-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Solved got scamed
- Thread starter Hilton Heflin
- Start date
- Status
run c:\windows\system32\snippingtool.exe and click "new"
select the zone to capture ( the interface of your malwarebytes ), and save it to your desktop , and attach the picture you saved
select the zone to capture ( the interface of your malwarebytes ), and save it to your desktop , and attach the picture you saved
not VErsion 6 ^^ Version 3.1.2 lol
ok it's reports tab the first scan-log ( it's not the same interface than in french lol )
ok it's reports tab the first scan-log ( it's not the same interface than in french lol )
ok it's reports tab the first scan-log ( it's not the same interface than in french lol )[/QUOTE]
I have to go so will work on this tomorrow..
Thanks
Oh...did not realize you were in France..
I have to go so will work on this tomorrow..
Thanks
sorry,but due to my health problems can only sit in front of here but so much..
Here is the latest scan..
Again..thank you for your patience and help,,
Here is the latest scan..
Again..thank you for your patience and help,,
ok we're gonna do another diag if quickdiag doesn't want to go 'till the end
HKCU\Software
HKCU\Software\AppDataLow /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s
HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s
%Homedrive%\*
%Homedrive%\*.
%Homedrive%\Recycler\*.exe /s
%Homedrive%\Recycler\*.scr /s
%Homedrive%\Recycler\*.pif /s
%Homedrive%\Recycler\*.vb* /s
%Homedrive%\$Recycle.bin\*.exe /s
%Homedrive%\$Recycle.bin\*.scr /s
%Homedrive%\$Recycle.bin\*.pif /s
%Homedrive%\$Recycle.bin\*.vb* /s
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%AppData%\*
%AppData%\*.
%Userprofile%\Local Settings\*
%Userprofile%\Local Settings\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*.
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*.
%programFiles%\*
%programFiles%\*.
%programfiles%\Google\Desktop\*.
%ProgramFiles%\Common Files\*
%ProgramFiles%\Common Files\*.
%ProgramFiles(X86)%\Common Files\*
%ProgramFiles(X86)%\Common Files\*.
%Systemroot%\Installer*
%Systemroot%\Installer*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\PSS\* /s
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\syswow64\Tasks\*
%systemroot%\syswow64\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
=====================================================================
- Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
- Select and copy all the text below
HKCU\Software
HKCU\Software\AppDataLow /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s
HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s
%Homedrive%\*
%Homedrive%\*.
%Homedrive%\Recycler\*.exe /s
%Homedrive%\Recycler\*.scr /s
%Homedrive%\Recycler\*.pif /s
%Homedrive%\Recycler\*.vb* /s
%Homedrive%\$Recycle.bin\*.exe /s
%Homedrive%\$Recycle.bin\*.scr /s
%Homedrive%\$Recycle.bin\*.pif /s
%Homedrive%\$Recycle.bin\*.vb* /s
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%AppData%\*
%AppData%\*.
%Userprofile%\Local Settings\*
%Userprofile%\Local Settings\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*.
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*.
%programFiles%\*
%programFiles%\*.
%programfiles%\Google\Desktop\*.
%ProgramFiles%\Common Files\*
%ProgramFiles%\Common Files\*.
%ProgramFiles(X86)%\Common Files\*
%ProgramFiles(X86)%\Common Files\*.
%Systemroot%\Installer*
%Systemroot%\Installer*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\PSS\* /s
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\syswow64\Tasks\*
%systemroot%\syswow64\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
=====================================================================
- Save OTL (by OldTimer) to your desktop.
- Configure it like this :
- Paste this script you selected before in the below part of OTL « Personnalisation »
- Click on « Analysis »
- Once the scan has completed, 2 reports will open
- Please copy and paste their content in your next reply
Thanks will have to be later tonight or tomorrow...ok we're gonna do another diag if quickdiag doesn't want to go 'till the end
================================================================
- Disable Windows Defender, Firewall & Antivirus prior to running this tool!!
- Select and copy all the text below
HKCU\Software
HKCU\Software\AppDataLow /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s
HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s
%Homedrive%\*
%Homedrive%\*.
%Homedrive%\Recycler\*.exe /s
%Homedrive%\Recycler\*.scr /s
%Homedrive%\Recycler\*.pif /s
%Homedrive%\Recycler\*.vb* /s
%Homedrive%\$Recycle.bin\*.exe /s
%Homedrive%\$Recycle.bin\*.scr /s
%Homedrive%\$Recycle.bin\*.pif /s
%Homedrive%\$Recycle.bin\*.vb* /s
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%AppData%\*
%AppData%\*.
%Userprofile%\Local Settings\*
%Userprofile%\Local Settings\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*
%Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*.
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*
%Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*.
%programFiles%\*
%programFiles%\*.
%programfiles%\Google\Desktop\*.
%ProgramFiles%\Common Files\*
%ProgramFiles%\Common Files\*.
%ProgramFiles(X86)%\Common Files\*
%ProgramFiles(X86)%\Common Files\*.
%Systemroot%\Installer*
%Systemroot%\Installer*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\PSS\* /s
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\syswow64\Tasks\*
%systemroot%\syswow64\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
=====================================================================
- Save OTL (by OldTimer) to your desktop.
- Configure it like this :
- Paste this script you selected before in the below part of OTL « Personnalisation »
- Click on « Analysis »
- Once the scan has completed, 2 reports will open
- Please copy and paste their content in your next reply
Here goes..I didn't know I knew French <G:>
OTL Extras logfile created on: 6/30/2017 1:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hilton\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18697)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.57% Memory free
6.48 Gb Paging File | 5.34 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1859.99 Gb Total Space | 1817.06 Gb Free Space | 97.69% Space Free | Partition Type: NTFS
Computer Name: HILTON-PC | User Name: hilton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F7590F-862B-4217-A4C3-A2F723A5318B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{130E9C9C-43BA-4722-BEBD-DC17D5488497}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FC65E0A-55B5-45BF-856D-C54444F2EFFC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C89FAE3-4649-44DD-A8F8-435FCDB7B737}" = rport=137 | protocol=17 | dir=out | app=system |
"{31B9614E-19B5-47F1-B248-82B7FB10F05A}" = rport=139 | protocol=6 | dir=out | app=system |
"{33BD130C-2EDE-45F5-96A3-0CB357BED01A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{438014A4-9A45-49A8-A697-1AE4A4AD22E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DD80964-5998-454E-B269-08E4CDDC5C0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{595697F8-32D1-4756-9C44-796FE05FA7C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{59C7FF6B-FB81-4464-809B-F15457DD553E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BB621B1-4B14-4FF8-B978-E1294E2B6192}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E879FCF-B8F6-4803-BD30-613EDE3040E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DB92760-ED36-44F1-B8F0-6065169171F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77B6BA33-6B28-4060-B5B4-FFE79EE73271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77CA258F-B633-4A3A-BFB4-802478F267E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{786880E2-655D-4FF8-A544-3E03560FAA2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818921FF-166D-476F-AD3E-7D2E0B361DB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{897E160E-8314-46CF-AA7A-2A4804F5DAF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{952BF929-6F23-4E09-8853-5C52A6024738}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB118072-21A5-40DF-9103-AF56187C75D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DACD204F-DEF5-483A-BCE8-6076BA844F1E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E433A99B-A6F8-49FB-B2D4-F0C67A559E94}" = rport=138 | protocol=17 | dir=out | app=system |
"{E89E9C44-AC4B-41D7-8784-5BC2FB9D9EC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA51EE56-D784-44BC-8529-940E77304795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039AE26B-1079-468C-A061-01D11C5F755F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A573E46-1B2F-4B31-846B-CCDEF248BFDA}" = protocol=58 | dir=in | app=system |
"{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14BEFA0B-1E11-4E28-AC94-44D4A7A805AC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{186AA901-C80B-4245-A655-D3628D868250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24797A19-1947-40F0-ACBE-E10E0583252B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A500436-332F-43FF-B443-030332BD69A8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B912AE4-4474-4BDE-9184-C98149AEE161}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F4ABB9D-304A-4925-8C98-53E2E9E2E6A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4185EE8E-03EF-4C2E-B34A-F24773EE41CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5053FB91-682B-436F-8F80-3D4FFA351052}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5913CB17-9064-4159-9323-37D5CD6B5D68}" = protocol=6 | dir=out | app=system |
"{6C178907-0A86-4A63-8767-E451EAB8901B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EA43417-E1B8-46D3-8E5E-F350FBD439EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98462915-C232-4D3A-BA64-1439C736C6A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A5817B7A-EB84-400F-B1B7-22B7BECE34EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B4787F2E-2FA3-4222-B52F-4AE5EEFB1364}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA9DCF03-18A2-40D2-B40E-D8C983DA6BD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C99B5CD6-5C7F-410E-960C-7146A050F3A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9AC7846-8799-48E0-A585-0B3BD434B1C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E374593A-580D-44C2-A23B-EFC552A7A882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8207517-F4F1-4084-AD6C-988A4CDC999F}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe" = protocol=6 | dir=in | app=c:\users\hilton\appdata\local\amazon music\amazon music helper.exe |
"UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe" = protocol=17 | dir=in | app=c:\users\hilton\appdata\local\amazon music\amazon music helper.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series" = Canon MG3200 series MP Drivers
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{224024F1-88C6-4E06-9AF6-39FF47347338}" = eM Client
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{302600C1-6BDF-4FD1-1603-148929CC1385}" = Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590)
"{30500C7C-2206-3DC6-9792-96E95A04669D}" = Microsoft .NET Framework 4.6.1
"{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}" = Intel(R) Chipset Device Software
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.1.2.1733
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{74d0e5db-b326-4dae-a6b2-445b9de1836e}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{98f335cd-0a32-4b3f-b74c-ef9480e834f0}" = Intel(R) Chipset Device Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026
"{AC76BA86-0804-1033-1959-001824225037}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = Samsung USB Driver for Mobile Phones
"{D8A3D01E-BCBB-491B-856F-61E3B8563E32}" = Intel(R) Network Connections 19.5.303.0
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EEA30AEB-8BA7-465B-85D4-098BB99733E7}" = OpenOffice 4.1.3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player ActiveX" = Adobe Flash Player 26 ActiveX
"AI RoboForm" = RoboForm 8-3-7-7 (All Users)
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"MESOL" = Intel® Active Management Technology
"Mozilla Firefox 52.0 (x86 en-US)" = Mozilla Firefox 52.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSetDX" = Intel(R) Network Connections 19.5.303.0
"Stardock Fences 3" = Stardock Fences 3
"Stardock ObjectDock" = Stardock ObjectDock
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"58d94f3ce2c27db0" = Dell System Detect
"Amazon Amazon Music" = Amazon Music
"Kodi" = Kodi
"Mozilla Firefox 53.0.3 (x86 en-US)" = Mozilla Firefox 53.0.3 (x86 en-US)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/23/2017 1:29:36 PM | Computer Name = hilton-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.18698 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1374 Start
Time: 01d2ec430c56d251 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 6/23/2017 2:02:56 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/23/2017 3:10:55 PM | Computer Name = hilton-PC | Source = LMS | ID = 2
Description = LMS Service lost connection to HECI driver
Error - 6/23/2017 3:19:42 PM | Computer Name = hilton-PC | Source = LMS | ID = 2
Description = LMS Service lost connection to HECI driver
Error - 6/25/2017 10:45:32 AM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/25/2017 4:38:48 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 10:29:40 AM | Computer Name = hilton-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.18698 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17b8 Start
Time: 01d2ee87fe4a21fc Termination Time: 74 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 6/26/2017 12:54:57 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 2:21:15 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 2:21:31 PM | Computer Name = hilton-PC | Source = System Restore | ID = 8210
Description =
[ System Events ]
Error - 12/25/2016 2:21:43 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10010
Description =
Error - 12/25/2016 2:25:34 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
Error - 12/25/2016 2:26:42 PM | Computer Name = hilton-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 12/25/2016 2:26:42 PM | Computer Name = hilton-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 12/26/2016 11:37:48 AM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 2:22:18 PM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 2:22:30 PM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 3:44:01 PM | Computer Name = hilton-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 12/27/2016 3:44:45 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
Error - 12/27/2016 3:44:46 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
< End of report >
----------------next......
OTL logfile created on: 6/30/2017 1:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hilton\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18697)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.57% Memory free
6.48 Gb Paging File | 5.34 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1859.99 Gb Total Space | 1817.06 Gb Free Space | 97.69% Space Free | Partition Type: NTFS
Computer Name: HILTON-PC | User Name: hilton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (All) ==========
PRC - [2017/06/30 13:10:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hilton\Downloads\OTL.exe
PRC - [2017/06/21 14:27:40 | 000,110,376 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2017/06/13 10:08:48 | 007,648,984 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2017/06/02 03:58:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2017/05/16 13:35:10 | 000,815,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2017/05/12 13:41:01 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2017/05/09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017/05/09 17:41:44 | 008,534,480 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
PRC - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PRC - [2017/04/27 14:41:40 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
PRC - [2017/03/30 10:58:17 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/07/23 03:42:36 | 000,151,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\ibtsiva.exe
PRC - [2016/07/18 15:43:52 | 001,161,256 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe
PRC - [2016/07/18 15:43:44 | 001,722,408 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe
PRC - [2016/07/18 15:43:38 | 001,202,216 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe
PRC - [2016/06/29 16:50:18 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2015/04/12 23:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2014/10/16 14:38:56 | 000,180,992 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2012/04/01 13:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/11/20 17:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 17:29:11 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2010/11/20 17:29:06 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2009/12/01 15:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 15:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 15:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
========== Modules (All) ==========
MOD - [2017/06/30 13:10:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hilton\Downloads\OTL.exe
MOD - [2017/06/21 14:27:40 | 028,446,504 | ---- | M] (Siber Systems Inc.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
MOD - [2017/06/21 14:27:40 | 000,110,376 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
MOD - [2017/06/13 15:33:32 | 001,366,968 | ---- | M] (Stardock) -- c:\Program Files\Stardock\Fences\DesktopDock.dll
MOD - [2017/06/13 15:33:32 | 000,763,320 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Fences\FencesMenu.dll
MOD - [2017/06/13 15:33:32 | 000,053,720 | ---- | M] () -- c:\Program Files\Stardock\Fences\SdCrashReporter.dll
MOD - [2017/06/13 10:08:48 | 007,648,984 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
MOD - [2017/06/02 04:09:50 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2017/05/25 11:58:04 | 000,399,304 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
MOD - [2017/05/22 10:56:04 | 000,306,704 | ---- | M] (BugSplat) -- c:\Program Files\Stardock\Fences\BugSplat.dll
MOD - [2017/05/22 10:56:04 | 000,106,000 | ---- | M] (BugSplat, LLC) -- c:\Program Files\Stardock\Fences\BugSplatRc.dll
MOD - [2017/05/21 00:06:33 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
MOD - [2017/05/21 00:06:32 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2017/05/21 00:06:29 | 000,655,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2017/05/21 00:06:29 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2017/05/21 00:06:29 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2017/05/21 00:06:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
MOD - [2017/05/21 00:06:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2017/05/21 00:06:17 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2017/05/21 00:06:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2017/05/20 23:42:24 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2017/05/19 13:26:21 | 001,042,392 | ---- | M] (Stardock Corporation) -- c:\Program Files\Stardock\Fences\SdAppServices.dll
MOD - [2017/05/16 13:35:10 | 000,815,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
MOD - [2017/05/16 13:35:10 | 000,235,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
MOD - [2017/05/14 15:16:37 | 002,290,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2017/05/14 15:12:11 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
MOD - [2017/05/14 15:11:45 | 020,274,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
MOD - [2017/05/14 14:44:07 | 004,549,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
MOD - [2017/05/14 14:38:51 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
MOD - [2017/05/14 14:30:17 | 013,664,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2017/05/14 14:15:06 | 002,767,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2017/05/14 14:14:54 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
MOD - [2017/05/14 14:11:26 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
MOD - [2017/05/14 14:11:22 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2017/05/14 14:07:14 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2017/05/12 14:04:46 | 001,310,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2017/05/12 14:03:19 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2017/05/12 14:03:18 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2017/05/12 14:03:08 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2017/05/12 14:03:07 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2017/05/12 14:03:05 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
MOD - [2017/05/12 14:03:03 | 001,629,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23807_none_5c02a265a011fb02\GdiPlus.dll
MOD - [2017/05/12 14:03:03 | 000,644,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2017/05/12 12:25:40 | 001,251,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
MOD - [2017/05/10 11:12:47 | 012,880,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2017/05/10 11:12:38 | 001,499,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2017/05/09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
MOD - [2017/05/09 17:41:44 | 008,534,480 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
MOD - [2017/05/09 17:40:08 | 001,596,856 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
MOD - [2017/05/09 17:33:20 | 004,793,344 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
MOD - [2017/04/17 11:12:24 | 001,417,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2017/04/17 11:12:24 | 000,581,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2017/04/17 11:12:18 | 000,872,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2017/04/17 11:12:18 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2017/04/12 11:26:12 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2017/04/12 11:25:04 | 001,176,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2017/04/12 11:25:04 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2017/04/11 14:53:16 | 000,104,960 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
MOD - [2017/04/11 14:52:58 | 000,697,344 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2017/04/11 14:52:36 | 000,096,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
MOD - [2017/04/11 14:52:32 | 000,172,544 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
MOD - [2017/04/11 14:52:04 | 000,035,328 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
MOD - [2017/04/11 14:51:56 | 000,074,752 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
MOD - [2017/04/11 14:51:38 | 000,069,632 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2017/04/11 14:50:26 | 000,206,336 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
MOD - [2017/04/11 14:49:04 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
MOD - [2017/04/11 14:49:02 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
MOD - [2017/04/11 14:49:00 | 000,022,528 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
MOD - [2017/04/11 14:48:58 | 000,044,032 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
MOD - [2017/04/11 14:48:58 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
MOD - [2017/04/11 14:47:56 | 002,567,168 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
MOD - [2017/04/11 14:46:22 | 002,514,432 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
MOD - [2017/04/11 14:45:08 | 000,328,704 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
MOD - [2017/04/11 14:45:00 | 000,030,208 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
MOD - [2017/04/11 14:45:00 | 000,019,968 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
MOD - [2017/04/11 14:44:58 | 000,318,976 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
MOD - [2017/04/11 14:44:58 | 000,247,808 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
MOD - [2017/04/11 14:44:54 | 000,017,920 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
MOD - [2017/04/11 14:44:50 | 000,038,912 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll
MOD - [2017/04/11 14:44:50 | 000,018,944 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
MOD - [2017/04/11 14:44:48 | 000,031,232 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
MOD - [2017/04/11 14:44:42 | 000,992,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
MOD - [2017/04/11 14:44:26 | 000,242,176 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
MOD - [2017/04/11 14:44:22 | 000,025,088 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
MOD - [2017/04/11 14:44:16 | 000,024,576 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
MOD - [2017/04/11 14:43:40 | 004,481,024 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
MOD - [2017/04/11 14:42:12 | 005,093,888 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
MOD - [2017/04/11 14:41:14 | 000,672,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
MOD - [2017/03/30 10:58:17 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
MOD - [2017/02/09 12:14:44 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2017/02/09 12:14:38 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2017/01/18 11:35:50 | 000,012,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
MOD - [2016/11/10 12:19:39 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2016/11/09 12:17:31 | 002,365,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2016/11/09 12:17:18 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2016/10/11 11:18:29 | 000,829,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2016/10/11 09:33:27 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
MOD - [2016/10/07 11:12:49 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2016/09/08 16:34:01 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2016/06/29 16:51:32 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2016/06/29 16:51:30 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
MOD - [2016/06/29 16:50:18 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
MOD - [2016/06/29 16:48:27 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
MOD - [2016/06/29 16:48:27 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
MOD - [2016/06/29 16:48:27 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
MOD - [2016/06/29 16:48:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
MOD - [2016/06/29 16:48:27 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MOD - [2016/06/29 16:46:09 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
MOD - [2016/06/14 11:21:27 | 003,209,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
MOD - [2016/06/14 11:21:27 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
MOD - [2016/06/14 11:21:20 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
MOD - [2016/06/14 11:21:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2016/06/14 11:21:18 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2016/05/12 11:18:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2016/05/12 09:04:55 | 000,249,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcryptprimitives.dll
MOD - [2016/05/11 11:19:26 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2016/05/11 11:19:25 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2016/05/11 11:19:24 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2016/05/11 11:19:16 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2016/04/09 00:20:04 | 001,230,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2016/03/09 14:40:16 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
MOD - [2015/12/08 17:53:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
MOD - [2015/12/08 17:53:47 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2015/11/11 14:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
MOD - [2015/10/29 13:49:58 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2015/10/29 13:49:57 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2015/09/01 13:52:53 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2015/08/27 13:58:14 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
MOD - [2015/07/09 13:42:54 | 001,372,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
MOD - [2015/07/09 13:42:54 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2015/05/25 14:01:39 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2015/04/24 13:54:13 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MOD - [2015/01/28 23:02:08 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
MOD - [2014/07/16 21:40:03 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2014/01/28 22:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
MOD - [2013/11/26 04:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
MOD - [2013/10/18 21:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2013/10/11 22:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2013/10/05 02:38:22 | 000,970,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll
MOD - [2013/10/05 02:38:22 | 000,455,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll
MOD - [2013/07/25 21:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2012/12/07 08:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2012/12/07 08:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
MOD - [2012/10/09 13:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2012/10/03 12:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2012/07/04 17:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2012/04/01 13:22:26 | 000,336,160 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
MOD - [2012/01/04 04:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2011/12/30 01:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011/12/16 03:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2011/08/27 00:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2011/06/16 00:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2011/03/11 01:33:09 | 001,699,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
