.job --a------ C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [05/22/2015 02:41 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA.job --a------ C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe [05/22/2015 02:41 PM]
C:\Windows\tasks\HPCeeScheduleForAmby.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]
C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ [Undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" [C:\Program Files\Bitdefender Agent\WatchDog.exe]
"C:\Windows\SysNative\tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8" [C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core" [C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA" [C:\Users\Amby\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe]
"C:\Windows\SysNative\tasks\ExtendedServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000Core" [C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1118247773-2797080340-1104804865-1000UA" [C:\Users\Amby\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForAmby" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1000 J110 series" ["C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\PandaUSBVaccine" ["C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe"]
"C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdrcui.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1118247773-2797080340-1104804865-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1118247773-2797080340-1104804865-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DB1F562D-752E-4F9C-95F0-4C4A68709590}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{3443FFD0-228B-4A5C-B759-01B8EE45882A}" [C:\Users\Amby\AppData\Local\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{5BB5BABE-D4C3-459F-B8DD-349B95BF8CBD}" [C:\Program Files (x86)\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe]
"C:\Windows\SysNative\tasks\{7AC58962-433F-4C7F-A475-AE3B7E2A9897}" [C:\Python26\pythonw.exe]
"C:\Windows\SysNative\tasks\{ABE8B27B-890F-4771-BB16-D8210F42940D}" [C:\Program Files (x86)\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [02/02/2016 09:48 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [02/02/2016 09:48 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default
- Google Analytics Watcher - %ProfilePath%\extensions\gic2@getinformer.com
- Element Properties - %ProfilePath%\extensions\properties@darktrojan.net
- Undetermined - %ProfilePath%\extensions\staged
- Ancestry.com Advanced Image Viewer - %ProfilePath%\extensions\support@ancestry.com
- WebRank Toolbar - %ProfilePath%\extensions\webrank-toolbar@probcomp.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Linkification - %ProfilePath%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
- affilorama - %ProfilePath%\extensions\{7822cf50-08ee-4915-9872-ee92472df6cb}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
- Amazon Toolbar - %ProfilePath%\extensions\amznUWL@amazon.com.xpi
- Blank Canvas Signatures for Gmail - %ProfilePath%\extensions\gmail_sigs@blankcanvasweb.com.xpi
- Lazarus: Form Recovery - %ProfilePath%\extensions\lazarus@interclue.com.xpi
- Multifox - %ProfilePath%\extensions\multifox@hultmann.xpi
- Multi Links - %ProfilePath%\extensions\multilinks@plugin.xpi
- Rainbow Color Tools - %ProfilePath%\extensions\rainbow@colors.org.xpi
- SEOProfesional - %ProfilePath%\extensions\seo@profesional.xpi
- VideoSurf Videos at a Glance - %ProfilePath%\extensions\videosurf_enhanced@videosurf.com.xpi
- MeasureIt - %ProfilePath%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
- PrefBar - %ProfilePath%\extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754}.xpi
- Scan Link 2010 - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD381}.xpi
- Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default
20FF20FBC1F20ADEC0AD6AF98ABE9545 - C:\Users\Amby\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
15777A282C9678F6BB35226D72C5AD8E - C:\Users\Amby\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll - Hulu Desktop
1864B052CFFD84437442AD84FD1BA10A - C:\Users\Amby\AppData\Roaming\Mozilla\Firefox\Profiles\33ki3suc.default\extensions\support@ancestry.com\plugins\npImgCtl.dll - Ancestry.com Image Viewer Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dhhejlifdlcgcmogbggeomfodgklfaem - No path found[]
fabcmochhfpldjekobfaaggijgohadih - No path found[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Google Docs - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Novelize - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgfbheeommcgojlodnikcnekolkjlega
Audiotool - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk
YouTube - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Add to Amazon Wish List - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
Spotify - Music for every moment - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh
Story Wars - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coadbejlmmejdkpdcnbikfcplabhgmpo
Google Search - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Bitdefender Wallet - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
PicMonkey Extension - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl
TimezoneBuddy - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfdledafmpmeekclcfgddlokikjffo
Polarr - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg
Soundtrap - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlallcjfneldmakcbklbpbcgdbbkigfi
Powered by Redstone - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaafagdemifnmjbmblhleneomcfdmofm
Soundtrap - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\epaknpicfmoglpinnnjckaobafganajf
Lucidpress Free Design Tool - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdiljnnpfniifgbaippdemegmlhoohka
RapPad - Write Better Lyrics - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhadcpjgjandiokfnmeefdcimniinhpe
Magisto - Magical Video Editor - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk
Avast Online Security - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Jellynote - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbdilcjeejecjnbbhhpkhhocnhlgfnn
