Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

After wipe and reinstall still having problems Open Candy and possible

Started by stormrider22 , Oct 02 2015 07:23 PM

  • This topic is locked This topic is locked

#1
stormrider22
Posted 02 October 2015 - 07:23 PM

stormrider22

    Member

  • Member
  • PipPip
  • 26 posts

I was visiting my mom in California over the Labor Day weekend when my laptop's hard drive crashed. I use this for my business and needed to get up and running fast. Since I wasn't at home I didn't have access to most of my computer stuff. Finding anything open over the holiday weekend was next to impossible but I managed to find a local computer repair shop with good reviews online. He replaced the hard drive and managed to rescue the latest work I had done and hadn't had a chance to back up. The rest I restored from backups. The problem was I had also just upgraded to Windows 10 so there were some issues with the Nvidia drivers at the time. I ended up doing a clean install over what the computer guy did. But the problems continued and grew worse. I started searching for malware and found one of the programs the computer guy installed had Open Candy. I got rid of that or so I thought. My laptop is slowing down, locking, up, and just being a butt. I just did yet another "clean" install (my fifth I believe? I lost count) yesterday and this morning I couldn't even check my email without locking up. I did a system restore, wiping out the programs but saving my files this morn. But my Firewall is wide open. I love the rule. "Allow any connection from any port to any remote port by any program." So I started digging a little deeper and even though I reformatted and did supposed clean installs, I'm finding everything comes back to the programs the computer guy installed. I'm starting to wonder if he left a back door open or something. Anyway, if y'all need specifics, let me know. I have a bunch of logs because one of my concerns is that there's a bad security certificate now. I have one that's expired but it's still labeled as trusted and there are flags on a few specifics of the certificate code. Having a bad cert means a lot of virus software would fall into the trap and say everything is just fine when it isn't. Okay, enough of that here are the specifics.

 

My laptop is an Asus ROG G750JX running Windows 10 Pro. The main HD which the computer guy replaced is 750gb but I also have a secondary drive which is a 1TB and it has a mystery partition I haven't been able to figure out. It's a 64bit system and Windows recognizes that on the system info screen but a majority of the software I run will only install and run as 32bit. I do a lot of intensive work in DAZ3D and Photoshop along with Adobe InDesign, so when these programs aren't running in 64bit, I notice it. I just upgraded the ram from 16gb to 32gb, and with the clean installs, this baby should be running lean and mean - she's not. For the 64bit issue I called Microsoft Tech support and they used Log Me In and couldn't figure out the problem. The programming guys are supposed to call me back next week. Yeah, watch me hold my breath on that one. I'd have better odds expecting a call from Bill Gates himself.

 

Here's the info from FARBAR:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by kathr (administrator) on KATHRYNLAPTOP (02-10-2015 19:18:17)
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\MotionDetection.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-10-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1855672 2015-07-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [Google Update] => C:\Users\kathr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-02] (Google Inc.)
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10485248 2015-09-29] (SecureMix LLC)
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-09-21] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-10-02]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-10-02]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19d2050b-3eb4-4079-8edf-fcea30acdb4b}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4055827758-3256202687-3425098328-1001: @tools.google.com/Google Update;version=3 -> C:\Users\kathr\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-4055827758-3256202687-3425098328-1001: @tools.google.com/Google Update;version=9 -> C:\Users\kathr\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-10-02]
 