MOD - [2011/03/03 01:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2010/11/20 17:29:50 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2010/11/20 17:29:49 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010/11/20 17:29:41 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
MOD - [2010/11/20 17:29:41 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2010/11/20 17:29:41 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll
MOD - [2010/11/20 17:29:41 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2010/11/20 17:29:40 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2010/11/20 17:29:39 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2010/11/20 17:29:26 | 000,418,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
MOD - [2010/11/20 17:29:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
MOD - [2010/11/20 17:29:24 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2010/11/20 17:29:24 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
MOD - [2010/11/20 17:29:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2010/11/20 17:29:21 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\twext.dll
MOD - [2010/11/20 17:29:20 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2010/11/20 17:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010/11/20 17:29:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2010/11/20 17:29:19 | 000,638,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
MOD - [2010/11/20 17:29:19 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2010/11/20 17:29:19 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010/11/20 17:29:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2010/11/20 17:29:18 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2010/11/20 17:29:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2010/11/20 17:29:13 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2010/11/20 17:29:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2010/11/20 17:29:13 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 17:29:12 | 001,063,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
MOD - [2010/11/20 17:29:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010/11/20 17:29:12 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2010/11/20 17:29:12 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2010/11/20 17:29:12 | 000,649,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
MOD - [2010/11/20 17:29:12 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
MOD - [2010/11/20 17:29:12 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2010/11/20 17:29:12 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
MOD - [2010/11/20 17:29:12 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010/11/20 17:29:12 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
MOD - [2010/11/20 17:29:12 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2010/11/20 17:29:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 17:29:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2010/11/20 17:29:12 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2010/11/20 17:29:12 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2010/11/20 17:29:11 | 002,494,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2010/11/20 17:29:11 | 001,750,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2010/11/20 17:29:11 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2010/11/20 17:29:11 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2010/11/20 17:29:11 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2010/11/20 17:29:08 | 000,399,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
MOD - [2010/11/20 17:29:08 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
MOD - [2010/11/20 17:29:08 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2010/11/20 17:29:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
MOD - [2010/11/20 17:29:08 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
MOD - [2010/11/20 17:29:07 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2010/11/20 17:29:07 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2010/11/20 17:29:07 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2010/11/20 17:29:07 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2010/11/20 17:29:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2010/11/20 17:29:06 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010/11/20 17:29:06 | 000,740,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2010/11/20 17:29:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2010/11/20 17:29:06 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
MOD - [2010/11/20 17:29:06 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2010/11/20 17:29:06 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
MOD - [2010/11/20 17:29:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2010/11/20 17:29:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 17:29:06 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2010/11/20 17:29:06 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2010/11/20 17:29:04 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010/11/20 17:29:04 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2010/11/20 17:29:03 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009/09/23 18:48:52 | 000,275,968 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
MOD - [2009/07/13 21:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/13 21:16:21 | 000,674,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwanmm.dll
MOD - [2009/07/13 21:16:21 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWanAPI.dll
MOD - [2009/07/13 21:16:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwapi.dll
MOD - [2009/07/13 21:16:20 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscinterop.dll
MOD - [2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009/07/13 21:16:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
MOD - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2009/07/13 21:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2009/07/13 21:16:19 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
MOD - [2009/07/13 21:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
MOD - [2009/07/13 21:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2009/07/13 21:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2009/07/13 21:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2009/07/13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
MOD - [2009/07/13 21:16:17 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
MOD - [2009/07/13 21:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009/07/13 21:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009/07/13 21:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/07/13 21:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/07/13 21:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009/07/13 21:16:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll
MOD - [2009/07/13 21:16:15 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Syncreg.dll
MOD - [2009/07/13 21:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2009/07/13 21:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2009/07/13 21:16:12 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
MOD - [2009/07/13 21:16:12 | 000,791,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\opengl32.dll
MOD - [2009/07/13 21:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
MOD - [2009/07/13 21:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009/07/13 21:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009/07/13 21:16:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2009/07/13 21:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:12 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
MOD - [2009/07/13 21:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2009/07/13 21:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009/07/13 21:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009/07/13 21:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2009/07/13 21:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2009/07/13 21:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2009/07/13 21:16:05 | 004,888,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
MOD - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll
MOD - [2009/07/13 21:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
MOD - [2009/07/13 21:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009/07/13 21:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2009/07/13 21:15:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2009/07/13 21:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009/07/13 21:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2009/07/13 21:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2009/07/13 21:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2009/07/13 21:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009/07/13 21:15:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcproviders.dll
MOD - [2009/07/13 21:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2009/07/13 21:15:22 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSST.dll
MOD - [2009/07/13 21:15:22 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\glu32.dll
MOD - [2009/07/13 21:15:21 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
MOD - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2009/07/13 21:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/13 21:15:14 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2009/07/13 21:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dui70.dll
MOD - [2009/07/13 21:15:13 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2009/07/13 21:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2009/07/13 21:15:13 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2009/07/13 21:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsrole.dll
MOD - [2009/07/13 21:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2009/07/13 21:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devrtl.dll
MOD - [2009/07/13 21:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2009/07/13 21:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
MOD - [2009/07/13 21:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009/07/13 21:15:07 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
MOD - [2009/07/13 21:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009/07/13 21:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2009/07/13 21:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009/07/13 21:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2009/07/13 21:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:14:09 | 001,140,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
MOD - [2009/07/13 21:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll
MOD - [2009/07/13 21:08:30 | 002,628,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
MOD - [2009/07/13 21:05:30 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSRESM.dll
========== Services (All) ==========
SRV - [2017/06/15 13:19:19 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/06/02 03:58:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (EFS)
SRV - [2017/05/14 15:11:09 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017/05/12 13:45:37 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2017/05/12 12:25:40 | 000,909,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2017/05/10 11:01:19 | 002,092,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2017/04/26 13:09:48 | 000,194,032 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2017/04/25 09:12:12 | 000,083,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017/04/17 11:12:25 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2017/04/17 11:12:25 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2017/04/12 11:25:04 | 000,145,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2017/03/26 20:33:36 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017/03/26 20:33:36 | 000,045,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2017/03/19 10:47:05 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/03/10 12:20:21 | 001,508,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2017/02/09 11:51:50 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2016/12/25 17:07:19 | 000,153,752 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2016/12/25 17:07:19 | 000,153,752 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2016/11/09 12:17:17 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2016/11/09 11:55:06 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2016/09/08 16:34:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2016/08/21 09:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/08/06 11:15:08 | 001,178,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV - [2016/07/23 03:42:36 | 000,151,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\ibtsiva.exe -- (iBtSiva)
SRV - [2016/07/22 03:21:08 | 000,754,784 | ---- | M] (DEVGURU Co., LTD.) [On_Demand | Stopped] -- C:\Program Files\SAMSUNG\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- (ss_conn_service)
SRV - [2016/07/18 15:43:52 | 001,161,256 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2016/07/18 15:43:44 | 001,722,408 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2016/07/18 15:43:38 | 001,202,216 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2016/06/14 11:21:33 | 000,157,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2016/06/14 11:21:18 | 000,474,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2016/06/14 11:21:18 | 000,474,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2016/05/12 11:18:25 | 000,351,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2016/05/12 11:18:24 | 000,606,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2016/05/11 11:19:25 | 000,351,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2016/02/09 05:50:10 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2015/10/29 13:49:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2015/08/05 13:41:00 | 000,751,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2015/07/15 13:55:03 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2015/01/08 22:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2015/01/08 22:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2014/12/18 22:43:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2014/12/05 23:50:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2014/10/16 14:38:56 | 000,180,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2014/10/13 21:50:50 | 000,523,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2014/06/30 18:14:53 | 000,879,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/27 22:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2013/10/11 22:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/03 12:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2012/07/25 23:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/01 13:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2010/11/20 17:29:50 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV - [2010/11/20 17:29:50 | 000,523,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/11/20 17:29:50 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2010/11/20 17:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/20 17:29:49 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV - [2010/11/20 17:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2010/11/20 17:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 17:29:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 17:29:41 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 17:29:41 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010/11/20 17:29:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/11/20 17:29:29 | 000,556,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 17:29:26 | 000,546,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cscsvc.dll -- (CscService)
SRV - [2010/11/20 17:29:25 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2010/11/20 17:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 17:29:24 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 17:29:24 | 000,144,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2010/11/20 17:29:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 17:29:21 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2010/11/20 17:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2010/11/20 17:29:20 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2010/11/20 17:29:20 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2010/11/20 17:29:13 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 17:29:13 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 17:29:12 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/20 17:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 17:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2010/11/20 17:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 17:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 17:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 17:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 17:29:08 | 000,453,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2010/11/20 17:29:07 | 000,330,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2010/11/20 17:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 17:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 17:29:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2010/11/20 17:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2010/11/20 17:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/12/01 15:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2009/12/01 15:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 15:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/13 21:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/07/13 21:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/07/13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009/07/13 21:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\w32time.dll -- (w32time)
SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 21:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009/07/13 21:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/07/13 21:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/07/13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009/07/13 21:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009/07/13 21:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/13 21:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009/07/13 21:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/13 21:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/07/13 21:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009/07/13 21:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009/07/13 21:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009/07/13 21:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator)
SRV - [2009/07/13 21:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/06/10 17:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (All) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeplk.sys -- (mfeplk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2017/06/29 10:30:25 | 000,162,240 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV - [2017/06/29 10:30:20 | 000,040,352 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtection)
DRV - [2017/06/29 10:30:19 | 000,221,600 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2017/05/21 00:10:13 | 000,137,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2017/05/21 00:10:13 | 000,067,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2017/05/20 23:43:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2017/05/20 23:42:58 | 000,098,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2017/05/20 23:42:53 | 000,124,416 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2017/05/12 13:45:36 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2017/05/07 11:14:32 | 000,078,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2017/04/07 11:26:50 | 000,730,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2017/04/05 11:00:19 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2017/04/05 11:00:11 | 000,313,856 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2017/04/05 11:00:07 | 000,116,224 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2017/04/04 11:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2017/04/04 11:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2017/03/10 11:51:41 | 000,148,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2017/03/10 11:51:40 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2016/12/18 22:20:31 | 000,038,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswTap.sys -- (aswTap)
DRV - [2016/11/20 10:07:42 | 000,373,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2016/11/17 12:27:53 | 000,250,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2016/10/05 10:50:29 | 000,068,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2016/09/08 10:49:59 | 000,117,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2016/09/08 10:49:56 | 000,081,408 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2016/08/16 16:27:20 | 000,259,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2016/08/16 16:27:02 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2016/08/16 16:26:59 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2016/08/16 16:26:58 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2016/08/16 16:26:56 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2016/07/22 03:21:06 | 000,146,048 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2016/07/22 03:21:06 | 000,107,648 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2016/07/07 10:57:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2016/06/14 11:17:57 | 000,593,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2016/02/03 13:59:58 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2016/01/20 20:51:31 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2016/01/11 14:54:03 | 001,212,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2015/12/08 17:11:16 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2015/10/13 17:59:10 | 000,116,200 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2015/10/13 17:59:08 | 000,072,168 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2015/05/29 16:43:42 | 000,026,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV - [2015/02/24 23:03:14 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2014/07/16 21:03:11 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2014/07/16 21:02:33 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2014/02/03 22:07:50 | 000,234,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2013/07/12 06:07:54 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2013/07/03 00:02:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2013/06/25 18:56:40 | 000,527,064 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2013/01/24 00:47:07 | 000,196,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2012/10/30 02:22:30 | 000,232,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2012/07/25 22:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/25 22:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/07/06 15:23:23 | 000,393,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2012/03/31 23:53:04 | 000,153,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/03/31 23:52:58 | 000,504,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwampfl.sys -- (btwampfl)
DRV - [2012/03/17 03:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/05 08:29:16 | 000,175,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2012/03/05 08:28:58 | 000,018,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2012/03/01 01:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/17 00:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2011/09/16 21:36:56 | 000,033,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011/04/27 23:15:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 01:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 01:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 01:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2010/11/20 17:29:49 | 000,133,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2010/11/20 17:29:26 | 000,388,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2010/11/20 17:29:24 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:20 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/20 17:29:20 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/20 17:29:20 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/20 17:29:20 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/20 17:29:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 17:29:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/20 17:29:19 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/20 17:29:13 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/20 17:29:12 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/20 17:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/20 17:29:07 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/20 17:29:04 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 17:29:03 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/20 17:29:03 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 17:29:03 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 17:29:03 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/20 17:29:03 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/20 17:29:03 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2010/11/20 17:29:03 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/20 17:29:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/20 17:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 17:29:03 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/20 17:29:03 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/15 15:37:52 | 000,382,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/18 19:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2009/07/13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2009/07/13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2009/07/13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2009/07/13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009/07/13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:51:43 | 000,093,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan)
DRV - [2009/07/13 19:51:41 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM)
DRV - [2009/07/13 19:51:36 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2009/07/13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/07/13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2009/07/13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2009/07/13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2009/07/13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2009/07/13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F FF 75 80 CC E2 D2 01 [binary data]
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 47 B9 81 76 61 E4 D2 01 [binary data]
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\SearchScopes,DefaultScope = {91566AD5-071B-451D-9504-A58141841FA2}
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\SearchScopes\{91566AD5-071B-451D-9504-A58141841FA2}: "URL" = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Powered"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3
FF - prefs.js..keyword.URL: true
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\hilton\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rf-firefox@siber.com: C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017/06/21 14:27:40 | 001,151,353 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\rf-firefox@siber.com: C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017/06/21 14:27:40 | 001,151,353 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2016/12/30 13:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Extensions
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\browser-extension-data
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2017/06/13 11:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\extensions
[2017/06/13 11:25:53 | 001,059,016 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017/04/06 12:45:17 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{24ba2855-20b3-4585-bcde-f033a53eda89}\disable-prefetch@mozilla.org.xpi
[2017/04/06 12:45:17 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{24ba2855-20b3-4585-bcde-f033a53eda89}\e10srollout@mozilla.org.xpi
[2017/06/13 11:26:00 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\disable-cert-transparency@mozilla.org.xpi
[2017/06/13 11:26:01 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\disable-prefetch@mozilla.org.xpi
[2017/06/13 11:26:01 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\e10srollout@mozilla.org.xpi
[2017/04/12 16:20:06 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{a50a3c83-bc20-49cb-8701-088133a3746b}\disable-prefetch@mozilla.org.xpi
[2017/04/12 16:20:09 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{a50a3c83-bc20-49cb-8701-088133a3746b}\e10srollout@mozilla.org.xpi
[2017/04/17 11:20:07 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{d2c77760-8bdc-4d39-8b9d-8fbc07ab6b8b}\disable-prefetch@mozilla.org.xpi
[2017/04/17 11:20:07 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{d2c77760-8bdc-4d39-8b9d-8fbc07ab6b8b}\e10srollout@mozilla.org.xpi
[2017/06/28 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
O1 HOSTS File: ([2017/05/17 13:54:12 | 000,000,824 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Fences] C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [Fences] c:\program files\stardock\fences\Fences.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_26_0_0_126_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Set Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSetFields.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} https://files.pcpitstop.com/cab/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: eM Client - hkey= - key= - C:\Program Files\eM Client\MailClient.exe (eM Client s.r.o.)