Google Keep - notes and lists - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki
We Heart It - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
Inkscape on rollApp - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjinnaagdniegmfejingjjhljhmkopj
This Exquisite Forest - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\illikembakcokcfifcbkneafjjjnckkd
Panabee - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\injaekmmopacmmfiebacognclnackfbc
SoundCloud - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp
Giphy for Chrome - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlleokkdhkflpmghiioglgmnminbekdi
Schooltraq - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\klgfldonaglinnnpbagllbnekgjdbinb
Hangouts - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl
Until AM Web App - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk
Google Play - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Evernote Web - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
AudioSauna - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae
Canva - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf
LINE - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde
BeFunky - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo
Flat - Music scores and guitar tabs editor - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg
Hangouts - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd
Save to Pocket - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Chrome Web Store Payments - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chordify - Tune into Chords - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbmddiahnkphhipnimckolcndkcgjgn
WeVideo - Video Editor and Maker - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb
Movellas.com - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcdekhaaokiblpmgmicjbkniggmhggmg
Evernote Web Clipper - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Amber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Tynt Blocker - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\achmnghbfplhfomhiohmojicomlgmkam
Aviary Audio Editor - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajiijeebjcmkhdplmollbjpljcnelfhn
Website and SEO Analysis - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkomeiemllejmopbbjjngpmmikfedad
Quttera URL Scanner - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\akakpmcaifloabilokpjlaipdkoofldh
Smartsheet Chrome App - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alehdleagcgnimdipdmllebddejplpbi
Awesome Screenshot: Capture Annotate - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce
Beatlab - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk
Google Drive - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Web Developer - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm
Web of Trust - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Weekdone Employee Status Reports - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjahdjkkjenpigpggpcnlfadlopbpcid
Hootsuite Hootlet - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn
SEO Status Pagerank/Alexa Toolbar - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgpmafbkgcchdjehdpnfgfgbdfahapa
Audiotool - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk
ClickBoard - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnahceedpdkaiojgdpddkkdkmjkabfgb
Bionic Books - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnajpbphefbkedjhilaoohdpempncdif
Zscaler Safe Shopping - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjcmkhcpdacimmoecmnbeogagmekpmg
Verbatim Translatio - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bobgnmijljonenlachekpkgikohcghon
ToneCheck\u2122 for Gmail\u2122 beta - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpldoihdgakfacljjecdbeepglelfjjc
Ge.tt - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc
Bypass \Become a Fan\ - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceoahfhinjgldgpfkjmjghpaidolbeag
Quick Encrypt - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceoomdobfpkpdilfooakcmklkkolppcb
selector is not a valid CSS selector - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Bitdefender TrafficLight adds a strong and non-intrusive layer of security to your browsing experience - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal
AddThis - Share & Bookmark (new) - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde
Add to Amazon Wish List - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
Pixsta - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc
Smartsheet Project Management - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm
ShopLocket - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjaibgdfaifnnjollpannioonpleckpj
Alexa Traffic Rank - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
MockFlow - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldcgifnkcmflfjfbhedkdfecbaakmcd
Reference App - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkmefkffmfinedklminbclibddlf
Autopen - Email Signatures - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmjcoiohflenpehfaalahocpmacjloof
Aviary Image Editor - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafkakmjmhfnnfclmjdfpnbmdeddkoeo
Site Spider - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddlodfbcplakmddhdlffebcggbbighda
Lookup Companion for Wikipedia - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej
Bitdefender Wallet - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
Blogger comments editor / permalink adder - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhikmcpmloddgnhmnnekekiclhjccgel
SEO Site Tools - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc
FlashCards - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb
Be a Local - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\diiecohgbcgbehcpofpolcnoipmefgbm
Lucidchart Diagrams - Desktop - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj
Lazarus Form Recovery Patched - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\djffgnjhndjebbbgmkibfgjfegffmcpm
Backtweets Notifier - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbchninmgmgbjcmelhgaodfjbelhjpj
Cloud Save - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd
Parallel Universe - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlgmiidgfdpjcnhnhafijlpinepjkpnd
Mapnificent - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljjdghcikmaacogeloeooafjopponic
Cortexit - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnppkfenemlkmcelaoddfabcdopmhmg
Slick RSS - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob
*Dashboard for Chrome* - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfimkdnkkcajpkongkaaebnmidaegip
Pinterest Right Click - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebnlmphodejhpeoplgojlbgcekfopfjo
Search All - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk
Pixlr-o-matic - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj
Gmail Offline - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk
Google Calendar - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
NoteBook Professional - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkgcninebemfhajfhmiffbndloiacbe
ScribeFire - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkkomimknapgodalnkjeddkjnjkfmfp
SearchMeNow - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\endnkcdnbldpjmmpmhbejcnjmhpggnje
Realtimetter - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\epeckgeilgaojhfffkepefefbmjaefom
Bitdefender Wallet - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Related Content by Zemanta - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge
GEO+ - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidhlplliphaijlenolgdojklmgbonnf
FreeAgent - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjemfnfinfkidfkgnkbjebdbpgbkgiba
kwout - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkeenfecmgighpmhfnbgdohplnbihboo
Paste It - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln
This information is used only for diagnosing the problem you are reporting is available only to someone investigating your report and is retained for no more than 30 days. - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp
TM BETA - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf
Court Records Search - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgehcgmhjbiombkkaoepklkiejgcjen
Taskforce - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc
Name of new folder - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk
Google Docs Offline - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
ABBREX - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgkilempkpocmgbkgkjoeapjajonphj
Straight to Full-Size for Google Images\u2122 - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghhmhdkbiodiengmhbbpjkcjodingned
Amazonâ„¢ MP3 Cloud Music Player - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijcllgbmjegkklelijafediennbnabd
Social Translate - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\giljlmclogpacbccpelmggfcjnickhhf
ToutApp Email Tracking Templates Analytics - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj
WriteThat.Name - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmekpejbhejfklgapcdolmfhdbnoemji
Page Rank - LinkExtend - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlhmjoojmepfijdlmhpbdibikkoibjg
Pin It Button - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
TinEye Reverse Image Search - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl
CryptoPass - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegbhhpocfhlnjmemkibgibljklhlfco
Website Informer Addon - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmkhdckpblkakgojblgmlgaeaimofom
Last.fm Scrobbler - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm
SuperSorter - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij
AncestryDNA Helper - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjflmfphflaeehhpdiggobllgffelfee
TiltShiftMaker - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo
Geni - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnbeipfaipeokbeoakhfhapcldepimh
Send to Taskforce - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljhkedklaogpjkpflckfehiidocogjk
Ancestry Family Search Extension - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahjgikepkkgkinlhipagkkdgfbobphh
Insights for Search - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibamldnmegipgpiaepcilgcfnmgillfh
META SEO inspector - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef
Kindle Cloud Reader - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
Inkscape on rollApp - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjinnaagdniegmfejingjjhljhmkopj
Blogger Comment Feeds - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnjpdkohdobepefcggjfjhenfcjpgah
Notifus - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\idniochdimflalanajopnhaomfplfgka
Social Fixer for Facebook - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb
SpellBook - Execute Bookmarklets from Right Click - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihckioenbbjedpocnnennnehjaacojil
BookedIN - Appointment Booking and Scheduling - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj
BulkPageRank - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihnnahkcmnagcenhpmlecofngoogkndb
Send to Kindle by Klip.me - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
InsurePost - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbbbfghokhomppbjkpnicokplbifacmg
Facebook Like Button - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehaijobeonhempacbjelicepjkhoidi
GeekIt ™ for Chrome - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeonijcbpghmepkamkncbdjdcjkbblkj
Anti forced like - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfidejpbjcjjcakjmpiejcepnakmdmc
Klout - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak
Instant Retro - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp
Google Voice (by Google) - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
Add Facebook Events to Google Calendar\u2122 - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcimpbhnilcgolicdnepifecokinjof
Autodesk Homestyler - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb
Smart Punctuations - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kemhapeegihkkkjbhnepbpkklbmpbgfn
Shareaholic for Pinterest - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc
Blogger SPAN Pollution Reducer - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflphbnkmeikenpjoomdmebenejpnphj
Gift Registry Add-On for Pinterest - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kklcfdmglffmfedcgkefbdcggmabpalo
DirectIQ - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmejjpglpgfglnfpfjpholofdndcalbi
Word Count - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmndjoipobjfjbhocpoeejjimchnbjje
Hootsuite - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij
Hangouts - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl
Save as PDF - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc
Anagram Solver - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagehpplbjnkffgblanjkpchfebpoike
Ultradox - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\laopdikjalenfglkalhhmkchjcamdfgj
Webcam Toy - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade
InvisibleHand - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko
SaferChrome - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpkjjingioekjianemgdobchenebhek
JSON Editor - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkmoheomjbkfloacpgllgjcamhihfaj
Its not possible to get the requested site because of a network error. - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljafjhbjenhgcgnikniijchkngljgjda
Google Drive App Launcher - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Lazarus Form Recovery - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno
Extensions Manager (aka Switcher) - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
Large Document - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccldfhipgghpkkamlldhiajioepaklb
Bookmarklet Finder - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjpejgcgnppclgahinlcnjpceocdkmp
Boomerang for Gmail - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
Quote Tweet - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehoepkkgogpjjgnbkeinjmiplmiefag
scroblr - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog
MixCloud Downloader - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfpmaaidpgbklpnffchmlmfpjboahej
WebRank SEO - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji
Ghostery - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Play Books - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb
Slick RSS : Feed Finder - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajmofiejfjgeaakelmjklenjaekppa
BrandMyMail - Email Signatures for GMail - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndekeigclpmnhmggjakhfmklhhibiokp
Profile Engine: Advanced Search for Facebook - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnkokeclakfloooiaghcnbpncaddibc
Pinterest - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\njiapkdadfajalmkmpcbmodldfacnagc
Chrome Web Store Payments - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Personal Blocklist (by Google) - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef
GIFPAL - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch
Iframely Responsive Embeds - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajehffbidgccdedglcogjoolbdmpjmm
Todo.ly - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap
Straight to Google Analytics - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnalgemgaiglcdlkdhnfahhihkiijde
Chop - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oebekngjcmiocalhcockfggljhgnijde
Assignments (by HootSuite) - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfcehdaekhnbkojcnjijopkecldfdcm
Kid Mode for Chrome - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\oioeohebbahbomemnpdmnicoghkepidd
Sell Simply - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojaeikpecldleicicnjdbmlabkgfnkmn
Piktochart - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgpilphbpmpjlicfhhkgnfbedaeegil
Pin Search | Image Search on Pinterest - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm
Thesaurus - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem
Bitdefender QuickScan - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
Draw.io Desktop - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla
Social Analytics - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgckigmaefoaemjpijdepakcghjkggmg
Publish5 - DIY Mobile App Creator - Amby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl
Google Slides - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Novelize - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgfbheeommcgojlodnikcnekolkjlega
Audiotool - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk
YouTube - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Add to Amazon Wish List - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced
Spotify - Music for every moment - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh
Story Wars - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coadbejlmmejdkpdcnbikfcplabhgmpo
Bitdefender Wallet - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
PicMonkey Extension - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhipmoghimfdldnocmopeoanjmoolofl
Polarr - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg
Soundtrap - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlallcjfneldmakcbklbpbcgdbbkigfi
Powered by Redstone - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eaafagdemifnmjbmblhleneomcfdmofm
Soundtrap - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\epaknpicfmoglpinnnjckaobafganajf
Bitdefender Wallet - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fabcmochhfpldjekobfaaggijgohadih