Chrome:
=======
CHR Profile: C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
CHR Extension: (Gmail) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
Opera:
=======
OPR Extension: (LastPass) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-10-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8825344 2015-09-29] (SecureMix LLC)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-21] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-01] (Intel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [191624 2015-09-21] (Sandboxie Holdings, LLC)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-02 19:18 - 2015-10-02 19:18 - 00013284 _____ C:\Users\kathr\Desktop\FRST.txt
2015-10-02 19:13 - 2015-10-02 19:13 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-02 19:12 - 2015-10-02 19:12 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-10-02 19:12 - 2015-10-02 19:12 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-10-02 19:12 - 2015-10-02 19:12 - 00002091 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-10-02 19:04 - 2015-10-02 19:04 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-10-02 18:57 - 2015-10-02 18:57 - 00076330 _____ C:\Users\kathr\Desktop\PFx REFLECTIONS.atn
2015-10-02 18:56 - 2015-10-02 19:06 - 00001472 _____ C:\WINDOWS\Sandboxie.ini
2015-10-02 18:56 - 2015-10-02 18:55 - 00000937 _____ C:\Users\kathr\Desktop\Sandboxed Web Browser.lnk
2015-10-02 18:55 - 2015-10-02 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-10-02 18:55 - 2015-10-02 18:55 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-02 18:54 - 2015-10-02 18:55 - 08518280 _____ (Sandboxie Holdings, LLC) C:\Users\kathr\Downloads\SandboxieInstall.exe
2015-10-02 18:52 - 2015-10-02 19:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-02 18:51 - 2015-10-02 18:51 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-10-02 18:49 - 2015-10-02 19:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-02 18:49 - 2015-10-02 19:01 - 00000000 ____D C:\Program Files\Adobe
2015-10-02 18:49 - 2015-10-02 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Scrivener
2015-10-02 18:36 - 2015-10-02 18:37 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files
2015-10-02 18:36 - 2015-10-02 18:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-02 18:35 - 2015-10-02 19:11 - 00000000 ____D C:\ProgramData\Adobe
2015-10-02 18:35 - 2015-10-02 18:35 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-02 18:35 - 2015-10-02 18:35 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-02 18:35 - 2015-10-02 18:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 18:34 - 2015-10-02 19:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 18:32 - 2015-10-02 18:32 - 00001704 _____ C:\Users\Public\Desktop\Scrivener.lnk
2015-10-02 18:32 - 2015-10-02 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-10-02 18:31 - 2015-10-02 18:32 - 00000000 ____D C:\Program Files (x86)\Scrivener
2015-10-02 18:29 - 2015-10-02 18:29 - 00000000 ____D C:\ProgramData\DAZ 3D
2015-10-02 18:28 - 2015-10-02 18:29 - 00001176 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit).lnk
2015-10-02 18:28 - 2015-10-02 18:28 - 00000000 ____D C:\Program Files\DAZ 3D
2015-10-02 18:00 - 2015-10-02 18:00 - 00000000 ____D C:\Users\kathr\AppData\Local\Logitech® Webcam Software
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Leadertech
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\LogiShrd
2015-10-02 17:57 - 2015-10-02 17:58 - 00003850 _____ C:\WINDOWS\LDPINST.LOG
2015-10-02 17:57 - 2015-10-02 17:58 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-10-02 17:57 - 2015-10-02 17:57 - 00001713 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-10-02 17:57 - 2015-10-02 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-10-02 17:55 - 2015-10-02 17:56 - 74520472 _____ (Logitech, Inc.) C:\Users\kathr\Downloads\lws280.exe
2015-10-02 17:49 - 2015-10-02 17:58 - 00007384 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-02 17:49 - 2015-10-02 17:58 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-02 17:43 - 2015-10-02 17:43 - 00000000 ____D C:\Users\kathr\Desktop\Heart's Ransom cover
2015-10-02 17:42 - 2015-10-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-10-02 17:40 - 2015-10-02 17:40 - 00001226 _____ C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
2015-10-02 17:40 - 2015-10-02 17:40 - 00001156 _____ C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\WINDOWS\WICCodecs
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\FastPictureViewer