MsConfig - StartUpReg: Fences - hkey= - key= - C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
MsConfig - StartUpReg: Malwarebytes TrayApp - hkey= - key= - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 2
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30500C7C-2206-3DC6-9792-96E95A04669D} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MBAMService - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
========== Files/Folders - Created Within 30 Days ==========
[2017/06/25 16:38:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/06/24 14:41:31 | 006,488,488 | ---- | C] (SosVirus) -- C:\Users\hilton\Desktop\AdsFix.exe
[2017/06/21 15:05:35 | 000,162,240 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/06/21 15:05:27 | 000,085,400 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/06/21 15:05:27 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/06/21 15:05:18 | 000,040,352 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/06/21 15:04:42 | 000,221,600 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/06/21 15:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/06/21 15:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/06/21 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/06/14 13:30:56 | 000,000,000 | ---D | C] -- C:\Users\hilton\Documents\TotalAV
[2017/06/14 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Roaming\TotalAV
[2017/06/14 07:49:50 | 003,550,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_47.dll
[2017/06/14 07:49:47 | 004,549,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2017/06/14 07:49:46 | 004,001,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2017/06/14 07:49:46 | 003,945,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2017/06/14 07:49:46 | 002,401,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2017/06/14 07:49:45 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/06/14 07:49:45 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/06/14 07:49:45 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/06/14 07:49:44 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2017/06/14 07:49:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2017/06/14 07:49:44 | 000,346,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2017/06/14 07:49:44 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2017/06/14 07:49:44 | 000,091,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2017/06/14 07:49:43 | 002,953,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2017/06/14 07:49:43 | 002,057,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2017/06/14 07:49:43 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2017/06/14 07:49:43 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2017/06/14 07:49:43 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/06/14 07:49:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2017/06/14 07:49:43 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2017/06/14 07:49:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/06/14 07:49:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/06/14 07:49:43 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2017/06/14 07:49:43 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/06/14 07:49:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/06/14 07:49:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/06/14 07:49:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/06/14 07:49:42 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2017/06/14 07:49:42 | 001,251,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2017/06/14 07:49:42 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2017/06/14 07:49:42 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2017/06/14 07:49:42 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2017/06/14 07:49:42 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2017/06/14 07:49:42 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2017/06/14 07:49:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2017/06/14 07:49:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2017/06/14 07:49:41 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2017/06/14 07:49:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2017/06/14 07:49:41 | 000,689,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2017/06/14 07:49:41 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2017/06/14 07:49:41 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2017/06/14 07:49:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2017/06/14 07:49:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2017/06/14 07:49:41 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2017/06/14 07:49:41 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2017/06/14 07:49:41 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2017/06/14 07:49:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2017/06/14 07:49:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2017/06/14 07:49:41 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2017/06/14 07:49:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2017/06/14 07:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2017/06/14 07:49:41 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2017/06/14 07:49:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2017/06/14 07:49:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2017/06/14 07:49:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2017/06/14 07:49:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2017/06/14 07:49:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2017/06/14 07:49:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2017/06/14 07:49:41 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2017/06/14 07:49:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2017/06/14 07:49:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2017/06/14 07:49:41 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2017/06/14 07:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2017/06/14 07:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2017/06/14 07:49:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2017/06/14 07:49:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2017/06/14 07:49:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2017/06/14 07:49:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2017/06/14 07:49:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2017/06/14 07:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2017/06/14 07:49:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2017/06/14 07:49:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2017/06/13 13:03:34 | 000,897,696 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\hilton\Desktop\Dell Sonic Firewall.exe
[2017/06/13 12:04:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\hilton\Desktop\ATF-Cleaner.exe
[2017/06/13 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2017/06/13 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[2017/06/13 10:22:59 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Local\Citrix
[14 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017/06/30 13:11:24 | 000,000,460 | ---- | M] () -- C:\Users\hilton\Desktop\PC Help Forum.website
[2017/06/30 13:11:18 | 000,001,091 | ---- | M] () -- C:\Users\hilton\Desktop\OTL - Shortcut.lnk
[2017/06/30 13:00:23 | 000,000,524 | ---- | M] () -- C:\Users\hilton\Desktop\MyFitnessPal (1).website
[2017/06/30 12:43:27 | 000,000,487 | ---- | M] () -- C:\Users\hilton\Desktop\Gmail.website
[2017/06/30 12:42:43 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/06/30 12:39:17 | 000,000,565 | ---- | M] () -- C:\Users\hilton\Desktop\News & Observer.website
[2017/06/30 12:26:33 | 000,000,629 | ---- | M] () -- C:\Users\hilton\Desktop\DRUDGE REPORT 2016®.website
[2017/06/30 05:01:54 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/06/30 05:01:54 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/06/29 10:30:25 | 000,162,240 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/06/29 10:30:22 | 000,085,400 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/06/29 10:30:20 | 000,040,352 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/06/29 10:30:19 | 000,221,600 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/06/29 10:30:12 | 000,059,936 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017/06/28 15:22:06 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/06/28 14:49:46 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/06/28 12:57:47 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/06/28 12:57:47 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/06/28 12:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/06/28 12:53:32 | 2608,287,744 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/28 11:59:35 | 000,000,470 | ---- | M] () -- C:\Users\hilton\Desktop\FL Pharm.website
[2017/06/28 10:21:59 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/06/26 12:22:50 | 000,016,349 | ---- | M] () -- C:\Users\hilton\Documents\NEW MEDS.odt
[2017/06/24 16:22:10 | 000,000,520 | ---- | M] () -- C:\Users\hilton\Desktop\Login - Login - TotalAV.website
[2017/06/24 14:41:15 | 006,488,488 | ---- | M] (SosVirus) -- C:\Users\hilton\Desktop\AdsFix.exe
[2017/06/23 15:45:28 | 000,001,180 | ---- | M] () -- C:\Users\hilton\Desktop\.sprint.website
[2017/06/21 15:35:28 | 000,000,467 | ---- | M] () -- C:\Users\hilton\Desktop\Sign In Humana.website
[2017/06/20 13:46:38 | 000,000,496 | ---- | M] () -- C:\Users\hilton\Desktop\Google.website
[2017/06/20 13:46:35 | 000,000,185 | ---- | M] () -- C:\Users\hilton\Desktop\Official PC Matic-PC Pitstop Support.url
[2017/06/19 14:51:29 | 000,000,544 | ---- | M] () -- C:\Users\hilton\Desktop\Calendar.website
[2017/06/19 13:46:30 | 000,000,228 | ---- | M] () -- C:\Users\hilton\Desktop\GoToMyPC My Account.url
[2017/06/19 09:47:10 | 000,000,514 | ---- | M] () -- C:\Users\hilton\Desktop\MyChart - Login Page.website
[2017/06/16 17:13:15 | 000,000,521 | ---- | M] () -- C:\Users\hilton\Desktop\Grocery Store Food Lion.website
[2017/06/15 13:19:18 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2017/06/15 13:19:18 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2017/06/15 03:24:20 | 000,290,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017/06/13 12:55:14 | 000,013,133 | ---- | M] () -- C:\Users\hilton\Desktop\Windows Defender -.lnk
[2017/06/13 10:43:47 | 000,000,751 | ---- | M] () -- C:\Users\hilton\Desktop\State Farm®.website
[2017/06/09 15:28:45 | 000,000,215 | ---- | M] () -- C:\Users\hilton\Desktop\Komando.url
[2017/06/07 14:20:43 | 000,000,502 | ---- | M] () -- C:\Users\hilton\Desktop\MSN.website
[2017/06/06 17:07:44 | 000,000,438 | ---- | M] () -- C:\Users\hilton\Desktop\SpinLife Nationwide Service We Repair Power Chairs, Scooters, Lift Chairs & More.website
[2017/06/06 15:27:26 | 000,000,505 | ---- | M] () -- C:\Users\hilton\Desktop\Survey.website
[2017/06/02 14:25:02 | 000,000,516 | ---- | M] () -- C:\Users\hilton\Desktop\Netflix.website
[2017/06/02 04:09:56 | 001,549,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/06/02 04:09:50 | 001,400,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/06/02 04:09:50 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/06/02 04:09:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/06/02 04:09:50 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/06/02 04:09:50 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/06/02 04:09:50 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/06/02 04:09:50 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/06/02 03:57:49 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/06/02 03:57:31 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/06/01 12:46:36 | 000,000,559 | ---- | M] () -- C:\Users\hilton\Desktop\Search - BeenVerified.website
[14 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017/06/30 13:11:18 | 000,001,091 | ---- | C] () -- C:\Users\hilton\Desktop\OTL - Shortcut.lnk
[2017/06/26 12:22:47 | 000,016,349 | ---- | C] () -- C:\Users\hilton\Documents\NEW MEDS.odt
[2017/06/25 16:36:02 | 2608,287,744 | -HS- | C] () -- C:\hiberfil.sys
[2017/06/21 15:04:36 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/06/21 15:04:33 | 000,059,936 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017/06/20 13:46:35 | 000,000,185 | ---- | C] () -- C:\Users\hilton\Desktop\Official PC Matic-PC Pitstop Support.url
[2017/06/19 13:46:29 | 000,000,228 | ---- | C] () -- C:\Users\hilton\Desktop\GoToMyPC My Account.url
[2017/06/14 07:49:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017/06/13 12:55:14 | 000,013,133 | ---- | C] () -- C:\Users\hilton\Desktop\Windows Defender -.lnk
[2017/06/09 15:28:44 | 000,000,215 | ---- | C] () -- C:\Users\hilton\Desktop\Komando.url
[2017/06/06 17:07:44 | 000,000,438 | ---- | C] () -- C:\Users\hilton\Desktop\SpinLife Nationwide Service We Repair Power Chairs, Scooters, Lift Chairs & More.website
[2016/07/15 13:39:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/07/02 15:56:45 | 000,032,832 | ---- | C] () -- C:\Windows\System32\rnd_chunk.bin
========== ZeroAccess Check ==========
[2017/04/12 15:18:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/05/10 11:12:47 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2017/01/28 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Canon
[2017/04/12 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Dashlane
[2017/06/29 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\eM Client
[2017/04/17 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Kodi
[2017/04/12 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\OpenOffice
[2017/06/25 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Remo
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\RoboForm
[2017/01/06 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Samsung
[2017/04/12 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Stardock
[2017/06/14 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\TotalAV
[2017/04/12 15:18:43 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\AVAST Software
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 00:53:46 | 000,014,124 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2009/07/14 00:53:46 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 00:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< ================================================================ >
< HKCU\Software >
"TM" = 0140
"U_TM" = 0140
"U_DT" = 20160715
"U_SDT" =
"U_VER" = 3.21
[HKEY_CURRENT_USER\Software\Adobe]
[HKEY_CURRENT_USER\Software\Amazon]
[HKEY_CURRENT_USER\Software\Amazon Services LLC]
[HKEY_CURRENT_USER\Software\Analog Devices]
[HKEY_CURRENT_USER\Software\AppDataLow]
[HKEY_CURRENT_USER\Software\AVAST Software]
[HKEY_CURRENT_USER\Software\Canon]
[HKEY_CURRENT_USER\Software\Chromium]
[HKEY_CURRENT_USER\Software\Clients]
[HKEY_CURRENT_USER\Software\Dashlane_profiles]
[HKEY_CURRENT_USER\Software\DriverSupport]
[HKEY_CURRENT_USER\Software\eM Client]
[HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\Intel]
[HKEY_CURRENT_USER\Software\jtosjykc]
[HKEY_CURRENT_USER\Software\Kodi]
[HKEY_CURRENT_USER\Software\Macromedia]
[HKEY_CURRENT_USER\Software\Malwarebytes]
[HKEY_CURRENT_USER\Software\Microsoft]
[HKEY_CURRENT_USER\Software\Mozilla]
[HKEY_CURRENT_USER\Software\MozillaPlugins]
[HKEY_CURRENT_USER\Software\Netscape]
[HKEY_CURRENT_USER\Software\OpenOffice]
[HKEY_CURRENT_USER\Software\ovbrx]
[HKEY_CURRENT_USER\Software\PCPitstop]
[HKEY_CURRENT_USER\Software\Piriform]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_CURRENT_USER\Software\QtProject]
[HKEY_CURRENT_USER\Software\Samsung]
[HKEY_CURRENT_USER\Software\Siber Systems]
[HKEY_CURRENT_USER\Software\SnigelWeb]
[HKEY_CURRENT_USER\Software\Stardock]
[HKEY_CURRENT_USER\Software\Sysinternals]
[HKEY_CURRENT_USER\Software\Widcomm]
[HKEY_CURRENT_USER\Software\Classes]
< HKCU\Software\AppDataLow /s >
[HKEY_CURRENT_USER\Software\AppDataLow\Software]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\AntiPhishing]
"i" = 19C7B9DF-D590-437B-80CD-B1EE20BFE8AA [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2]
"UserFile" = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 4F CC 3B E1 66 10 12 43 BA 01 BF 88 8C 48 DA 65 00 00 00 00 12 00 00 00 55 00 73 00 65 00 72 00 46 00 69 00 6C 00 65 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 C4 0D D3 22 DB 86 30 9B 98 02 AE 79 51 11 BF 1A 0B D6 F7 5D 37 95 4D 40 F5 0F B0 76 B8 C0 7B 6E 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 54 04 8A 21 49 8F C4 BC 5B BB 29 13 02 17 E7 56 9F 12 FC F6 38 BB C9 95 7B 10 52 39 A2 5C E3 7E 10 00 00 00 53 68 2C E2 C1 37 82 C2 27 4B D0 E7 99 DB 53 87 40 00 00 00 4C 04 AC EB A0 50 40 E5 87 EC 6B BA 73 38 AE D4 BF 49 71 D0 29 3F 01 0F 59 34 02 99 FF A5 C2 72 33 EF E8 C0 BA 75 49 C0 54 A6 43 00 FD 81 2A C2 73 1A 80 47 13 ED 38 2C 1D 55 5F AA 8B A8 D6 F9 [Binary data over 200 bytes]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\RepService]
"i" = 468FFA79-B8F8-49BD-939C-FA557AFE282A [binary data]
"B" = 50.000000 [binary data]
"A" = .cpl,.exe,.dll,.ocx,.sys,.scr,.drv [Binary data over 200 bytes]
"E" = 1 [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Silverlight]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Silverlight\Permissions]
< HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >
"NoDriveTypeAutoRun" = 145
< HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >
< HKLM\Software >
"" =
[HKEY_LOCAL_MACHINE\Software\Adobe]
[HKEY_LOCAL_MACHINE\Software\AdsFix]
[HKEY_LOCAL_MACHINE\Software\Analog Devices]
[HKEY_LOCAL_MACHINE\Software\ATI Technologies]
[HKEY_LOCAL_MACHINE\Software\AVAST Software]
[HKEY_LOCAL_MACHINE\Software\Canon]
[HKEY_LOCAL_MACHINE\Software\CBSTEST]
[HKEY_LOCAL_MACHINE\Software\Citrix]
[HKEY_LOCAL_MACHINE\Software\Classes]
[HKEY_LOCAL_MACHINE\Software\Clients]
[HKEY_LOCAL_MACHINE\Software\DriverSupport]
[HKEY_LOCAL_MACHINE\Software\g3n-h@ckm@n]
[HKEY_LOCAL_MACHINE\Software\GEAR Software]
[HKEY_LOCAL_MACHINE\Software\Google]
[HKEY_LOCAL_MACHINE\Software\InstalledOptions]
[HKEY_LOCAL_MACHINE\Software\Intel]
[HKEY_LOCAL_MACHINE\Software\Macromedia]
[HKEY_LOCAL_MACHINE\Software\Microsoft]
[HKEY_LOCAL_MACHINE\Software\Mozilla]
[HKEY_LOCAL_MACHINE\Software\mozilla.org]
[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\Software\ODBC]
[HKEY_LOCAL_MACHINE\Software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\Software\OpenOffice]
[HKEY_LOCAL_MACHINE\Software\PCPitstop]
[HKEY_LOCAL_MACHINE\Software\Piriform]
[HKEY_LOCAL_MACHINE\Software\Policies]
[HKEY_LOCAL_MACHINE\Software\Reason]
[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\Software\SAMSUNG]
[HKEY_LOCAL_MACHINE\Software\Siber Systems]
[HKEY_LOCAL_MACHINE\Software\Sonic]
[HKEY_LOCAL_MACHINE\Software\Stardock]
[HKEY_LOCAL_MACHINE\Software\Synaptics]
[HKEY_LOCAL_MACHINE\Software\sysinternals]
[HKEY_LOCAL_MACHINE\Software\Volatile]
[HKEY_LOCAL_MACHINE\Software\Widcomm]
[HKEY_LOCAL_MACHINE\Software\WOW6432Node]
< HKCU\Software\Microsoft\Command Processor /s >
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9
< HKLM\Software\Microsoft\Command Processor /s >
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >
"ConsentPromptBehaviorAdmin" = 5
"ConsentPromptBehaviorUser" = 3
"EnableInstallerDetection" = 1
"EnableLUA" = 1
"EnableSecureUIAPaths" = 1
"EnableUIADesktopToggle" = 0
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17
< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s >
< HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s >
< %Homedrive%\* >
[2017/04/02 16:17:19 | 000,025,188 | ---- | M] () -- C:\AdsFix_02_04_2017_16_17_19.txt
[2017/06/25 16:36:02 | 000,028,806 | ---- | M] () -- C:\AdsFix_25_06_2017_16_36_02.txt
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/01/25 16:34:35 | 000,000,037 | ---- | M] () -- C:\DevMgr.bat
[2017/06/28 12:53:32 | 2608,287,744 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/28 12:53:34 | 3477,721,088 | -HS- | M] () -- C:\pagefile.sys
[2017/06/28 12:12:21 | 000,072,558 | ---- | M] () -- C:\QuickDiag.txt
[2017/06/23 14:38:30 | 000,201,513 | R--- | M] () -- C:\QuickDiag_23_06_2017_14_38_30.txt
[2017/03/30 12:29:50 | 000,230,674 | R--- | M] () -- C:\QuickDiag_30_03_2017_12_29_51.txt
< %Homedrive%\*. >
[2017/06/25 16:38:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2016/08/10 13:53:26 | 000,000,000 | ---D | M] -- C:\95fcae343f4f0cedab9b17240bf8
[2017/06/26 14:32:55 | 000,000,000 | ---D | M] -- C:\AdsFix
[2017/04/21 14:19:58 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2017/06/19 15:11:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2016/08/20 14:06:16 | 000,000,000 | ---D | M] -- C:\Dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2016/08/01 14:18:40 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2017/04/23 15:23:04 | 000,000,000 | ---D | M] -- C:\FRST
[2016/08/01 14:35:27 | 000,000,000 | ---D | M] -- C:\Intel
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2017/06/26 14:32:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2017/06/26 14:32:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/06/28 12:12:13 | 000,000,000 | ---D | M] -- C:\QuickDiag
[2016/06/29 16:30:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2016/06/27 19:57:44 | 000,000,000 | -H-D | M] -- C:\RPKTools
[2016/07/05 14:05:37 | 000,000,000 | ---D | M] -- C:\SWSetup
[2017/06/27 02:20:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/23 20:44:40 | 000,000,000 | -H-D | M] -- C:\Tools
[2017/06/26 14:32:41 | 000,000,000 | R--D | M] -- C:\Users
[2017/06/28 11:56:16 | 000,000,000 | ---D | M] -- C:\Windows
< %Homedrive%\Recycler\*.exe /s >
< %Homedrive%\Recycler\*.scr /s >
< %Homedrive%\Recycler\*.pif /s >
< %Homedrive%\Recycler\*.vb* /s >
< %Homedrive%\$Recycle.bin\*.exe /s >
< %Homedrive%\$Recycle.bin\*.scr /s >
< %Homedrive%\$Recycle.bin\*.pif /s >
< %Homedrive%\$Recycle.bin\*.vb* /s >
< %Userprofile%\* >
[2017/06/30 13:47:59 | 006,029,312 | -HS- | M] () -- C:\Users\hilton\ntuser.dat
[2017/06/30 13:47:58 | 000,262,144 | -HS- | M] () -- C:\Users\hilton\ntuser.dat.LOG1
[2016/06/29 16:31:02 | 000,000,000 | -HS- | M] () -- C:\Users\hilton\ntuser.dat.LOG2
[2017/04/12 15:29:59 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TM.blf
[2017/04/12 15:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TMContainer00000000000000000001.regtrans-ms
[2017/04/12 15:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TMContainer00000000000000000002.regtrans-ms
[2016/06/29 16:53:05 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2016/06/29 16:53:05 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2016/06/29 16:53:05 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2016/12/06 22:11:59 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TM.blf
[2016/12/06 22:11:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TMContainer00000000000000000001.regtrans-ms
[2016/12/06 22:11:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TMContainer00000000000000000002.regtrans-ms
[2017/04/17 03:26:12 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TM.blf
[2017/04/17 03:26:12 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TMContainer00000000000000000001.regtrans-ms
[2017/04/17 03:26:12 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TMContainer00000000000000000002.regtrans-ms
[2010/11/20 16:57:02 | 000,000,020 | -HS- | M] () -- C:\Users\hilton\ntuser.ini
< %Userprofile%\*. >
[2017/04/12 14:19:26 | 000,000,000 | -H-D | M] -- C:\Users\hilton\AppData
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Application Data
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Contacts
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Cookies
[2017/06/30 13:11:18 | 000,000,000 | R--D | M] -- C:\Users\hilton\Desktop
[2017/06/26 12:23:27 | 000,000,000 | R--D | M] -- C:\Users\hilton\Documents
[2017/06/30 13:10:40 | 000,000,000 | R--D | M] -- C:\Users\hilton\Downloads
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Favorites
[2017/06/15 13:17:57 | 000,000,000 | R--D | M] -- C:\Users\hilton\Links
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\My Documents
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\NetHood
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Pictures
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\PrintHood
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Recent
[2017/06/15 13:17:57 | 000,000,000 | R--D | M] -- C:\Users\hilton\Saved Games
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Searches
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\SendTo
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Start Menu
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Templates
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Videos
< %Allusersprofile%\* >
[2017/04/23 15:51:52 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
< %Allusersprofile%\*. >
[2017/04/12 14:14:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2017/04/20 11:08:20 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2017/04/12 14:14:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2017/01/28 15:19:08 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2016/08/01 14:10:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2017/04/12 14:14:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Support
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2017/04/26 13:09:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2017/06/21 15:04:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2017/06/26 14:32:42 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2017/06/26 14:32:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2017/05/17 13:56:47 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2017/04/16 14:42:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2017/06/26 14:32:41 | 000,000,000 | ---D | M] -- C:\ProgramData\PCPitstop
[2016/06/29 18:33:19 | 000,000,000 | ---D | M] -- C:\ProgramData\RoboForm
[2016/08/31 15:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2017/04/16 14:46:08 | 000,000,000 | ---D | M] -- C:\ProgramData\SecuritySuite