Lucidpress Free Design Tool - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdiljnnpfniifgbaippdemegmlhoohka
Google Sheets - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
RapPad - Write Better Lyrics - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhadcpjgjandiokfnmeefdcimniinhpe
Google Docs Offline - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Magisto - Magical Video Editor - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk
Avast Online Security - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
Jellynote - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcbdilcjeejecjnbbhhpkhhocnhlgfnn
Google Keep - notes and lists - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki
We Heart It - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
Inkscape on rollApp - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icjinnaagdniegmfejingjjhljhmkopj
This Exquisite Forest - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\illikembakcokcfifcbkneafjjjnckkd
Panabee - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\injaekmmopacmmfiebacognclnackfbc
SoundCloud - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipebkipbeggmmkjjljenoblnfaenambp
Giphy for Chrome - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlleokkdhkflpmghiioglgmnminbekdi
Schooltraq - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klgfldonaglinnnpbagllbnekgjdbinb
Hangouts - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl
Until AM Web App - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk
Google Play - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Evernote Web - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
AudioSauna - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae
Google Drive App Launcher - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Canva - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbcfmcoibkecmionmehabndbljdleekf
LINE - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\menkifleemblimdogmoihpfopnplikde
BeFunky - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo
Flat - Music scores and guitar tabs editor - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg
Hangouts - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd
Save to Pocket - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Chrome Web Store Payments - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chordify - Tune into Chords - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojbmddiahnkphhipnimckolcndkcgjgn
WeVideo - Video Editor and Maker - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb
Movellas.com - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcdekhaaokiblpmgmicjbkniggmhggmg
Evernote Web Clipper - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Bitdefender Wallet - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem
Bitdefender Wallet - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Google Sheets - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D21BBA4C-9739-41D7-8A1A-38C94811B1A3}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{21F2E698-FFBB-451C-ACCF-09989B21AD75}"
HKLM\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75} - http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75} - http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{D21BBA4C-9739-41D7-8A1A-38C94811B1A3}"
HKCU\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75} - http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
HKCU\SearchScopes\{D21BBA4C-9739-41D7-8A1A-38C94811B1A3} - https://www.google.com/search?q={searchTerms}
 
==== Uninstall List x64 ======================
 
7-Zip 4.65 (x64 edition) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0465-000001000000}]
Adobe Acrobat Reader DC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}]
Amazon Cloud Drive [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Cloud Drive]
Amazon Kindle [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Kindle]
Amazon MP3 Downloader 1.0.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon MP3 Downloader]
Amazon Reviewer Analysis Tool 3.12.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Reviewer Analysis Tool]
Amazon Unbox Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{54A4839E-87F8-4BD1-9682-A349E9943F0A}]
Amazon Unbox Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}]
Ancestry World Archives Project - Keying Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C7647C-8DCD-4446-A48D-E595ABD7E15B}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Bing Bar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}]
Bitdefender Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent]
Bitdefender Total Security 2016 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
CameraHelperMsi  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Coupon Printer for Windows [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0]
Cricket Broadband Connect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6336C0CC-BA32-4949-9D3D-C86B76147CCA}]
Cricket EVDO Modem [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}]
CyberLink DVD Suite Deluxe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
CyberLink DVD Suite Deluxe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
DirectX for Managed Code Update (Summer 2004) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E9E34215-82EF-4909-BE2F-F581F0DC9062}]
Dropbox  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox]
DVD Menu Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}]
DVD Menu Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}]
Flickr Uploadr 3.2.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Flickr Uploadr]
Foxit Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Foxit Reader]
Gadwin PrintScreen [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gadwin PrintScreen]
GanttProject  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GanttProject]
GenealogyJ 6755 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GenealogyJ 6755]
GIMP 2.6.8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinGimp-2.0_is1]