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\Program Files\FastPictureViewer
2015-10-02 17:38 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\3d n Art
2015-10-02 17:37 - 2015-10-02 18:32 - 00000000 ____D C:\Users\kathr\Desktop\computer
2015-10-02 17:33 - 2015-10-02 17:33 - 02192384 _____ (Farbar) C:\Users\kathr\Desktop\FRST64.exe
2015-10-02 17:24 - 2015-10-02 17:24 - 01872472 _____ C:\Users\kathr\Desktop\SmitfraudFix.exe
2015-10-02 17:20 - 2015-10-02 17:20 - 00872029 _____ C:\Users\kathr\Desktop\HxDSetupEN.zip
2015-10-02 17:19 - 2015-10-02 17:19 - 02023693 _____ C:\Users\kathr\Desktop\tweaking.com_registry_backup_portable.zip
2015-10-02 17:18 - 2015-10-02 17:18 - 18801736 _____ C:\Users\kathr\Desktop\RogueKiller.exe
2015-10-02 17:16 - 2015-10-02 17:16 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\kathr\Desktop\autoruns.exe
2015-10-02 17:02 - 2015-10-02 17:02 - 00002148 _____ C:\Users\kathr\Desktop\VirusTotal Uploader 2.2.lnk
2015-10-02 17:02 - 2015-10-02 17:02 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-10-02 17:02 - 2015-10-02 17:02 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2015-10-02 16:56 - 2015-10-02 16:56 - 00142744 _____ C:\Users\kathr\Downloads\vtuploader2.2.exe
2015-10-02 16:33 - 2015-10-02 16:33 - 00003740 _____ C:\WINDOWS\System32\Tasks\herdProtectScan
2015-10-02 16:15 - 2015-10-02 16:15 - 00002086 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-10-02 16:15 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-10-02 16:14 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_3264_29.exe
2015-10-02 16:13 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_5964_b8.exe
2015-10-02 16:06 - 2015-10-02 16:06 - 00000000 ____D C:\Users\kathr\AppData\Local\PeerDistRepub
2015-10-02 16:04 - 2015-10-02 16:04 - 03861568 _____ (Reason Software Company Inc.) C:\Users\kathr\Documents\reason-core-security-setup.exe
2015-10-02 16:04 - 2015-10-02 16:04 - 03861568 _____ (Reason Software Company Inc.) C:\Users\kathr\Documents\reason-core-security-setup (1).exe
2015-10-02 16:02 - 2015-10-02 16:02 - 02873112 _____ (Reason Company Software Inc.) C:\Users\kathr\Documents\herdProtectScan_Setup.exe
2015-10-02 16:02 - 2015-10-02 16:02 - 00001162 _____ C:\Users\Public\Desktop\herdProtect.lnk
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\Program Files\Reason
2015-10-02 15:50 - 2015-10-02 15:50 - 21854008 _____ (SecureMix LLC) C:\Users\kathr\Downloads\GlassWireSetup.exe
2015-10-02 15:50 - 2015-10-02 15:50 - 00001974 _____ C:\Users\kathr\Desktop\GlassWire.lnk
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Local\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\ProgramData\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Program Files (x86)\GlassWire
2015-10-02 15:50 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2015-10-02 15:50 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2015-10-02 15:37 - 2015-10-02 15:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-02 15:37 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-02 15:36 - 2015-10-02 15:36 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-10-02 15:36 - 2015-10-02 15:36 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-10-02 15:36 - 2015-10-02 15:36 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-10-02 15:36 - 2015-10-02 15:36 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-10-02 15:36 - 2015-10-02 15:36 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-10-02 15:36 - 2015-10-02 15:36 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-10-02 15:36 - 2015-10-02 15:36 - 00000000 ____D C:\Program Files\Elantech
2015-10-02 15:29 - 2015-10-02 15:29 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 15:13 - 2015-10-02 15:13 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Macromedia
2015-10-02 15:03 - 2015-10-02 15:03 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathr_HistoryPrediction.bin
2015-10-02 15:01 - 2015-10-02 15:02 - 00324544 _____ C:\WINDOWS\Minidump\100215-39906-01.dmp
2015-10-02 15:01 - 2015-10-02 15:01 - 656602759 _____ C:\WINDOWS\MEMORY.DMP
2015-10-02 15:01 - 2015-10-02 15:01 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-02 14:47 - 2015-10-02 14:47 - 00000000 ___HD C:\VTRoot
2015-10-02 13:20 - 2015-10-02 13:20 - 00069632 _____ C:\Users\kathr\Documents\acctchg.evtx
2015-10-02 12:48 - 2015-10-02 12:48 - 00000000 ____D C:\Windows.old
2015-10-02 12:48 - 2015-10-02 10:02 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-02 12:45 - 2015-10-02 12:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-02 12:44 - 2015-10-02 12:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-02 12:43 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Setup