[2017/04/12 14:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
< %LocalAppData%\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\AppData\Local\IconCache.db
< %LocalAppData%\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\VirtualStore
< %AppData%\* >
< %AppData%\*. >
[2017/04/12 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Adobe
[2017/01/28 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Canon
[2017/04/12 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Dashlane
[2017/06/29 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\eM Client
[2010/11/20 16:57:14 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Identities
[2012/07/23 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\InstallShield
[2017/04/17 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Kodi
[2016/07/04 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Macromedia
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\McAfee
[2017/06/26 14:32:30 | 000,000,000 | --SD | M] -- C:\Users\hilton\AppData\Roaming\Microsoft
[2017/04/12 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Mozilla
[2017/04/12 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\OpenOffice
[2017/06/25 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Remo
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\RoboForm
[2017/01/06 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Samsung
[2017/04/12 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Stardock
[2017/06/14 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\TotalAV
< %Userprofile%\Local Settings\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\Local Settings\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\Local Settings\IconCache.db
< %Userprofile%\Local Settings\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\VirtualStore
< %Userprofile%\Local Settings\Application Data\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\Local Settings\Application Data\IconCache.db
< %Userprofile%\Local Settings\Application Data\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\VirtualStore
< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\* >
< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*. >
< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\* >
< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*. >
< %programFiles%\* >
[2016/09/05 14:05:34 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %programFiles%\*. >
[2017/04/12 14:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2017/04/12 14:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2017/04/12 14:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2017/04/12 14:12:10 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2017/06/13 10:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2016/08/12 15:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dashlane
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Support
[2017/03/15 03:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\eM Client
[2017/06/26 14:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2017/04/12 14:12:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2017/06/26 14:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Kodi
[2017/06/21 15:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2017/06/26 14:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2016/07/02 03:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2017/06/28 15:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2017/06/26 14:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2017/04/12 14:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2017/05/17 14:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security
[2017/05/17 13:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2017/04/12 14:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice 4
[2017/04/12 14:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2017/04/12 14:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2017/04/12 14:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2017/04/12 14:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2017/04/12 14:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2017/04/12 14:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2016/07/02 13:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/11/20 20:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2016/10/13 03:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2017/04/12 14:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/20 20:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010/11/20 17:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2017/06/26 14:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
< %programfiles%\Google\Desktop\*. >
< %ProgramFiles%\Common Files\* >
< %ProgramFiles%\Common Files\*. >
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2017/04/20 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AV
[2016/12/18 22:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\McAfee
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\microsoft shared
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\postureAgent
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Services
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\SpeechEngines
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
Invalid Environment Variable: ProgramFiles(X86)
Invalid Environment Variable: ProgramFiles(X86)
< %Systemroot%\Installer* >
< %Systemroot%\Installer*. >
[2017/06/26 14:32:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
< %Systemroot%\Temp\*.exe /s >
[2017/06/28 14:49:06 | 001,393,496 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_95FA6.tmp\setup.exe
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\system32\*.in* >
[2009/07/14 00:42:29 | 000,000,073 | -HS- | M] () -- C:\Windows\system32\desktop.ini
[2016/06/29 16:51:31 | 000,016,303 | ---- | M] () -- C:\Windows\system32\ieuinit.inf
[2009/07/14 00:42:26 | 000,000,535 | ---- | M] () -- C:\Windows\system32\mapisvc.inf
[2017/06/28 12:57:47 | 000,781,298 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2009/06/10 17:39:59 | 000,060,124 | ---- | M] () -- C:\Windows\system32\tcpmon.ini
< %systemroot%\PSS\* /s >
[2017/02/27 15:05:38 | 000,000,834 | ---- | M] () -- C:\Windows\PSS\Bluetooth.lnk.CommonStartup
< %systemroot%\Tasks\* >
[2017/06/28 12:53:37 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:53:46 | 000,014,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2017/06/21 11:12:17 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< %systemroot%\Tasks\*. >
< %systemroot%\system32\Tasks\* >
[2017/05/05 18:26:22 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2017/06/15 13:19:19 | 000,004,312 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player Updater
[2016/07/02 15:47:30 | 000,002,794 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2017/04/27 14:41:46 | 000,003,190 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2017/04/27 14:41:47 | 000,003,318 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2017/06/21 14:27:57 | 000,004,118 | ---- | M] () -- C:\Windows\system32\Tasks\Open URL by RoboForm
[2017/06/21 14:27:56 | 000,003,572 | ---- | M] () -- C:\Windows\system32\Tasks\Run RoboForm TaskBar Icon
< %systemroot%\system32\Tasks\*. >
[2017/06/25 17:11:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Games
[2017/06/26 14:32:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Microsoft
[2017/06/26 14:32:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\WPD
< %systemroot%\syswow64\Tasks\* >
< %systemroot%\syswow64\Tasks\*. >
< %systemroot%\system32\drivers\*.sy* /lockedfiles >
[14 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
< %systemroot%\system32\config\*.exe /s >
< %Systemroot%\ServiceProfiles\*.exe /s >
< %systemroot%\system32\*.sys >
[2009/07/13 17:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\system32\ANSI.SYS
[2016/11/17 12:27:53 | 000,250,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\clfs.sys
[2009/07/13 17:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\system32\country.sys
[2009/07/13 17:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\system32\HIMEM.SYS
[2009/07/13 17:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\system32\KEY01.SYS
[2009/07/13 17:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\system32\KEYBOARD.SYS
[2009/07/13 17:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\system32\NTDOS.SYS
[2009/07/13 17:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS404.SYS
[2009/07/13 17:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\system32\NTDOS411.SYS
[2009/07/13 17:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\system32\NTDOS412.SYS
[2009/07/13 17:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS804.SYS
[2009/07/13 17:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\system32\NTIO.SYS
[2009/07/13 17:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO404.SYS
[2009/07/13 17:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\system32\NTIO411.SYS
[2009/07/13 17:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\system32\NTIO412.SYS
[2009/07/13 17:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO804.SYS
[2017/05/12 13:44:14 | 002,401,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys
< dir %Homedrive%\* /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 12EF-4412
Directory of C:\
07/14/2009 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [.]
07/14/2009 12:53 AM <JUNCTION> Desktop [.]
07/14/2009 12:53 AM <JUNCTION> Documents [.]
07/14/2009 12:53 AM <JUNCTION> Favorites [.]
07/14/2009 12:53 AM <JUNCTION> Start Menu [.]
07/14/2009 12:53 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [.]
07/14/2009 12:53 AM <JUNCTION> Desktop [.]
07/14/2009 12:53 AM <JUNCTION> Documents [.]
07/14/2009 12:53 AM <JUNCTION> Favorites [.]
07/14/2009 12:53 AM <JUNCTION> Start Menu [.]
07/14/2009 12:53 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [.]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:53 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\hilton
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Roaming]
06/29/2016 04:31 PM <JUNCTION> Cookies [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Cookies]
06/29/2016 04:31 PM <JUNCTION> Local Settings [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> My Documents [C:\Users\hilton\Documents]
06/29/2016 04:31 PM <JUNCTION> NetHood [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/29/2016 04:31 PM <JUNCTION> PrintHood [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/29/2016 04:31 PM <JUNCTION> Recent [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Recent]
06/29/2016 04:31 PM <JUNCTION> SendTo [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\SendTo]
06/29/2016 04:31 PM <JUNCTION> Start Menu [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu]
06/29/2016 04:31 PM <JUNCTION> Templates [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [.]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\LocalLow
05/21/2017 02:31 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Documents
06/29/2016 04:31 PM <JUNCTION> My Music [C:\Users\hilton\Music]
06/29/2016 04:31 PM <JUNCTION> My Pictures [C:\Users\hilton\Pictures]
06/29/2016 04:31 PM <JUNCTION> My Videos [C:\Users\hilton\Videos]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [.]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\hilton\My Documents
06/29/2016 04:31 PM <JUNCTION> My Music [C:\Users\hilton\Music]
06/29/2016 04:31 PM <JUNCTION> My Pictures [C:\Users\hilton\Pictures]
06/29/2016 04:31 PM <JUNCTION> My Videos [C:\Users\hilton\Videos]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Roaming]
07/02/2016 03:44 PM <JUNCTION> Cookies [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Cookies]
07/02/2016 03:44 PM <JUNCTION> Local Settings [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> My Documents [C:\Users\PCPitstopSVC\Documents]
07/02/2016 03:44 PM <JUNCTION> NetHood [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/02/2016 03:44 PM <JUNCTION> PrintHood [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/02/2016 03:44 PM <JUNCTION> Recent [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Recent]
07/02/2016 03:44 PM <JUNCTION> SendTo [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\SendTo]
07/02/2016 03:44 PM <JUNCTION> Start Menu [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu]
07/02/2016 03:44 PM <JUNCTION> Templates [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [.]
07/02/2016 03:44 PM <JUNCTION> History [.]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Documents
07/02/2016 03:44 PM <JUNCTION> My Music [C:\Users\PCPitstopSVC\Music]
07/02/2016 03:44 PM <JUNCTION> My Pictures [C:\Users\PCPitstopSVC\Pictures]
07/02/2016 03:44 PM <JUNCTION> My Videos [C:\Users\PCPitstopSVC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [.]
07/02/2016 03:44 PM <JUNCTION> History [.]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\My Documents
07/02/2016 03:44 PM <JUNCTION> My Music [C:\Users\PCPitstopSVC\Music]
07/02/2016 03:44 PM <JUNCTION> My Pictures [C:\Users\PCPitstopSVC\Pictures]
07/02/2016 03:44 PM <JUNCTION> My Videos [C:\Users\PCPitstopSVC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
487 Dir(s) 1,951,056,351,232 bytes free
< MD5 for: AFD.SYS >
[2010/11/20 17:29:19 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2015/10/13 20:41:27 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=3EA58284BD7B72F78D505E82366F7E0C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_da667526d5da9ab2\afd.sys
[2016/06/29 16:50:30 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=66DD39CA12BAEB8D32111581769D9117 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_da50efe2d5eab341\afd.sys
[2015/10/13 12:31:53 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=93B49FA857F7036A4EFF32371F6E7391 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.19031_none_d9d6d4b9bcc265b7\afd.sys
[2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F582FC7976F1248AC5FBD6875C626B41 -- C:\Windows\System32\drivers\afd.sys
[2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F582FC7976F1248AC5FBD6875C626B41 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23761_none_da400d24d5f8483e\afd.sys
[2016/06/29 16:50:30 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_d9b98067bcd7e63c\afd.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: CDROM.SYS >
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\explorer.exe
[2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: I8042PRT.SYS >
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys
< MD5 for: NDIS.SYS >
[2012/08/22 13:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2015/10/12 18:32:56 | 000,713,152 | ---- | M] (Microsoft Corporation) MD5=43C1C599FF590C875764CB6254A506B6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_aa435dc7937e55cc\ndis.sys
[2012/08/22 13:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\System32\drivers\ndis.sys
[2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_a9b4bda47a653a28\ndis.sys
[2010/11/20 17:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETBT.SYS >
[2010/11/20 17:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=A00996C9BFEF29A93B9F21DBE1DC502D -- C:\Windows\System32\drivers\netbt.sys
[2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=A00996C9BFEF29A93B9F21DBE1DC502D -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.23451_none_62c75d2e6ec73ced\netbt.sys
< MD5 for: TDX.SYS >
[2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=01743A8A62F2C0488F9C4F6D25C21B2C -- C:\Windows\System32\drivers\tdx.sys
[2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=01743A8A62F2C0488F9C4F6D25C21B2C -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23806_none_ecdb75be536ba5d9\tdx.sys
[2017/04/04 10:52:12 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=0D4CE846B6461A89CF246636E6098323 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23761_none_ec9592de53a0d1a5\tdx.sys
[2015/10/13 20:41:04 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=0E5C6676F9ABDB1C54C461EA5BA8175B -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23237_none_ecbbfae053832419\tdx.sys
[2010/11/20 17:29:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2015/10/13 12:31:24 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=BB8817D0508DD5EA69C770C8DEF5AB67 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.19031_none_ec2c5a733a6aef1e\tdx.sys
< MD5 for: VOLSNAP.SYS >
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2014/07/15 22:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 17:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2016/07/27 18:38:59 | 000,074,240 | ---- | M] () MD5=A6C645EF2F30ABF61FCDBE5E76999730 -- C:\QuickDiag\MBR\Winlogon.exe
[2014/03/04 06:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< End of report >
OTL Extras logfile created on: 6/30/2017 1:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hilton\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18697)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.57% Memory free
6.48 Gb Paging File | 5.34 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1859.99 Gb Total Space | 1817.06 Gb Free Space | 97.69% Space Free | Partition Type: NTFS
Computer Name: HILTON-PC | User Name: hilton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F7590F-862B-4217-A4C3-A2F723A5318B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{130E9C9C-43BA-4722-BEBD-DC17D5488497}" = lport=139 | protocol=6 | dir=in | app=system |
"{1FC65E0A-55B5-45BF-856D-C54444F2EFFC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C89FAE3-4649-44DD-A8F8-435FCDB7B737}" = rport=137 | protocol=17 | dir=out | app=system |
"{31B9614E-19B5-47F1-B248-82B7FB10F05A}" = rport=139 | protocol=6 | dir=out | app=system |
"{33BD130C-2EDE-45F5-96A3-0CB357BED01A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{438014A4-9A45-49A8-A697-1AE4A4AD22E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DD80964-5998-454E-B269-08E4CDDC5C0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{595697F8-32D1-4756-9C44-796FE05FA7C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{59C7FF6B-FB81-4464-809B-F15457DD553E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BB621B1-4B14-4FF8-B978-E1294E2B6192}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E879FCF-B8F6-4803-BD30-613EDE3040E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DB92760-ED36-44F1-B8F0-6065169171F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77B6BA33-6B28-4060-B5B4-FFE79EE73271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77CA258F-B633-4A3A-BFB4-802478F267E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{786880E2-655D-4FF8-A544-3E03560FAA2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818921FF-166D-476F-AD3E-7D2E0B361DB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{897E160E-8314-46CF-AA7A-2A4804F5DAF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{952BF929-6F23-4E09-8853-5C52A6024738}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB118072-21A5-40DF-9103-AF56187C75D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DACD204F-DEF5-483A-BCE8-6076BA844F1E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{E433A99B-A6F8-49FB-B2D4-F0C67A559E94}" = rport=138 | protocol=17 | dir=out | app=system |
"{E89E9C44-AC4B-41D7-8784-5BC2FB9D9EC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA51EE56-D784-44BC-8529-940E77304795}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039AE26B-1079-468C-A061-01D11C5F755F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A573E46-1B2F-4B31-846B-CCDEF248BFDA}" = protocol=58 | dir=in | app=system |
"{0D547D58-43B9-4B3F-90C2-C69E6800A5E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14BEFA0B-1E11-4E28-AC94-44D4A7A805AC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{186AA901-C80B-4245-A655-D3628D868250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24797A19-1947-40F0-ACBE-E10E0583252B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A500436-332F-43FF-B443-030332BD69A8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B912AE4-4474-4BDE-9184-C98149AEE161}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F4ABB9D-304A-4925-8C98-53E2E9E2E6A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4185EE8E-03EF-4C2E-B34A-F24773EE41CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DD19BC0-8D56-41F2-BBA6-E1F63020D218}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5053FB91-682B-436F-8F80-3D4FFA351052}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5913CB17-9064-4159-9323-37D5CD6B5D68}" = protocol=6 | dir=out | app=system |
"{6C178907-0A86-4A63-8767-E451EAB8901B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EA43417-E1B8-46D3-8E5E-F350FBD439EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98462915-C232-4D3A-BA64-1439C736C6A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A5817B7A-EB84-400F-B1B7-22B7BECE34EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B4787F2E-2FA3-4222-B52F-4AE5EEFB1364}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA9DCF03-18A2-40D2-B40E-D8C983DA6BD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C99B5CD6-5C7F-410E-960C-7146A050F3A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9AC7846-8799-48E0-A585-0B3BD434B1C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E374593A-580D-44C2-A23B-EFC552A7A882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8207517-F4F1-4084-AD6C-988A4CDC999F}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EAD2EC74-0D35-4D3D-900E-D48B9AB5AE26}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EFC4B274-0D29-420D-BDBC-8C5FF0388D4A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{AC689693-B971-449C-8EA9-AC51E5D70F9C}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe" = protocol=6 | dir=in | app=c:\users\hilton\appdata\local\amazon music\amazon music helper.exe |
"UDP Query User{25F20FE1-CB5D-4B09-9160-3C9094A6B8A8}C:\users\hilton\appdata\local\amazon music\amazon music helper.exe" = protocol=17 | dir=in | app=c:\users\hilton\appdata\local\amazon music\amazon music helper.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series" = Canon MG3200 series MP Drivers
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{224024F1-88C6-4E06-9AF6-39FF47347338}" = eM Client
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{302600C1-6BDF-4FD1-1603-148929CC1385}" = Intel(R) Wireless Bluetooth(R)(patch version 19.0.1629.3590)
"{30500C7C-2206-3DC6-9792-96E95A04669D}" = Microsoft .NET Framework 4.6.1
"{34BF287B-24D9-4CFC-94A6-B1F4A92EC55D}" = Intel(R) Chipset Device Software
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.1.2.1733
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{74d0e5db-b326-4dae-a6b2-445b9de1836e}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{98f335cd-0a32-4b3f-b74c-ef9480e834f0}" = Intel(R) Chipset Device Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026
"{AC76BA86-0804-1033-1959-001824225037}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = Samsung USB Driver for Mobile Phones
"{D8A3D01E-BCBB-491B-856F-61E3B8563E32}" = Intel(R) Network Connections 19.5.303.0
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EEA30AEB-8BA7-465B-85D4-098BB99733E7}" = OpenOffice 4.1.3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player ActiveX" = Adobe Flash Player 26 ActiveX
"AI RoboForm" = RoboForm 8-3-7-7 (All Users)
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"MESOL" = Intel® Active Management Technology
"Mozilla Firefox 52.0 (x86 en-US)" = Mozilla Firefox 52.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROSetDX" = Intel(R) Network Connections 19.5.303.0
"Stardock Fences 3" = Stardock Fences 3
"Stardock ObjectDock" = Stardock ObjectDock
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"58d94f3ce2c27db0" = Dell System Detect
"Amazon Amazon Music" = Amazon Music
"Kodi" = Kodi
"Mozilla Firefox 53.0.3 (x86 en-US)" = Mozilla Firefox 53.0.3 (x86 en-US)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/23/2017 1:29:36 PM | Computer Name = hilton-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.18698 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1374 Start
Time: 01d2ec430c56d251 Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 6/23/2017 2:02:56 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/23/2017 3:10:55 PM | Computer Name = hilton-PC | Source = LMS | ID = 2
Description = LMS Service lost connection to HECI driver
Error - 6/23/2017 3:19:42 PM | Computer Name = hilton-PC | Source = LMS | ID = 2
Description = LMS Service lost connection to HECI driver
Error - 6/25/2017 10:45:32 AM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/25/2017 4:38:48 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 10:29:40 AM | Computer Name = hilton-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.18698 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17b8 Start
Time: 01d2ee87fe4a21fc Termination Time: 74 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:
Error - 6/26/2017 12:54:57 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 2:21:15 PM | Computer Name = hilton-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/26/2017 2:21:31 PM | Computer Name = hilton-PC | Source = System Restore | ID = 8210
Description =
[ System Events ]
Error - 12/25/2016 2:21:43 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10010
Description =
Error - 12/25/2016 2:25:34 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
Error - 12/25/2016 2:26:42 PM | Computer Name = hilton-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 12/25/2016 2:26:42 PM | Computer Name = hilton-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 12/26/2016 11:37:48 AM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 2:22:18 PM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 2:22:30 PM | Computer Name = hilton-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.