GlassWire 1.2 (remove only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GlassWire 1.2]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Drive [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{895D0391-459F-4D45-B8DD-13F0DE70C66E}]
Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{817750FA-EC6A-485D-9901-0683AE6FFDF1}]
Google Talk Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F9B579C2-D854-300A-BE62-A09EB9D722E4}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
GrampsAIO64  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\GrampsAIO64 4.2.1]
Graphviz  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80F0B640-3A5E-45B6-ACA0-445AFF78CE85}]
GTK2-Runtime  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GTK2-Runtime]
Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows]
Heimdal  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Heimdal]
herdProtect Anti-Malware Scanner [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\herdProtectScan]
Hewlett-Packard ACLM.NET v1.2.2.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}]
HP Advisor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}]
HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}]
HP Deskjet 1000 J110 series Basic Device Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}]
HP Deskjet 1000 J110 series Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}]
HP Deskjet 1000 J110 series Product Improvement Study [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1A570BFA-D775-47EE-8071-06E9559C14F5}]
HP Games [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall]
HP MediaSmart DVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DCCAD079-F92C-44DA-B258-624FC6517A5A}]
HP MediaSmart DVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}]
HP MediaSmart Music/Photo/Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}]
HP MediaSmart Music/Photo/Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}]
HP MediaSmart SmartMenu [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}]
HP MediaSmart/TouchSmart Netflix [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35021DFB-F9CA-402A-89A2-47F91E506465}]
HP Odometer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B8AC1A89-FFD1-4F97-8051-E505A160F562}]
HP Photo Creations [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations]
HP Remote Solution [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C611CF88-969D-43E6-A877-D6D6439DD081}]
HP Remote Solution [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HP Remote Solution]
HP Setup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17B4760F-334B-475D-829F-1A3E94A6A4E6}]
HP Support Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}]
HP Support Information [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}]
HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}]
Hulu Desktop [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\HuluDesktop]
HxD Hex Editor version 1.7.7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HxD Hex Editor_is1]
iCloud  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}]
Intel® Graphics Media Accelerator Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HDMI]
Internet TV for Windows Media Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF8FFD12-602B-422D-AF1D-511B411E7632}]
Java 7 Update 79 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217079FF}]
JavaFX 2.1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1111706F-666A-4037-7777-211328764D10}]
LabelPrint  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
LabelPrint  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}]
Last.fm Scrobbler 2.1.37 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LastFM_is1]
LG VZW United Drivers [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AB43784D-1EE5-4111-95C8-918B25EFDC4B}]
LightScribe System Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC8E94A2-55C7-4460-953C-2A790180578C}]
LMMS 1.1.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LMMS]
Logitech Vid HD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Logitech Vid]
Logitech Webcam Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}]
Logitech Webcam Software Driver Package [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\lvdrivers_12.0]
LWS Facebook [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}]
LWS Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}]
LWS Help_main [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}]
LWS Launcher [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}]
LWS Motion Detection [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}]
LWS Pictures And Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}]
LWS Twitter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}]
LWS Video Mask Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}]
LWS VideoEffects [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{138A4072-9E64-46BD-B5F9-DB2BB395391F}]
LWS Webcam Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}]
LWS WLM Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}]
LWS YouTube Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}]
MAGIX Video easy SE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C0EAE1CA-EBF0-4A55-BEA9-EA79FAF40889}]
MAGIX Video easy SE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MAGIX_MSI_Video_easy_SE]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}]
Microsoft Office Professional Plus 2013 - en-us [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95716cce-fc71-413f-8ad5-56c2892d4b3a}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}]
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}]
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)]
Microsoft WSE 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}]
Minecraft  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}]
MiniTool Power Data Recovery Free Edition 7.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MiniTool Power Data Recovery Free Edition_is1]
Mobile PhoneTools [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3273F0D8-3204-4DE5-BE34-AA6613B0E844}]