Error - 12/27/2016 3:44:01 PM | Computer Name = hilton-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 12/27/2016 3:44:45 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
Error - 12/27/2016 3:44:46 PM | Computer Name = hilton-PC | Source = DCOM | ID = 10016
Description =
< End of report >
----------------next......
OTL logfile created on: 6/30/2017 1:15:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hilton\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18697)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.57% Memory free
6.48 Gb Paging File | 5.34 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1859.99 Gb Total Space | 1817.06 Gb Free Space | 97.69% Space Free | Partition Type: NTFS
Computer Name: HILTON-PC | User Name: hilton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (All) ==========
PRC - [2017/06/30 13:10:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hilton\Downloads\OTL.exe
PRC - [2017/06/21 14:27:40 | 000,110,376 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2017/06/13 10:08:48 | 007,648,984 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2017/06/02 03:58:31 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2017/05/16 13:35:10 | 000,815,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2017/05/12 13:41:01 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2017/05/09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017/05/09 17:41:44 | 008,534,480 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
PRC - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PRC - [2017/04/27 14:41:40 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
PRC - [2017/03/30 10:58:17 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
PRC - [2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016/07/23 03:42:36 | 000,151,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Bluetooth\ibtsiva.exe
PRC - [2016/07/18 15:43:52 | 001,161,256 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe
PRC - [2016/07/18 15:43:44 | 001,722,408 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe
PRC - [2016/07/18 15:43:38 | 001,202,216 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe
PRC - [2016/06/29 16:50:18 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2015/04/12 23:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2014/10/16 14:38:56 | 000,180,992 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2012/04/01 13:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010/11/20 17:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 17:29:11 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2010/11/20 17:29:06 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2009/12/01 15:43:26 | 000,176,128 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/12/01 15:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 15:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009/07/13 21:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
========== Modules (All) ==========
MOD - [2017/06/30 13:10:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hilton\Downloads\OTL.exe
MOD - [2017/06/21 14:27:40 | 028,446,504 | ---- | M] (Siber Systems Inc.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
MOD - [2017/06/21 14:27:40 | 000,110,376 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
MOD - [2017/06/13 15:33:32 | 001,366,968 | ---- | M] (Stardock) -- c:\Program Files\Stardock\Fences\DesktopDock.dll
MOD - [2017/06/13 15:33:32 | 000,763,320 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Fences\FencesMenu.dll
MOD - [2017/06/13 15:33:32 | 000,053,720 | ---- | M] () -- c:\Program Files\Stardock\Fences\SdCrashReporter.dll
MOD - [2017/06/13 10:08:48 | 007,648,984 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
MOD - [2017/06/02 04:09:50 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2017/05/25 11:58:04 | 000,399,304 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll
MOD - [2017/05/22 10:56:04 | 000,306,704 | ---- | M] (BugSplat) -- c:\Program Files\Stardock\Fences\BugSplat.dll
MOD - [2017/05/22 10:56:04 | 000,106,000 | ---- | M] (BugSplat, LLC) -- c:\Program Files\Stardock\Fences\BugSplatRc.dll
MOD - [2017/05/21 00:06:33 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
MOD - [2017/05/21 00:06:32 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2017/05/21 00:06:29 | 000,655,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2017/05/21 00:06:29 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2017/05/21 00:06:29 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2017/05/21 00:06:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
MOD - [2017/05/21 00:06:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2017/05/21 00:06:17 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2017/05/21 00:06:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2017/05/20 23:42:24 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2017/05/19 13:26:21 | 001,042,392 | ---- | M] (Stardock Corporation) -- c:\Program Files\Stardock\Fences\SdAppServices.dll
MOD - [2017/05/16 13:35:10 | 000,815,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
MOD - [2017/05/16 13:35:10 | 000,235,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
MOD - [2017/05/14 15:16:37 | 002,290,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2017/05/14 15:12:11 | 000,476,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
MOD - [2017/05/14 15:11:45 | 020,274,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
MOD - [2017/05/14 14:44:07 | 004,549,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
MOD - [2017/05/14 14:38:51 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
MOD - [2017/05/14 14:30:17 | 013,664,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2017/05/14 14:15:06 | 002,767,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2017/05/14 14:14:54 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
MOD - [2017/05/14 14:11:26 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
MOD - [2017/05/14 14:11:22 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2017/05/14 14:07:14 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
MOD - [2017/05/12 14:04:46 | 001,310,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2017/05/12 14:03:19 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2017/05/12 14:03:18 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2017/05/12 14:03:08 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2017/05/12 14:03:07 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2017/05/12 14:03:05 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
MOD - [2017/05/12 14:03:03 | 001,629,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23807_none_5c02a265a011fb02\GdiPlus.dll
MOD - [2017/05/12 14:03:03 | 000,644,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2017/05/12 12:25:40 | 001,251,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
MOD - [2017/05/10 11:12:47 | 012,880,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2017/05/10 11:12:38 | 001,499,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2017/05/09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
MOD - [2017/05/09 17:41:44 | 008,534,480 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
MOD - [2017/05/09 17:40:08 | 001,596,856 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
MOD - [2017/05/09 17:33:20 | 004,793,344 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
MOD - [2017/04/17 11:12:24 | 001,417,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2017/04/17 11:12:24 | 000,581,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2017/04/17 11:12:18 | 000,872,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2017/04/17 11:12:18 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2017/04/12 11:26:12 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2017/04/12 11:25:04 | 001,176,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2017/04/12 11:25:04 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2017/04/11 14:53:16 | 000,104,960 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\scenegraph\softwarecontext.dll
MOD - [2017/04/11 14:52:58 | 000,697,344 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2017/04/11 14:52:36 | 000,096,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
MOD - [2017/04/11 14:52:32 | 000,172,544 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
MOD - [2017/04/11 14:52:04 | 000,035,328 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
MOD - [2017/04/11 14:51:56 | 000,074,752 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll
MOD - [2017/04/11 14:51:38 | 000,069,632 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2017/04/11 14:50:26 | 000,206,336 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
MOD - [2017/04/11 14:49:04 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
MOD - [2017/04/11 14:49:02 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
MOD - [2017/04/11 14:49:00 | 000,022,528 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll
MOD - [2017/04/11 14:48:58 | 000,044,032 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
MOD - [2017/04/11 14:48:58 | 000,013,312 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
MOD - [2017/04/11 14:47:56 | 002,567,168 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
MOD - [2017/04/11 14:46:22 | 002,514,432 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
MOD - [2017/04/11 14:45:08 | 000,328,704 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwebp.dll
MOD - [2017/04/11 14:45:00 | 000,030,208 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
MOD - [2017/04/11 14:45:00 | 000,019,968 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
MOD - [2017/04/11 14:44:58 | 000,318,976 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtiff.dll
MOD - [2017/04/11 14:44:58 | 000,247,808 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
MOD - [2017/04/11 14:44:54 | 000,017,920 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qwbmp.dll
MOD - [2017/04/11 14:44:50 | 000,038,912 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qdds.dll
MOD - [2017/04/11 14:44:50 | 000,018,944 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qtga.dll
MOD - [2017/04/11 14:44:48 | 000,031,232 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qicns.dll
MOD - [2017/04/11 14:44:42 | 000,992,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
MOD - [2017/04/11 14:44:26 | 000,242,176 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll
MOD - [2017/04/11 14:44:22 | 000,025,088 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
MOD - [2017/04/11 14:44:16 | 000,024,576 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qgif.dll
MOD - [2017/04/11 14:43:40 | 004,481,024 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
MOD - [2017/04/11 14:42:12 | 005,093,888 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
MOD - [2017/04/11 14:41:14 | 000,672,768 | ---- | M] (The Qt Company Ltd) -- C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
MOD - [2017/03/30 10:58:17 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
MOD - [2017/02/09 12:14:44 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2017/02/09 12:14:38 | 000,481,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2017/01/18 11:35:50 | 000,012,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
MOD - [2016/11/10 12:19:39 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2016/11/09 12:17:31 | 002,365,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2016/11/09 12:17:18 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2016/10/11 11:18:29 | 000,829,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2016/10/11 09:33:27 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
MOD - [2016/10/07 11:12:49 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2016/09/08 16:34:01 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2016/06/29 16:51:32 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2016/06/29 16:51:30 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
MOD - [2016/06/29 16:50:18 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
MOD - [2016/06/29 16:48:27 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
MOD - [2016/06/29 16:48:27 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
MOD - [2016/06/29 16:48:27 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
MOD - [2016/06/29 16:48:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
MOD - [2016/06/29 16:48:27 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
MOD - [2016/06/29 16:48:27 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MOD - [2016/06/29 16:46:09 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
MOD - [2016/06/14 11:21:27 | 003,209,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
MOD - [2016/06/14 11:21:27 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
MOD - [2016/06/14 11:21:20 | 001,005,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
MOD - [2016/06/14 11:21:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2016/06/14 11:21:18 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2016/05/12 11:18:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2016/05/12 09:04:55 | 000,249,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcryptprimitives.dll
MOD - [2016/05/11 11:19:26 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2016/05/11 11:19:25 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
MOD - [2016/05/11 11:19:24 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2016/05/11 11:19:16 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2016/04/09 00:20:04 | 001,230,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2016/03/09 14:40:16 | 000,316,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
MOD - [2015/12/08 17:53:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
MOD - [2015/12/08 17:53:47 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2015/11/11 14:39:34 | 001,242,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
MOD - [2015/10/29 13:49:58 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2015/10/29 13:49:57 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2015/09/01 13:52:53 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2015/08/27 13:58:14 | 001,391,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
MOD - [2015/07/09 13:42:54 | 001,372,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
MOD - [2015/07/09 13:42:54 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2015/05/25 14:01:39 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2015/04/24 13:54:13 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MOD - [2015/01/28 23:02:08 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
MOD - [2014/07/16 21:40:03 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2014/01/28 22:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
MOD - [2013/11/26 04:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
MOD - [2013/10/18 21:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2013/10/11 22:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2013/10/05 02:38:22 | 000,970,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\msvcr120.dll
MOD - [2013/10/05 02:38:22 | 000,455,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Malwarebytes\Anti-Malware\msvcp120.dll
MOD - [2013/07/25 21:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2012/12/07 08:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2012/12/07 08:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
MOD - [2012/10/09 13:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2012/10/03 12:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2012/07/04 17:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2012/04/01 13:22:26 | 000,336,160 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
MOD - [2012/01/04 04:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2011/12/30 01:27:56 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2011/12/16 03:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2011/08/27 00:26:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2011/06/16 00:33:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2011/03/11 01:33:09 | 001,699,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
MOD - [2011/03/03 01:38:01 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2010/11/20 17:29:50 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2010/11/20 17:29:49 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2010/11/20 17:29:41 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
MOD - [2010/11/20 17:29:41 | 000,547,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2010/11/20 17:29:41 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll
MOD - [2010/11/20 17:29:41 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2010/11/20 17:29:40 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2010/11/20 17:29:39 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2010/11/20 17:29:26 | 000,418,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
MOD - [2010/11/20 17:29:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
MOD - [2010/11/20 17:29:24 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2010/11/20 17:29:24 | 000,505,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
MOD - [2010/11/20 17:29:24 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2010/11/20 17:29:21 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\twext.dll
MOD - [2010/11/20 17:29:20 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2010/11/20 17:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2010/11/20 17:29:20 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2010/11/20 17:29:19 | 000,638,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
MOD - [2010/11/20 17:29:19 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2010/11/20 17:29:19 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2010/11/20 17:29:19 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2010/11/20 17:29:18 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2010/11/20 17:29:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2010/11/20 17:29:13 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2010/11/20 17:29:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2010/11/20 17:29:13 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010/11/20 17:29:12 | 001,063,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
MOD - [2010/11/20 17:29:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2010/11/20 17:29:12 | 000,854,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2010/11/20 17:29:12 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2010/11/20 17:29:12 | 000,649,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
MOD - [2010/11/20 17:29:12 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
MOD - [2010/11/20 17:29:12 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2010/11/20 17:29:12 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
MOD - [2010/11/20 17:29:12 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2010/11/20 17:29:12 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
MOD - [2010/11/20 17:29:12 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2010/11/20 17:29:12 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010/11/20 17:29:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2010/11/20 17:29:12 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2010/11/20 17:29:12 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2010/11/20 17:29:11 | 002,494,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2010/11/20 17:29:11 | 001,750,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2010/11/20 17:29:11 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2010/11/20 17:29:11 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2010/11/20 17:29:11 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2010/11/20 17:29:08 | 000,399,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
MOD - [2010/11/20 17:29:08 | 000,395,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
MOD - [2010/11/20 17:29:08 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2010/11/20 17:29:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
MOD - [2010/11/20 17:29:08 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
MOD - [2010/11/20 17:29:07 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2010/11/20 17:29:07 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2010/11/20 17:29:07 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2010/11/20 17:29:07 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2010/11/20 17:29:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2010/11/20 17:29:06 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2010/11/20 17:29:06 | 000,740,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2010/11/20 17:29:06 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2010/11/20 17:29:06 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
MOD - [2010/11/20 17:29:06 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2010/11/20 17:29:06 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
MOD - [2010/11/20 17:29:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2010/11/20 17:29:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010/11/20 17:29:06 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2010/11/20 17:29:06 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2010/11/20 17:29:04 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2010/11/20 17:29:04 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2010/11/20 17:29:03 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009/09/23 18:48:52 | 000,275,968 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
MOD - [2009/07/13 21:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/13 21:16:21 | 000,674,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwanmm.dll
MOD - [2009/07/13 21:16:21 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWanAPI.dll
MOD - [2009/07/13 21:16:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwapi.dll
MOD - [2009/07/13 21:16:20 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscinterop.dll
MOD - [2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009/07/13 21:16:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
MOD - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2009/07/13 21:16:20 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2009/07/13 21:16:19 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
MOD - [2009/07/13 21:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
MOD - [2009/07/13 21:16:19 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2009/07/13 21:16:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2009/07/13 21:16:18 | 000,262,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2009/07/13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
MOD - [2009/07/13 21:16:17 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
MOD - [2009/07/13 21:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009/07/13 21:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009/07/13 21:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/07/13 21:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/07/13 21:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009/07/13 21:16:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll
MOD - [2009/07/13 21:16:15 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Syncreg.dll
MOD - [2009/07/13 21:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2009/07/13 21:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2009/07/13 21:16:12 | 000,845,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
MOD - [2009/07/13 21:16:12 | 000,791,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\opengl32.dll
MOD - [2009/07/13 21:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
MOD - [2009/07/13 21:16:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009/07/13 21:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009/07/13 21:16:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2009/07/13 21:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:12 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
MOD - [2009/07/13 21:16:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2009/07/13 21:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009/07/13 21:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009/07/13 21:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2009/07/13 21:16:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2009/07/13 21:16:11 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2009/07/13 21:16:05 | 004,888,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
MOD - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll
MOD - [2009/07/13 21:15:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
MOD - [2009/07/13 21:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2009/07/13 21:15:44 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2009/07/13 21:15:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2009/07/13 21:15:41 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009/07/13 21:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2009/07/13 21:15:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2009/07/13 21:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2009/07/13 21:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009/07/13 21:15:24 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcproviders.dll
MOD - [2009/07/13 21:15:24 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2009/07/13 21:15:22 | 000,848,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSST.dll
MOD - [2009/07/13 21:15:22 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\glu32.dll
MOD - [2009/07/13 21:15:21 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
MOD - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2009/07/13 21:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/13 21:15:14 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2009/07/13 21:15:13 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dui70.dll
MOD - [2009/07/13 21:15:13 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2009/07/13 21:15:13 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2009/07/13 21:15:13 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2009/07/13 21:15:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsrole.dll
MOD - [2009/07/13 21:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2009/07/13 21:15:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devrtl.dll
MOD - [2009/07/13 21:15:11 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2009/07/13 21:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
MOD - [2009/07/13 21:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009/07/13 21:15:07 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
MOD - [2009/07/13 21:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009/07/13 21:14:58 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2009/07/13 21:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009/07/13 21:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2009/07/13 21:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:14:09 | 001,140,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
MOD - [2009/07/13 21:14:08 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll
MOD - [2009/07/13 21:08:30 | 002,628,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
MOD - [2009/07/13 21:05:30 | 000,925,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSRESM.dll
========== Services (All) ==========
SRV - [2017/06/15 13:19:19 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/06/02 03:58:31 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2017/05/20 23:42:23 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (EFS)
SRV - [2017/05/14 15:11:09 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017/05/12 13:45:37 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2017/05/12 12:25:40 | 000,909,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2017/05/10 11:01:19 | 002,092,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2017/04/26 13:09:48 | 000,194,032 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2017/04/25 09:12:12 | 000,083,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017/04/17 11:12:25 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2017/04/17 11:12:25 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2017/04/12 11:25:04 | 000,145,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2017/03/26 20:33:36 | 000,135,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2017/03/26 20:33:36 | 000,105,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2017/03/26 20:33:36 | 000,045,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2017/03/19 10:47:05 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/03/10 12:20:21 | 001,508,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2017/02/09 11:51:50 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2016/12/25 17:07:19 | 000,153,752 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2016/12/25 17:07:19 | 000,153,752 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2016/11/09 12:17:17 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2016/11/09 11:55:06 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2016/09/08 16:34:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2016/08/21 09:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/08/06 11:15:08 | 001,178,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM)
SRV - [2016/07/23 03:42:36 | 000,151,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\ibtsiva.exe -- (iBtSiva)
SRV - [2016/07/22 03:21:08 | 000,754,784 | ---- | M] (DEVGURU Co., LTD.) [On_Demand | Stopped] -- C:\Program Files\SAMSUNG\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- (ss_conn_service)
SRV - [2016/07/18 15:43:52 | 001,161,256 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2016/07/18 15:43:44 | 001,722,408 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2016/07/18 15:43:38 | 001,202,216 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2016/06/14 11:21:33 | 000,157,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2016/06/14 11:21:18 | 000,474,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2016/06/14 11:21:18 | 000,474,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2016/05/12 11:18:25 | 000,351,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2016/05/12 11:18:24 | 000,606,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2016/05/11 11:19:25 | 000,351,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2016/02/09 05:50:10 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2015/10/29 13:49:57 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2015/08/05 13:41:00 | 000,751,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2015/07/15 13:55:03 | 001,159,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2015/01/08 22:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2015/01/08 22:48:18 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2014/12/18 22:43:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2014/12/05 23:50:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2014/10/16 14:38:56 | 000,180,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R)
SRV - [2014/10/13 21:50:50 | 000,523,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2014/06/30 18:14:53 | 000,879,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/27 22:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2013/10/11 22:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/03 12:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2012/07/25 23:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/01 13:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2010/11/20 17:29:50 | 001,203,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbengine.exe -- (wbengine)
SRV - [2010/11/20 17:29:50 | 000,523,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2010/11/20 17:29:50 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2010/11/20 17:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/11/20 17:29:49 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV - [2010/11/20 17:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2010/11/20 17:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 17:29:41 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010/11/20 17:29:41 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010/11/20 17:29:41 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2010/11/20 17:29:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/11/20 17:29:29 | 000,556,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010/11/20 17:29:26 | 000,546,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cscsvc.dll -- (CscService)
SRV - [2010/11/20 17:29:25 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV)
SRV - [2010/11/20 17:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 17:29:24 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010/11/20 17:29:24 | 000,144,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2010/11/20 17:29:24 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010/11/20 17:29:21 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2010/11/20 17:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2010/11/20 17:29:20 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2010/11/20 17:29:20 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2010/11/20 17:29:13 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2010/11/20 17:29:13 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010/11/20 17:29:12 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010/11/20 17:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 17:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2010/11/20 17:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 17:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 17:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 17:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 17:29:08 | 000,453,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2010/11/20 17:29:07 | 000,330,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2010/11/20 17:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 17:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 17:29:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2010/11/20 17:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2010/11/20 17:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/12/01 15:43:26 | 000,176,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2009/12/01 15:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 15:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/07/13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/07/13 21:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/07/13 21:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/07/13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009/07/13 21:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\w32time.dll -- (w32time)
SRV - [2009/07/13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/07/13 21:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009/07/13 21:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/07/13 21:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/07/13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009/07/13 21:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009/07/13 21:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/13 21:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009/07/13 21:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/13 21:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/07/13 21:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009/07/13 21:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009/07/13 21:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009/07/13 21:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator)
SRV - [2009/07/13 21:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009/07/13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/06/10 17:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (All) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeplk.sys -- (mfeplk)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2017/06/29 10:30:25 | 000,162,240 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV - [2017/06/29 10:30:20 | 000,040,352 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtection)
DRV - [2017/06/29 10:30:19 | 000,221,600 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2017/05/21 00:10:13 | 000,137,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2017/05/21 00:10:13 | 000,067,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2017/05/20 23:43:01 | 000,226,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2017/05/20 23:42:58 | 000,098,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2017/05/20 23:42:53 | 000,124,416 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2017/05/12 13:45:36 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID)
DRV - [2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2017/05/07 11:14:32 | 000,078,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2017/04/07 11:26:50 | 000,730,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2017/04/05 11:00:19 | 000,311,808 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2017/04/05 11:00:11 | 000,313,856 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2017/04/05 11:00:07 | 000,116,224 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2017/04/04 11:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2017/04/04 11:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2017/03/10 11:51:41 | 000,148,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2017/03/10 11:51:40 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2016/12/18 22:20:31 | 000,038,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswTap.sys -- (aswTap)
DRV - [2016/11/20 10:07:42 | 000,373,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\cng.sys -- (CNG)
DRV - [2016/11/17 12:27:53 | 000,250,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2016/10/05 10:50:29 | 000,068,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2016/09/08 10:49:59 | 000,117,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2016/09/08 10:49:56 | 000,081,408 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2016/08/16 16:27:20 | 000,259,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2016/08/16 16:27:02 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2016/08/16 16:26:59 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2016/08/16 16:26:58 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2016/08/16 16:26:56 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2016/07/22 03:21:06 | 000,146,048 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2016/07/22 03:21:06 | 000,107,648 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2016/07/07 10:57:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2016/06/14 11:17:57 | 000,593,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2016/02/03 13:59:58 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2016/01/20 20:51:31 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (Disk)
DRV - [2016/01/11 14:54:03 | 001,212,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2015/12/08 17:11:16 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2015/10/13 17:59:10 | 000,116,200 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV - [2015/10/13 17:59:08 | 000,072,168 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2015/05/29 16:43:42 | 000,026,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV - [2015/02/24 23:03:14 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2014/07/16 21:03:11 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2014/07/16 21:02:33 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2014/02/03 22:07:50 | 000,234,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2013/07/12 06:07:54 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2013/07/03 00:02:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2013/06/25 18:56:40 | 000,527,064 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2013/01/24 00:47:07 | 000,196,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol)
DRV - [2012/10/30 02:22:30 | 000,232,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2012/07/25 22:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/25 22:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/07/06 15:23:23 | 000,393,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2012/03/31 23:53:04 | 000,153,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/03/31 23:52:58 | 000,504,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwampfl.sys -- (btwampfl)
DRV - [2012/03/17 03:27:18 | 000,056,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/03/05 08:29:16 | 000,175,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2012/03/05 08:28:58 | 000,018,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2012/03/01 01:46:57 | 000,019,824 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2012/02/17 00:13:22 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2011/09/16 21:36:56 | 000,033,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011/04/27 23:15:03 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 01:39:00 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 01:38:37 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 01:38:37 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdxata.sys -- (amdxata)
DRV - [2010/11/20 17:29:49 | 000,133,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2010/11/20 17:29:26 | 000,388,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2010/11/20 17:29:24 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:20 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2010/11/20 17:29:20 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2010/11/20 17:29:20 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2010/11/20 17:29:20 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/11/20 17:29:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010/11/20 17:29:19 | 000,242,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2010/11/20 17:29:19 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2010/11/20 17:29:13 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2010/11/20 17:29:12 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/20 17:29:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2010/11/20 17:29:07 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2010/11/20 17:29:04 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010/11/20 17:29:03 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/11/20 17:29:03 | 000,274,304 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010/11/20 17:29:03 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010/11/20 17:29:03 | 000,153,984 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2010/11/20 17:29:03 | 000,130,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2010/11/20 17:29:03 | 000,116,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2010/11/20 17:29:03 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2010/11/20 17:29:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2010/11/20 17:29:03 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010/11/20 17:29:03 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2010/11/20 17:29:03 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/15 15:37:52 | 000,382,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/18 19:32:06 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/07/13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/07/13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/07/13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2009/07/13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009/07/13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2009/07/13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2009/07/13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009/07/13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2009/07/13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2009/07/13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2009/07/13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2009/07/13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2009/07/13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009/07/13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn)
DRV - [2009/07/13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/07/13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/07/13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2009/07/13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009/07/13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009/07/13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2009/07/13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009/07/13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009/07/13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009/07/13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009/07/13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009/07/13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/07/13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009/07/13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009/07/13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009/07/13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:51:43 | 000,093,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan)
DRV - [2009/07/13 19:51:41 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM)
DRV - [2009/07/13 19:51:36 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2009/07/13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2009/07/13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/07/13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2009/07/13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2009/07/13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009/07/13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2009/07/13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2009/07/13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2009/07/13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2009/07/13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2009/07/13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009/07/13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2009/07/13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009/07/13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009/07/13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009/07/13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009/07/13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009/07/13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009/07/13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009/07/13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2009/07/13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2009/07/13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2009/07/13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2009/07/13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2009/07/13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009/07/13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009/07/13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/07/13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2009/07/13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2009/07/13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 17:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2009/07/13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F FF 75 80 CC E2 D2 01 [binary data]
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 47 B9 81 76 61 E4 D2 01 [binary data]
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\SearchScopes,DefaultScope = {91566AD5-071B-451D-9504-A58141841FA2}
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\SearchScopes\{91566AD5-071B-451D-9504-A58141841FA2}: "URL" = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Amazon.com,DuckDuckGo,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Powered"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3
FF - prefs.js..keyword.URL: true
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\hilton\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rf-firefox@siber.com: C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017/06/21 14:27:40 | 001,151,353 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\rf-firefox@siber.com: C:\Program Files\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017/06/21 14:27:40 | 001,151,353 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 53.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2016/12/30 13:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Extensions
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\browser-extension-data
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2017/06/13 11:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\extensions
[2017/06/13 11:25:53 | 001,059,016 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017/04/06 12:45:17 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{24ba2855-20b3-4585-bcde-f033a53eda89}\disable-prefetch@mozilla.org.xpi
[2017/04/06 12:45:17 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{24ba2855-20b3-4585-bcde-f033a53eda89}\e10srollout@mozilla.org.xpi
[2017/06/13 11:26:00 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\disable-cert-transparency@mozilla.org.xpi
[2017/06/13 11:26:01 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\disable-prefetch@mozilla.org.xpi
[2017/06/13 11:26:01 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{4586968c-b104-4f8e-ba26-6d251e589a74}\e10srollout@mozilla.org.xpi
[2017/04/12 16:20:06 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{a50a3c83-bc20-49cb-8701-088133a3746b}\disable-prefetch@mozilla.org.xpi
[2017/04/12 16:20:09 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{a50a3c83-bc20-49cb-8701-088133a3746b}\e10srollout@mozilla.org.xpi
[2017/04/17 11:20:07 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{d2c77760-8bdc-4d39-8b9d-8fbc07ab6b8b}\disable-prefetch@mozilla.org.xpi
[2017/04/17 11:20:07 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\hilton\AppData\Roaming\Mozilla\Firefox\Profiles\pc153f57.default-1485114558992\features\{d2c77760-8bdc-4d39-8b9d-8fbc07ab6b8b}\e10srollout@mozilla.org.xpi
[2017/06/28 15:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
O1 HOSTS File: ([2017/05/17 13:54:12 | 000,000,824 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Fences] C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [Fences] c:\program files\stardock\fences\Fences.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_26_0_0_126_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Set Fields - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSetFields.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3292114827-816517840-1514174382-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} https://files.pcpitstop.com/cab/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78AF187-32FB-4F20-86D2-C40DA41B6832}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: CCleaner Monitoring - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: eM Client - hkey= - key= - C:\Program Files\eM Client\MailClient.exe (eM Client s.r.o.)
MsConfig - StartUpReg: Fences - hkey= - key= - C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
MsConfig - StartUpReg: Malwarebytes TrayApp - hkey= - key= - C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 2
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30500C7C-2206-3DC6-9792-96E95A04669D} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MBAMService - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
========== Files/Folders - Created Within 30 Days ==========
[2017/06/25 16:38:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/06/24 14:41:31 | 006,488,488 | ---- | C] (SosVirus) -- C:\Users\hilton\Desktop\AdsFix.exe
[2017/06/21 15:05:35 | 000,162,240 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/06/21 15:05:27 | 000,085,400 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/06/21 15:05:27 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/06/21 15:05:18 | 000,040,352 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/06/21 15:04:42 | 000,221,600 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/06/21 15:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/06/21 15:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/06/21 15:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/06/14 13:30:56 | 000,000,000 | ---D | C] -- C:\Users\hilton\Documents\TotalAV