Mobile PhoneTools [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CF6B515D-D99A-4B02-8C92-9EA255035A3D}]
Movie Theme Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3023EBDA-BF1B-4831-B347-E5018555F26E}]
Movie Theme Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}]
mp3splt-gtk  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mp3splt-gtk]
Mp3tag v2.52 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mp3tag]
MS Access 97 SP2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MS Access 97 SP2]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MyFonts Order M1805396 (A) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9312A11-3FCB-6A45-543C-9B74E7C14F8E}]
MyFonts Order M1805396 (B) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6E2CE831-93F3-8A3C-9DE1-B7237C5A3414}]
MyFonts Order M1805396 (C-D) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6E1653CD-ED27-0B25-D61F-F81228973E96}]
MyFonts Order M1805396 (E-F) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4A639E7-CBD0-3E92-1C61-B8BE32E33201}]
MyFonts Order M1805396 (G-H) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F27E580-824B-9100-AD70-BC2D93651553}]
MyFonts Order M1805396 (I-K) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7292FB61-8651-7417-8EF4-9677F90BF4F8}]
MyFonts Order M1805396 (N-O) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A481E71D-2DAB-57C9-FFE3-9447CF4F7AA7}]
MyFonts Order M1805396 (P) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C344CB3-4AAE-12CC-9C3A-EA23F5A4AE41}]
MyFonts Order M1805396 (Q-R) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73E7A3CF-9AAB-3193-3351-478565161A8D}]
MyFonts Order M1805396 (S) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{825EAB1D-EAF0-5A97-E64F-95C8B0426C3F}]
MyFonts Order M1805396 (T-V) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01810D07-B425-94EC-26B6-CA9415A01567}]
MyFonts Order M1805396 (W-Z) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A212E1EC-9CB5-F9E0-CC56-B808E2D045B1}]
paint.net  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}]
Panda USB Vaccine 1.0.1.16 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1]
PANTECH USB Modem V2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1C336D20-A089-4818-9C56-96AD81BF5A11}]
PeerBlock 1.2 (r693) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1]
PictureMover  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1896E712-2B3D-45eb-BCE9-542742A51032}]
PlayReady PC Runtime amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}]
Poladroid  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}]
Power2Go  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}]
Power2Go  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}]
PowerDirector  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}]
PowerDirector  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}]
POWERPREP II [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2687340C-C114-47DC-9F0E-C1BA85FEB001}]
Python 2.6 pycairo-1.8.6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pycairo-py2.6]
Python 2.6 pygobject-2.20.0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\pygobject-py2.6]
Python 2.6 pygobject-2.20.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pygobject-py2.6]
Python 2.6 pygtk-2.16.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pygtk-py2.6]
Python 2.6.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4723f199-fa64-4233-8e6e-9fccc95a18ee}]
QuickTime 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}]
R for Windows 3.2.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\R for Windows 3.2.2_is1]
Realtek Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Realtek PCIE Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1594429-8296-4652-BF54-9DBE4932A44C}]
Recovery Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}]
SAMSUNG Mobile Modem Driver Set [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile Modem]
Samsung Mobile phone USB driver Drive Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Mobile phone USB driver Drive]
SAMSUNG Mobile USB Modem 1.0 Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile USB Modem 1.0]
SAMSUNG Mobile USB Modem Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile USB Modem]
Samsung PC Studio 3 USB Driver Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}]
Security Task Manager 2.0d [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Security Task Manager]
Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
Tablet Driver V8.01 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TabletDriver]
Voicemeeter, The Virtual Mixing Console [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VB:Voicemeeter {17359A74-1236-5467}]
Windows Media Player Firefox Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}]
 
==== HijackThis Entries ======================
 
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Amazon Music] "C:\Users\Amby\AppData\Local\Amazon Music\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
O4 - Startup: BdBkpFolder
O4 - Global Startup: BdBkpFolder
O4 - Global Startup: Heimdal.lnk = C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Heimdal Service (HeimdalService) - CSIS Security Group - C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
 
==== Silent Runners ======================
 
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Amber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Amby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Trevor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Amber\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Amby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Amber\AppData\Local\temp emptied successfully
C:\Users\Amby\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Trevor\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Amby\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 04/08/2016 at 16:16:05.56 ======================
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users