[2017/06/14 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Roaming\TotalAV
[2017/06/14 07:49:50 | 003,550,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_47.dll
[2017/06/14 07:49:47 | 004,549,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2017/06/14 07:49:46 | 004,001,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2017/06/14 07:49:46 | 003,945,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2017/06/14 07:49:46 | 002,401,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2017/06/14 07:49:45 | 001,549,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/06/14 07:49:45 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/06/14 07:49:45 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/06/14 07:49:44 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2017/06/14 07:49:44 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2017/06/14 07:49:44 | 000,346,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2017/06/14 07:49:44 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2017/06/14 07:49:44 | 000,091,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2017/06/14 07:49:43 | 002,953,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2017/06/14 07:49:43 | 002,057,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2017/06/14 07:49:43 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2017/06/14 07:49:43 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2017/06/14 07:49:43 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/06/14 07:49:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2017/06/14 07:49:43 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2017/06/14 07:49:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/06/14 07:49:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/06/14 07:49:43 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2017/06/14 07:49:43 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/06/14 07:49:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/06/14 07:49:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/06/14 07:49:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/06/14 07:49:42 | 001,499,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2017/06/14 07:49:42 | 001,251,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2017/06/14 07:49:42 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2017/06/14 07:49:42 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2017/06/14 07:49:42 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2017/06/14 07:49:42 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2017/06/14 07:49:42 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2017/06/14 07:49:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2017/06/14 07:49:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2017/06/14 07:49:41 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2017/06/14 07:49:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2017/06/14 07:49:41 | 000,689,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2017/06/14 07:49:41 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2017/06/14 07:49:41 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2017/06/14 07:49:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2017/06/14 07:49:41 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2017/06/14 07:49:41 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2017/06/14 07:49:41 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2017/06/14 07:49:41 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2017/06/14 07:49:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2017/06/14 07:49:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2017/06/14 07:49:41 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2017/06/14 07:49:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2017/06/14 07:49:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2017/06/14 07:49:41 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2017/06/14 07:49:41 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2017/06/14 07:49:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2017/06/14 07:49:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2017/06/14 07:49:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2017/06/14 07:49:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2017/06/14 07:49:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2017/06/14 07:49:41 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2017/06/14 07:49:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2017/06/14 07:49:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2017/06/14 07:49:41 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2017/06/14 07:49:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2017/06/14 07:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2017/06/14 07:49:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2017/06/14 07:49:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2017/06/14 07:49:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2017/06/14 07:49:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2017/06/14 07:49:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2017/06/14 07:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2017/06/14 07:49:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2017/06/14 07:49:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2017/06/13 13:03:34 | 000,897,696 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\hilton\Desktop\Dell Sonic Firewall.exe
[2017/06/13 12:04:25 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\hilton\Desktop\ATF-Cleaner.exe
[2017/06/13 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2017/06/13 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[2017/06/13 10:22:59 | 000,000,000 | ---D | C] -- C:\Users\hilton\AppData\Local\Citrix
[14 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2017/06/30 13:11:24 | 000,000,460 | ---- | M] () -- C:\Users\hilton\Desktop\PC Help Forum.website
[2017/06/30 13:11:18 | 000,001,091 | ---- | M] () -- C:\Users\hilton\Desktop\OTL - Shortcut.lnk
[2017/06/30 13:00:23 | 000,000,524 | ---- | M] () -- C:\Users\hilton\Desktop\MyFitnessPal (1).website
[2017/06/30 12:43:27 | 000,000,487 | ---- | M] () -- C:\Users\hilton\Desktop\Gmail.website
[2017/06/30 12:42:43 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/06/30 12:39:17 | 000,000,565 | ---- | M] () -- C:\Users\hilton\Desktop\News & Observer.website
[2017/06/30 12:26:33 | 000,000,629 | ---- | M] () -- C:\Users\hilton\Desktop\DRUDGE REPORT 2016®.website
[2017/06/30 05:01:54 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/06/30 05:01:54 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/06/29 10:30:25 | 000,162,240 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/06/29 10:30:22 | 000,085,400 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/06/29 10:30:20 | 000,040,352 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/06/29 10:30:19 | 000,221,600 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/06/29 10:30:12 | 000,059,936 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017/06/28 15:22:06 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/06/28 14:49:46 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/06/28 12:57:47 | 000,661,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/06/28 12:57:47 | 000,121,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/06/28 12:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/06/28 12:53:32 | 2608,287,744 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/28 11:59:35 | 000,000,470 | ---- | M] () -- C:\Users\hilton\Desktop\FL Pharm.website
[2017/06/28 10:21:59 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/06/26 12:22:50 | 000,016,349 | ---- | M] () -- C:\Users\hilton\Documents\NEW MEDS.odt
[2017/06/24 16:22:10 | 000,000,520 | ---- | M] () -- C:\Users\hilton\Desktop\Login - Login - TotalAV.website
[2017/06/24 14:41:15 | 006,488,488 | ---- | M] (SosVirus) -- C:\Users\hilton\Desktop\AdsFix.exe
[2017/06/23 15:45:28 | 000,001,180 | ---- | M] () -- C:\Users\hilton\Desktop\.sprint.website
[2017/06/21 15:35:28 | 000,000,467 | ---- | M] () -- C:\Users\hilton\Desktop\Sign In Humana.website
[2017/06/20 13:46:38 | 000,000,496 | ---- | M] () -- C:\Users\hilton\Desktop\Google.website
[2017/06/20 13:46:35 | 000,000,185 | ---- | M] () -- C:\Users\hilton\Desktop\Official PC Matic-PC Pitstop Support.url
[2017/06/19 14:51:29 | 000,000,544 | ---- | M] () -- C:\Users\hilton\Desktop\Calendar.website
[2017/06/19 13:46:30 | 000,000,228 | ---- | M] () -- C:\Users\hilton\Desktop\GoToMyPC My Account.url
[2017/06/19 09:47:10 | 000,000,514 | ---- | M] () -- C:\Users\hilton\Desktop\MyChart - Login Page.website
[2017/06/16 17:13:15 | 000,000,521 | ---- | M] () -- C:\Users\hilton\Desktop\Grocery Store Food Lion.website
[2017/06/15 13:19:18 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2017/06/15 13:19:18 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2017/06/15 03:24:20 | 000,290,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017/06/13 12:55:14 | 000,013,133 | ---- | M] () -- C:\Users\hilton\Desktop\Windows Defender -.lnk
[2017/06/13 10:43:47 | 000,000,751 | ---- | M] () -- C:\Users\hilton\Desktop\State Farm®.website
[2017/06/09 15:28:45 | 000,000,215 | ---- | M] () -- C:\Users\hilton\Desktop\Komando.url
[2017/06/07 14:20:43 | 000,000,502 | ---- | M] () -- C:\Users\hilton\Desktop\MSN.website
[2017/06/06 17:07:44 | 000,000,438 | ---- | M] () -- C:\Users\hilton\Desktop\SpinLife Nationwide Service We Repair Power Chairs, Scooters, Lift Chairs & More.website
[2017/06/06 15:27:26 | 000,000,505 | ---- | M] () -- C:\Users\hilton\Desktop\Survey.website
[2017/06/02 14:25:02 | 000,000,516 | ---- | M] () -- C:\Users\hilton\Desktop\Netflix.website
[2017/06/02 04:09:56 | 001,549,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2017/06/02 04:09:50 | 001,400,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2017/06/02 04:09:50 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2017/06/02 04:09:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2017/06/02 04:09:50 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2017/06/02 04:09:50 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2017/06/02 04:09:50 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2017/06/02 04:09:50 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2017/06/02 03:57:49 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2017/06/02 03:57:31 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2017/06/01 12:46:36 | 000,000,559 | ---- | M] () -- C:\Users\hilton\Desktop\Search - BeenVerified.website
[14 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2017/06/30 13:11:18 | 000,001,091 | ---- | C] () -- C:\Users\hilton\Desktop\OTL - Shortcut.lnk
[2017/06/26 12:22:47 | 000,016,349 | ---- | C] () -- C:\Users\hilton\Documents\NEW MEDS.odt
[2017/06/25 16:36:02 | 2608,287,744 | -HS- | C] () -- C:\hiberfil.sys
[2017/06/21 15:04:36 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/06/21 15:04:33 | 000,059,936 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017/06/20 13:46:35 | 000,000,185 | ---- | C] () -- C:\Users\hilton\Desktop\Official PC Matic-PC Pitstop Support.url
[2017/06/19 13:46:29 | 000,000,228 | ---- | C] () -- C:\Users\hilton\Desktop\GoToMyPC My Account.url
[2017/06/14 07:49:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017/06/13 12:55:14 | 000,013,133 | ---- | C] () -- C:\Users\hilton\Desktop\Windows Defender -.lnk
[2017/06/09 15:28:44 | 000,000,215 | ---- | C] () -- C:\Users\hilton\Desktop\Komando.url
[2017/06/06 17:07:44 | 000,000,438 | ---- | C] () -- C:\Users\hilton\Desktop\SpinLife Nationwide Service We Repair Power Chairs, Scooters, Lift Chairs & More.website
[2016/07/15 13:39:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/07/02 15:56:45 | 000,032,832 | ---- | C] () -- C:\Windows\System32\rnd_chunk.bin
========== ZeroAccess Check ==========
[2017/04/12 15:18:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/05/10 11:12:47 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2017/01/28 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Canon
[2017/04/12 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Dashlane
[2017/06/29 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\eM Client
[2017/04/17 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Kodi
[2017/04/12 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\OpenOffice
[2017/06/25 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Remo
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\RoboForm
[2017/01/06 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Samsung
[2017/04/12 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Stardock
[2017/06/14 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\TotalAV
[2017/04/12 15:18:43 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\AVAST Software
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009/07/14 00:53:46 | 000,014,124 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2009/07/14 00:53:46 | 000,032,576 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 00:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< ================================================================ >
< HKCU\Software >
"TM" = 0140
"U_TM" = 0140
"U_DT" = 20160715
"U_SDT" =
"U_VER" = 3.21
[HKEY_CURRENT_USER\Software\Adobe]
[HKEY_CURRENT_USER\Software\Amazon]
[HKEY_CURRENT_USER\Software\Amazon Services LLC]
[HKEY_CURRENT_USER\Software\Analog Devices]
[HKEY_CURRENT_USER\Software\AppDataLow]
[HKEY_CURRENT_USER\Software\AVAST Software]
[HKEY_CURRENT_USER\Software\Canon]
[HKEY_CURRENT_USER\Software\Chromium]
[HKEY_CURRENT_USER\Software\Clients]
[HKEY_CURRENT_USER\Software\Dashlane_profiles]
[HKEY_CURRENT_USER\Software\DriverSupport]
[HKEY_CURRENT_USER\Software\eM Client]
[HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\Intel]
[HKEY_CURRENT_USER\Software\jtosjykc]
[HKEY_CURRENT_USER\Software\Kodi]
[HKEY_CURRENT_USER\Software\Macromedia]
[HKEY_CURRENT_USER\Software\Malwarebytes]
[HKEY_CURRENT_USER\Software\Microsoft]
[HKEY_CURRENT_USER\Software\Mozilla]
[HKEY_CURRENT_USER\Software\MozillaPlugins]
[HKEY_CURRENT_USER\Software\Netscape]
[HKEY_CURRENT_USER\Software\OpenOffice]
[HKEY_CURRENT_USER\Software\ovbrx]
[HKEY_CURRENT_USER\Software\PCPitstop]
[HKEY_CURRENT_USER\Software\Piriform]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_CURRENT_USER\Software\QtProject]
[HKEY_CURRENT_USER\Software\Samsung]
[HKEY_CURRENT_USER\Software\Siber Systems]
[HKEY_CURRENT_USER\Software\SnigelWeb]
[HKEY_CURRENT_USER\Software\Stardock]
[HKEY_CURRENT_USER\Software\Sysinternals]
[HKEY_CURRENT_USER\Software\Widcomm]
[HKEY_CURRENT_USER\Software\Classes]
< HKCU\Software\AppDataLow /s >
[HKEY_CURRENT_USER\Software\AppDataLow\Software]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\AntiPhishing]
"i" = 19C7B9DF-D590-437B-80CD-B1EE20BFE8AA [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2]
"UserFile" = 01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB 01 00 00 00 4F CC 3B E1 66 10 12 43 BA 01 BF 88 8C 48 DA 65 00 00 00 00 12 00 00 00 55 00 73 00 65 00 72 00 46 00 69 00 6C 00 65 00 00 00 10 66 00 00 00 01 00 00 20 00 00 00 C4 0D D3 22 DB 86 30 9B 98 02 AE 79 51 11 BF 1A 0B D6 F7 5D 37 95 4D 40 F5 0F B0 76 B8 C0 7B 6E 00 00 00 00 0E 80 00 00 00 02 00 00 20 00 00 00 54 04 8A 21 49 8F C4 BC 5B BB 29 13 02 17 E7 56 9F 12 FC F6 38 BB C9 95 7B 10 52 39 A2 5C E3 7E 10 00 00 00 53 68 2C E2 C1 37 82 C2 27 4B D0 E7 99 DB 53 87 40 00 00 00 4C 04 AC EB A0 50 40 E5 87 EC 6B BA 73 38 AE D4 BF 49 71 D0 29 3F 01 0F 59 34 02 99 FF A5 C2 72 33 EF E8 C0 BA 75 49 C0 54 A6 43 00 FD 81 2A C2 73 1A 80 47 13 ED 38 2C 1D 55 5F AA 8B A8 D6 F9 [Binary data over 200 bytes]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\RepService]
"i" = 468FFA79-B8F8-49BD-939C-FA557AFE282A [binary data]
"B" = 50.000000 [binary data]
"A" = .cpl,.exe,.dll,.ocx,.sys,.scr,.drv [Binary data over 200 bytes]
"E" = 1 [binary data]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Silverlight]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\Silverlight\Permissions]
< HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >
"NoDriveTypeAutoRun" = 145
< HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >
< HKLM\Software >
"" =
[HKEY_LOCAL_MACHINE\Software\Adobe]
[HKEY_LOCAL_MACHINE\Software\AdsFix]
[HKEY_LOCAL_MACHINE\Software\Analog Devices]
[HKEY_LOCAL_MACHINE\Software\ATI Technologies]
[HKEY_LOCAL_MACHINE\Software\AVAST Software]
[HKEY_LOCAL_MACHINE\Software\Canon]
[HKEY_LOCAL_MACHINE\Software\CBSTEST]
[HKEY_LOCAL_MACHINE\Software\Citrix]
[HKEY_LOCAL_MACHINE\Software\Classes]
[HKEY_LOCAL_MACHINE\Software\Clients]
[HKEY_LOCAL_MACHINE\Software\DriverSupport]
[HKEY_LOCAL_MACHINE\Software\g3n-h@ckm@n]
[HKEY_LOCAL_MACHINE\Software\GEAR Software]
[HKEY_LOCAL_MACHINE\Software\Google]
[HKEY_LOCAL_MACHINE\Software\InstalledOptions]
[HKEY_LOCAL_MACHINE\Software\Intel]
[HKEY_LOCAL_MACHINE\Software\Macromedia]
[HKEY_LOCAL_MACHINE\Software\Microsoft]
[HKEY_LOCAL_MACHINE\Software\Mozilla]
[HKEY_LOCAL_MACHINE\Software\mozilla.org]
[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\Software\ODBC]
[HKEY_LOCAL_MACHINE\Software\OldTimer Tools]
[HKEY_LOCAL_MACHINE\Software\OpenOffice]
[HKEY_LOCAL_MACHINE\Software\PCPitstop]
[HKEY_LOCAL_MACHINE\Software\Piriform]
[HKEY_LOCAL_MACHINE\Software\Policies]
[HKEY_LOCAL_MACHINE\Software\Reason]
[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\Software\SAMSUNG]
[HKEY_LOCAL_MACHINE\Software\Siber Systems]
[HKEY_LOCAL_MACHINE\Software\Sonic]
[HKEY_LOCAL_MACHINE\Software\Stardock]
[HKEY_LOCAL_MACHINE\Software\Synaptics]
[HKEY_LOCAL_MACHINE\Software\sysinternals]
[HKEY_LOCAL_MACHINE\Software\Volatile]
[HKEY_LOCAL_MACHINE\Software\Widcomm]
[HKEY_LOCAL_MACHINE\Software\WOW6432Node]
< HKCU\Software\Microsoft\Command Processor /s >
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9
< HKLM\Software\Microsoft\Command Processor /s >
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s >
< HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /s >
"ConsentPromptBehaviorAdmin" = 5
"ConsentPromptBehaviorUser" = 3
"EnableInstallerDetection" = 1
"EnableLUA" = 1
"EnableSecureUIAPaths" = 1
"EnableUIADesktopToggle" = 0
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17
< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /s >
< HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s >
< %Homedrive%\* >
[2017/04/02 16:17:19 | 000,025,188 | ---- | M] () -- C:\AdsFix_02_04_2017_16_17_19.txt
[2017/06/25 16:36:02 | 000,028,806 | ---- | M] () -- C:\AdsFix_25_06_2017_16_36_02.txt
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/01/25 16:34:35 | 000,000,037 | ---- | M] () -- C:\DevMgr.bat
[2017/06/28 12:53:32 | 2608,287,744 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/28 12:53:34 | 3477,721,088 | -HS- | M] () -- C:\pagefile.sys
[2017/06/28 12:12:21 | 000,072,558 | ---- | M] () -- C:\QuickDiag.txt
[2017/06/23 14:38:30 | 000,201,513 | R--- | M] () -- C:\QuickDiag_23_06_2017_14_38_30.txt
[2017/03/30 12:29:50 | 000,230,674 | R--- | M] () -- C:\QuickDiag_30_03_2017_12_29_51.txt
< %Homedrive%\*. >
[2017/06/25 16:38:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2016/08/10 13:53:26 | 000,000,000 | ---D | M] -- C:\95fcae343f4f0cedab9b17240bf8
[2017/06/26 14:32:55 | 000,000,000 | ---D | M] -- C:\AdsFix
[2017/04/21 14:19:58 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2017/06/19 15:11:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2016/08/20 14:06:16 | 000,000,000 | ---D | M] -- C:\Dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2016/08/01 14:18:40 | 000,000,000 | ---D | M] -- C:\DRIVERS
[2017/04/23 15:23:04 | 000,000,000 | ---D | M] -- C:\FRST
[2016/08/01 14:35:27 | 000,000,000 | ---D | M] -- C:\Intel
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2017/06/26 14:32:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2017/06/26 14:32:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2017/06/28 12:12:13 | 000,000,000 | ---D | M] -- C:\QuickDiag
[2016/06/29 16:30:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2016/06/27 19:57:44 | 000,000,000 | -H-D | M] -- C:\RPKTools
[2016/07/05 14:05:37 | 000,000,000 | ---D | M] -- C:\SWSetup
[2017/06/27 02:20:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/23 20:44:40 | 000,000,000 | -H-D | M] -- C:\Tools
[2017/06/26 14:32:41 | 000,000,000 | R--D | M] -- C:\Users
[2017/06/28 11:56:16 | 000,000,000 | ---D | M] -- C:\Windows
< %Homedrive%\Recycler\*.exe /s >
< %Homedrive%\Recycler\*.scr /s >
< %Homedrive%\Recycler\*.pif /s >
< %Homedrive%\Recycler\*.vb* /s >
< %Homedrive%\$Recycle.bin\*.exe /s >
< %Homedrive%\$Recycle.bin\*.scr /s >
< %Homedrive%\$Recycle.bin\*.pif /s >
< %Homedrive%\$Recycle.bin\*.vb* /s >
< %Userprofile%\* >
[2017/06/30 13:47:59 | 006,029,312 | -HS- | M] () -- C:\Users\hilton\ntuser.dat
[2017/06/30 13:47:58 | 000,262,144 | -HS- | M] () -- C:\Users\hilton\ntuser.dat.LOG1
[2016/06/29 16:31:02 | 000,000,000 | -HS- | M] () -- C:\Users\hilton\ntuser.dat.LOG2
[2017/04/12 15:29:59 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TM.blf
[2017/04/12 15:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TMContainer00000000000000000001.regtrans-ms
[2017/04/12 15:29:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{2b899727-1fa6-11e7-9604-001e4ff1b1f4}.TMContainer00000000000000000002.regtrans-ms
[2016/06/29 16:53:05 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2016/06/29 16:53:05 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2016/06/29 16:53:05 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2016/12/06 22:11:59 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TM.blf
[2016/12/06 22:11:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TMContainer00000000000000000001.regtrans-ms
[2016/12/06 22:11:59 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\NTUSER.DAT{9ce04edb-b001-11e6-a6f8-001986000c73}.TMContainer00000000000000000002.regtrans-ms
[2017/04/17 03:26:12 | 000,065,536 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TM.blf
[2017/04/17 03:26:12 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TMContainer00000000000000000001.regtrans-ms
[2017/04/17 03:26:12 | 000,524,288 | -HS- | M] () -- C:\Users\hilton\ntuser.dat{f56a0772-22b8-11e7-885a-001e4ff1b1f4}.TMContainer00000000000000000002.regtrans-ms
[2010/11/20 16:57:02 | 000,000,020 | -HS- | M] () -- C:\Users\hilton\ntuser.ini
< %Userprofile%\*. >
[2017/04/12 14:19:26 | 000,000,000 | -H-D | M] -- C:\Users\hilton\AppData
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Application Data
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Contacts
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Cookies
[2017/06/30 13:11:18 | 000,000,000 | R--D | M] -- C:\Users\hilton\Desktop
[2017/06/26 12:23:27 | 000,000,000 | R--D | M] -- C:\Users\hilton\Documents
[2017/06/30 13:10:40 | 000,000,000 | R--D | M] -- C:\Users\hilton\Downloads
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Favorites
[2017/06/15 13:17:57 | 000,000,000 | R--D | M] -- C:\Users\hilton\Links
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\My Documents
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\NetHood
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Pictures
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\PrintHood
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Recent
[2017/06/15 13:17:57 | 000,000,000 | R--D | M] -- C:\Users\hilton\Saved Games
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Searches
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\SendTo
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Start Menu
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Templates
[2017/06/15 13:17:56 | 000,000,000 | R--D | M] -- C:\Users\hilton\Videos
< %Allusersprofile%\* >
[2017/04/23 15:51:52 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
< %Allusersprofile%\*. >
[2017/04/12 14:14:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2017/04/20 11:08:20 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2017/04/12 14:14:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2017/01/28 15:19:08 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2016/08/01 14:10:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2017/04/12 14:14:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Support
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2017/04/26 13:09:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2017/06/21 15:04:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2017/06/26 14:32:42 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2017/06/26 14:32:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2017/05/17 13:56:47 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2017/04/16 14:42:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2017/06/26 14:32:41 | 000,000,000 | ---D | M] -- C:\ProgramData\PCPitstop
[2016/06/29 18:33:19 | 000,000,000 | ---D | M] -- C:\ProgramData\RoboForm
[2016/08/31 15:01:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2017/04/16 14:46:08 | 000,000,000 | ---D | M] -- C:\ProgramData\SecuritySuite
[2017/04/12 14:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
< %LocalAppData%\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\AppData\Local\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\AppData\Local\IconCache.db
< %LocalAppData%\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\AppData\Local\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Local\VirtualStore
< %AppData%\* >
< %AppData%\*. >
[2017/04/12 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Adobe
[2017/01/28 15:25:47 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Canon
[2017/04/12 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Dashlane
[2017/06/29 13:26:59 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\eM Client
[2010/11/20 16:57:14 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Identities
[2012/07/23 19:53:50 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\InstallShield
[2017/04/17 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Kodi
[2016/07/04 15:27:35 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Macromedia
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\McAfee
[2017/06/26 14:32:30 | 000,000,000 | --SD | M] -- C:\Users\hilton\AppData\Roaming\Microsoft
[2017/04/12 14:19:29 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Mozilla
[2017/04/12 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\OpenOffice
[2017/06/25 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Remo
[2017/06/26 14:32:30 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\RoboForm
[2017/01/06 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Samsung
[2017/04/12 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\Stardock
[2017/06/14 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\AppData\Roaming\TotalAV
< %Userprofile%\Local Settings\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\Local Settings\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\Local Settings\IconCache.db
< %Userprofile%\Local Settings\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\VirtualStore
< %Userprofile%\Local Settings\Application Data\* >
[2017/01/21 17:12:55 | 000,065,776 | ---- | M] () -- C:\Users\hilton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2017/06/28 12:52:26 | 002,499,297 | -H-- | M] () -- C:\Users\hilton\Local Settings\Application Data\IconCache.db
< %Userprofile%\Local Settings\Application Data\*. >
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\76f7c66
[2017/06/15 13:19:03 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Adobe
[2017/06/26 14:32:32 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Amazon Music
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\Application Data
[2017/04/12 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Apps
[2016/12/21 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\AVAST Software
[2017/02/27 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Broadcom
[2016/07/13 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\CEF
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Citrix
[2017/04/26 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\CrashDumps
[2017/06/29 15:54:56 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Deployment
[2017/06/14 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Diagnostics
[2017/06/24 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\ElevatedDiagnostics
[2017/04/12 14:16:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Google
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\GoToAssist Remote Support Customer
[2016/07/03 12:23:08 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\GWX
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\History
[2016/09/05 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\LogMeIn Rescue Applet
[2016/09/05 14:21:27 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\McAfee File Lock
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Microsoft
[2017/04/12 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Microsoft Games
[2017/04/12 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Mozilla
[2016/08/12 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Packages
[2016/07/02 15:09:05 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Programs
[2017/06/26 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Stardock
[2017/06/30 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\Temp
[2016/06/29 16:31:07 | 000,000,000 | -HSD | M] -- C:\Users\hilton\Local Settings\Application Data\Temporary Internet Files
[2017/04/12 14:19:23 | 000,000,000 | ---D | M] -- C:\Users\hilton\Local Settings\Application Data\VirtualStore
< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\* >
< %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave\FlashWritableRoot\#SharedObjects\*. >
< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\* >
< %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave FlashWritableRoot\#SharedObjects\*. >
< %programFiles%\* >
[2016/09/05 14:05:34 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %programFiles%\*. >
[2017/04/12 14:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2017/04/12 14:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2017/04/12 14:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2017/04/12 14:12:10 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2017/06/13 10:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2016/08/12 15:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\Dashlane
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Support
[2017/03/15 03:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\eM Client
[2017/06/26 14:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2017/04/12 14:12:44 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2017/06/26 14:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Kodi
[2017/06/21 15:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2017/06/26 14:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2017/06/26 14:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2016/07/02 03:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2017/06/28 15:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2017/06/26 14:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2017/04/12 14:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2017/05/17 14:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security
[2017/05/17 13:59:39 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2017/04/12 14:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice 4
[2017/04/12 14:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2017/04/12 14:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2017/04/12 14:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2017/04/12 14:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Stardock
[2017/04/12 14:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2017/04/12 14:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2016/07/02 13:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/11/20 20:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2016/10/13 03:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2017/04/12 14:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/11/20 20:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010/11/20 17:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2017/06/26 14:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
< %programfiles%\Google\Desktop\*. >
< %ProgramFiles%\Common Files\* >
< %ProgramFiles%\Common Files\*. >
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2017/04/20 11:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\AV
[2016/12/18 22:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\McAfee
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\microsoft shared
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\postureAgent
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Services
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\SpeechEngines
[2017/06/26 14:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
Invalid Environment Variable: ProgramFiles(X86)
Invalid Environment Variable: ProgramFiles(X86)
< %Systemroot%\Installer* >
< %Systemroot%\Installer*. >
[2017/06/26 14:32:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
< %Systemroot%\Temp\*.exe /s >
[2017/06/28 14:49:06 | 001,393,496 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_95FA6.tmp\setup.exe
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\*.exe /lockedfiles >
< %systemroot%\system32\*.in* >
[2009/07/14 00:42:29 | 000,000,073 | -HS- | M] () -- C:\Windows\system32\desktop.ini
[2016/06/29 16:51:31 | 000,016,303 | ---- | M] () -- C:\Windows\system32\ieuinit.inf
[2009/07/14 00:42:26 | 000,000,535 | ---- | M] () -- C:\Windows\system32\mapisvc.inf
[2017/06/28 12:57:47 | 000,781,298 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2009/06/10 17:39:59 | 000,060,124 | ---- | M] () -- C:\Windows\system32\tcpmon.ini
< %systemroot%\PSS\* /s >
[2017/02/27 15:05:38 | 000,000,834 | ---- | M] () -- C:\Windows\PSS\Bluetooth.lnk.CommonStartup
< %systemroot%\Tasks\* >
[2017/06/28 12:53:37 | 000,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:53:46 | 000,014,124 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(29).TXT
[2017/06/21 11:12:17 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< %systemroot%\Tasks\*. >
< %systemroot%\system32\Tasks\* >
[2017/05/05 18:26:22 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2017/06/15 13:19:19 | 000,004,312 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player Updater
[2016/07/02 15:47:30 | 000,002,794 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2017/04/27 14:41:46 | 000,003,190 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2017/04/27 14:41:47 | 000,003,318 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2017/06/21 14:27:57 | 000,004,118 | ---- | M] () -- C:\Windows\system32\Tasks\Open URL by RoboForm
[2017/06/21 14:27:56 | 000,003,572 | ---- | M] () -- C:\Windows\system32\Tasks\Run RoboForm TaskBar Icon
< %systemroot%\system32\Tasks\*. >
[2017/06/25 17:11:28 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Games
[2017/06/26 14:32:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\Microsoft
[2017/06/26 14:32:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks\WPD
< %systemroot%\syswow64\Tasks\* >
< %systemroot%\syswow64\Tasks\*. >
< %systemroot%\system32\drivers\*.sy* /lockedfiles >
[14 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
< %systemroot%\system32\config\*.exe /s >
< %Systemroot%\ServiceProfiles\*.exe /s >
< %systemroot%\system32\*.sys >
[2009/07/13 17:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\system32\ANSI.SYS
[2016/11/17 12:27:53 | 000,250,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\clfs.sys
[2009/07/13 17:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\system32\country.sys
[2009/07/13 17:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\system32\HIMEM.SYS
[2009/07/13 17:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\system32\KEY01.SYS
[2009/07/13 17:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\system32\KEYBOARD.SYS
[2009/07/13 17:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\system32\NTDOS.SYS
[2009/07/13 17:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS404.SYS
[2009/07/13 17:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\system32\NTDOS411.SYS
[2009/07/13 17:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\system32\NTDOS412.SYS
[2009/07/13 17:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\system32\NTDOS804.SYS
[2009/07/13 17:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\system32\NTIO.SYS
[2009/07/13 17:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO404.SYS
[2009/07/13 17:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\system32\NTIO411.SYS
[2009/07/13 17:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\system32\NTIO412.SYS
[2009/07/13 17:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\system32\NTIO804.SYS
[2017/05/12 13:44:14 | 002,401,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys
< dir %Homedrive%\* /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 12EF-4412
Directory of C:\
07/14/2009 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [.]
07/14/2009 12:53 AM <JUNCTION> Desktop [.]
07/14/2009 12:53 AM <JUNCTION> Documents [.]
07/14/2009 12:53 AM <JUNCTION> Favorites [.]
07/14/2009 12:53 AM <JUNCTION> Start Menu [.]
07/14/2009 12:53 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\ProgramData\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/14/2009 12:53 AM <JUNCTION> Application Data [.]
07/14/2009 12:53 AM <JUNCTION> Desktop [.]
07/14/2009 12:53 AM <JUNCTION> Documents [.]
07/14/2009 12:53 AM <JUNCTION> Favorites [.]
07/14/2009 12:53 AM <JUNCTION> Start Menu [.]
07/14/2009 12:53 AM <JUNCTION> Templates [.]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [.]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Application Data\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:53 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\hilton
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Roaming]
06/29/2016 04:31 PM <JUNCTION> Cookies [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Cookies]
06/29/2016 04:31 PM <JUNCTION> Local Settings [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> My Documents [C:\Users\hilton\Documents]
06/29/2016 04:31 PM <JUNCTION> NetHood [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/29/2016 04:31 PM <JUNCTION> PrintHood [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/29/2016 04:31 PM <JUNCTION> Recent [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Recent]
06/29/2016 04:31 PM <JUNCTION> SendTo [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\SendTo]
06/29/2016 04:31 PM <JUNCTION> Start Menu [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Start Menu]
06/29/2016 04:31 PM <JUNCTION> Templates [C:\Users\hilton\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [.]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\hilton\AppData\LocalLow
05/21/2017 02:31 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Documents
06/29/2016 04:31 PM <JUNCTION> My Music [C:\Users\hilton\Music]
06/29/2016 04:31 PM <JUNCTION> My Pictures [C:\Users\hilton\Pictures]
06/29/2016 04:31 PM <JUNCTION> My Videos [C:\Users\hilton\Videos]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [C:\Users\hilton\AppData\Local]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [C:\Users\hilton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\hilton\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
06/29/2016 04:31 PM <JUNCTION> Application Data [.]
06/29/2016 04:31 PM <JUNCTION> History [C:\Users\hilton\AppData\Local\Microsoft\Windows\History]
06/29/2016 04:31 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\hilton\My Documents
06/29/2016 04:31 PM <JUNCTION> My Music [C:\Users\hilton\Music]
06/29/2016 04:31 PM <JUNCTION> My Pictures [C:\Users\hilton\Pictures]
06/29/2016 04:31 PM <JUNCTION> My Videos [C:\Users\hilton\Videos]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Roaming]
07/02/2016 03:44 PM <JUNCTION> Cookies [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Cookies]
07/02/2016 03:44 PM <JUNCTION> Local Settings [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> My Documents [C:\Users\PCPitstopSVC\Documents]
07/02/2016 03:44 PM <JUNCTION> NetHood [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/02/2016 03:44 PM <JUNCTION> PrintHood [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/02/2016 03:44 PM <JUNCTION> Recent [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Recent]
07/02/2016 03:44 PM <JUNCTION> SendTo [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\SendTo]
07/02/2016 03:44 PM <JUNCTION> Start Menu [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu]
07/02/2016 03:44 PM <JUNCTION> Templates [C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [.]
07/02/2016 03:44 PM <JUNCTION> History [.]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Documents
07/02/2016 03:44 PM <JUNCTION> My Music [C:\Users\PCPitstopSVC\Music]
07/02/2016 03:44 PM <JUNCTION> My Pictures [C:\Users\PCPitstopSVC\Pictures]
07/02/2016 03:44 PM <JUNCTION> My Videos [C:\Users\PCPitstopSVC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [C:\Users\PCPitstopSVC\AppData\Local]
07/02/2016 03:44 PM <JUNCTION> History [C:\Users\PCPitstopSVC\AppData\Local\Microsoft\Windows\History]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
07/02/2016 03:44 PM <JUNCTION> Application Data [.]
07/02/2016 03:44 PM <JUNCTION> History [.]
07/02/2016 03:44 PM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Users\PCPitstopSVC\My Documents
07/02/2016 03:44 PM <JUNCTION> My Music [C:\Users\PCPitstopSVC\Music]
07/02/2016 03:44 PM <JUNCTION> My Pictures [C:\Users\PCPitstopSVC\Pictures]
07/02/2016 03:44 PM <JUNCTION> My Videos [C:\Users\PCPitstopSVC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
487 Dir(s) 1,951,056,351,232 bytes free
< MD5 for: AFD.SYS >
[2010/11/20 17:29:19 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2015/10/13 20:41:27 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=3EA58284BD7B72F78D505E82366F7E0C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_da667526d5da9ab2\afd.sys
[2016/06/29 16:50:30 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=66DD39CA12BAEB8D32111581769D9117 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_da50efe2d5eab341\afd.sys
[2015/10/13 12:31:53 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=93B49FA857F7036A4EFF32371F6E7391 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.19031_none_d9d6d4b9bcc265b7\afd.sys
[2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F582FC7976F1248AC5FBD6875C626B41 -- C:\Windows\System32\drivers\afd.sys
[2017/04/04 10:52:22 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F582FC7976F1248AC5FBD6875C626B41 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23761_none_da400d24d5f8483e\afd.sys
[2016/06/29 16:50:30 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=F81BB7E487EDCEAB630A7EE66CF23913 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_d9b98067bcd7e63c\afd.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\internal_ide_channel\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\pci\cc_0101\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: CDROM.SYS >
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\gencdrom\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 17:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 17:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\explorer.exe
[2016/08/29 10:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: I8042PRT.SYS >
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys
[2009/07/13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys
< MD5 for: NDIS.SYS >
[2012/08/22 13:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
[2015/10/12 18:32:56 | 000,713,152 | ---- | M] (Microsoft Corporation) MD5=43C1C599FF590C875764CB6254A506B6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_aa435dc7937e55cc\ndis.sys
[2012/08/22 13:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
[2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\System32\drivers\ndis.sys
[2015/10/13 00:50:31 | 000,712,640 | ---- | M] (Microsoft Corporation) MD5=9804FB2E46077F2977552347DFCA7E05 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_a9b4bda47a653a28\ndis.sys
[2010/11/20 17:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
< MD5 for: NETBT.SYS >
[2010/11/20 17:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=A00996C9BFEF29A93B9F21DBE1DC502D -- C:\Windows\System32\drivers\netbt.sys
[2016/05/11 10:52:27 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=A00996C9BFEF29A93B9F21DBE1DC502D -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.23451_none_62c75d2e6ec73ced\netbt.sys
< MD5 for: TDX.SYS >
[2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=01743A8A62F2C0488F9C4F6D25C21B2C -- C:\Windows\System32\drivers\tdx.sys
[2017/05/10 10:47:49 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=01743A8A62F2C0488F9C4F6D25C21B2C -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23806_none_ecdb75be536ba5d9\tdx.sys
[2017/04/04 10:52:12 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=0D4CE846B6461A89CF246636E6098323 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23761_none_ec9592de53a0d1a5\tdx.sys
[2015/10/13 20:41:04 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=0E5C6676F9ABDB1C54C461EA5BA8175B -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23237_none_ecbbfae053832419\tdx.sys
[2010/11/20 17:29:07 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2015/10/13 12:31:24 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=BB8817D0508DD5EA69C770C8DEF5AB67 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.19031_none_ec2c5a733a6aef1e\tdx.sys
< MD5 for: VOLSNAP.SYS >
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160801T180925859811\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160817T192426104112\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160831T181043454415\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\AdwCleaner\quarantine\files\gbqmmquenhyrcdfsncyiuzwbmxwslgsb\DriverUpdate\Backups\20160926T121156009\storage\volume\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 17:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2014/07/15 22:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014/07/16 21:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010/11/20 17:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014/03/04 05:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2016/07/27 18:38:59 | 000,074,240 | ---- | M] () MD5=A6C645EF2F30ABF61FCDBE5E76999730 -- C:\QuickDiag\MBR\Winlogon.exe
[2014/03/04 06:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< End of report >
hello
uninstall this , it's useless :
Google Toolbar for Internet Explorer
==
you'd better use firefox than Google Chrome for these reasons :
https://translate.googleusercontent...e.html&usg=ALkJrhgEXWcOHWyG-4Z-qSiq4w2bXUiZbw
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=http://www.revoltenumerique.herbesfolles.org/2014/04/23/pourquoi-vous-ne-devriez-pas-utiliser-google-chrome/&edit-text=
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=http://www.zebulon.fr/actualites/16099-google-permet-a-doubleclick-d-acceder-aux-informations-personnelles-des-utilisateurs.html&edit-text=
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=https://www.developpez.com/actu/106316/Mozilla-et-Google-retirent-l-extension-WOT-de-leurs-stores-apres-un-scandale-de-collecte-et-vente-des-donnees-personnelles-de-ses-utilisateurs/&edit-text=
==
firefox is not up to date , we're now at the version 54
==
copy the text which is between the red lines and paste it In the lower part of OTL and click "Run Fix"
===========================================
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeplk.sys -- (mfeplk)
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Powered"
FF - user.js - File not found
:Reg
[-HKEY_CURRENT_USER\Software\Chromium]
[-HKEY_CURRENT_USER\Software\jtosjykc]
[-HKEY_CURRENT_USER\Software\ovbrx]
[-HKEY_CURRENT_USER\Software\DriverSupport]
[-HKEY_LOCAL_MACHINE\Software\DriverSupport]
:files
C:\95fcae343f4f0cedab9b17240bf8
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\Driver Support
C:\Users\hilton\AppData\Local\76f7c66
C:\Users\hilton\AppData\Local\McAfee File Lock
C:\Users\hilton\AppData\Roaming\McAfee
C:\Program Files\Driver Support
C:\Program Files\McAfee
C:\Program Files\Norton Security
C:\Program Files\NortonInstaller
C:\Windows\Temp\*
C:\Users\hilton\AppData\Roaming\TotalAV
C:\Users\hilton\Desktop\Login - Login - TotalAV.website
C:\Users\hilton\Documents\TotalAV
C:\Program Files\Common Files\McAfee
:commands
[emptytemp]
===============================================
then after , paste the content of the report C:\_OTL\Moved Files\date_Hour.log
uninstall this , it's useless :
Google Toolbar for Internet Explorer
==
you'd better use firefox than Google Chrome for these reasons :
https://translate.googleusercontent...e.html&usg=ALkJrhgEXWcOHWyG-4Z-qSiq4w2bXUiZbw
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=http://www.revoltenumerique.herbesfolles.org/2014/04/23/pourquoi-vous-ne-devriez-pas-utiliser-google-chrome/&edit-text=
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=http://www.zebulon.fr/actualites/16099-google-permet-a-doubleclick-d-acceder-aux-informations-personnelles-des-utilisateurs.html&edit-text=
https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=fr&ie=UTF-8&u=https://www.developpez.com/actu/106316/Mozilla-et-Google-retirent-l-extension-WOT-de-leurs-stores-apres-un-scandale-de-collecte-et-vente-des-donnees-personnelles-de-ses-utilisateurs/&edit-text=
==
firefox is not up to date , we're now at the version 54
==
copy the text which is between the red lines and paste it In the lower part of OTL and click "Run Fix"
===========================================
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeplk.sys -- (mfeplk)
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Powered"
FF - user.js - File not found
:Reg
[-HKEY_CURRENT_USER\Software\Chromium]
[-HKEY_CURRENT_USER\Software\jtosjykc]
[-HKEY_CURRENT_USER\Software\ovbrx]
[-HKEY_CURRENT_USER\Software\DriverSupport]
[-HKEY_LOCAL_MACHINE\Software\DriverSupport]
:files
C:\95fcae343f4f0cedab9b17240bf8
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\Driver Support
C:\Users\hilton\AppData\Local\76f7c66
C:\Users\hilton\AppData\Local\McAfee File Lock
C:\Users\hilton\AppData\Roaming\McAfee
C:\Program Files\Driver Support
C:\Program Files\McAfee
C:\Program Files\Norton Security
C:\Program Files\NortonInstaller
C:\Windows\Temp\*
C:\Users\hilton\AppData\Roaming\TotalAV
C:\Users\hilton\Desktop\Login - Login - TotalAV.website
C:\Users\hilton\Documents\TotalAV
C:\Program Files\Common Files\McAfee
:commands
[emptytemp]
===============================================
then after , paste the content of the report C:\_OTL\Moved Files\date_Hour.log
ok ..got rid of toolbar and made foxfire my default..cut off all FW/Vinous stuff and ran OTL..the reports went into notepad and don't see the url you gave me any where so hope this works
At sort of at an empass here..due to my health problems i am unable to get to computer....hopefully it5 will only be a short time....so will holler at you when ii get back on it..
Thanks for the help and patience..
Hefs
Well,good news for you..my sister and niece are buying me a new lap top..it is too much trouble to get to this one and it is 9 yrs old and time to retire it..
My only problem is I don't want to transfer the problems from this one to the new ones...you have any ideas or is there a board on here that can help me..
I really appreciate all of your patience and help and sorry for beaing a PIA..My old 75 yr old brain just jumps time too much..
Thanks again,
Hefs
Please start a new thread in the windows area for your file transfer. You should however complete this thread to ensure there is no malware transfer to your new machine.
ok..please end this thread..will have new computer in a day or two..thanks for every thing...
hefs
hefs
- Status