2015-10-02 12:41 - 2015-10-02 12:41 - 00000000 ____D C:\WINDOWS\OCR
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-02 12:38 - 2015-09-15 11:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38 - 2015-09-15 11:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 12:37 - 2015-10-02 09:57 - 00001189 _____ C:\WINDOWS\DtcInstall.log
2015-10-02 12:36 - 2015-10-02 19:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 12:36 - 2015-10-02 18:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-02 12:36 - 2015-10-02 17:58 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 12:36 - 2015-10-02 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\tracing
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\System
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SKB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\security
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Resources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\PLA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Performance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Branding
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\addins
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Comms
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-02 12:36 - 2015-10-02 12:34 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-02 12:36 - 2015-10-02 12:34 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-02 12:36 - 2015-10-02 12:34 - 00000219 _____ C:\WINDOWS\system.ini
2015-10-02 12:36 - 2015-10-02 12:34 - 00000092 _____ C:\WINDOWS\win.ini
2015-10-02 12:36 - 2015-10-02 11:06 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-02 12:36 - 2015-10-02 10:38 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-02 12:36 - 2015-10-02 10:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-02 12:36 - 2015-10-02 09:59 - 00000000 ____D C:\WINDOWS\CSC
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-02 12:36 - 2015-10-02 09:54 - 00000000 ____D C:\WINDOWS\Help
2015-10-02 12:28 - 2015-10-02 15:38 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 12:25 - 2015-10-02 17:42 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-10-02 12:24 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\servicing
2015-10-02 12:24 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-02 12:24 - 2015-10-02 10:26 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 12:24 - 2015-10-02 10:02 - 00000000 __RHD C:\Users\Default
2015-10-02 12:24 - 2015-10-02 09:53 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-02 12:24 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-02 12:23 - 2015-10-02 12:44 - 00000000 ___HD C:\$Windows.~BT
2015-10-02 12:23 - 2015-10-02 12:23 - 00000000 ___HD C:\$SysReset
2015-10-02 11:32 - 2015-10-02 13:50 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Comodo
2015-10-02 11:27 - 2015-10-02 11:27 - 00000000 ___HD C:\OneDriveTemp
2015-10-02 11:10 - 2015-10-02 11:10 - 11992318 _____ C:\Users\kathr\Desktop\OBS_0_655b.zip
2015-10-02 11:09 - 2015-10-02 11:09 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-02 11:07 - 2015-10-02 19:13 - 00000000 ____D C:\Users\kathr\AppData\Local\Adobe
2015-10-02 11:07 - 2015-10-02 11:07 - 00686768 _____ (Adobe Systems Incorporated) C:\Users\kathr\Downloads\CreativeCloudSet-Up (1).exe
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files\COMODO
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-10-02 11:04 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-10-02 11:04 - 2015-10-02 11:04 - 00000000 ____D C:\Users\kathr\AppData\Local\Comodo
2015-10-02 11:03 - 2015-10-02 17:57 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-10-02 11:02 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\Comodo
2015-10-02 11:01 - 2015-10-02 11:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-02 11:01 - 2015-10-02 11:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-02 11:00 - 2015-10-02 11:00 - 11278928 _____ (COMODO) C:\Users\kathr\Desktop\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7.exe
2015-10-02 10:59 - 2015-10-02 11:02 - 225688136 _____ (COMODO) C:\Users\kathr\Downloads\cispro_30day_installer_1157_1a.exe
2015-10-02 10:59 - 2015-10-02 11:00 - 225688096 _____ (COMODO) C:\Users\kathr\Downloads\cmd_fw_installer_6106_c6.exe
2015-10-02 10:58 - 2015-10-02 17:42 - 01079856 _____ (Igor Pavlov) C:\Users\kathr\Desktop\7z1507.exe
2015-10-02 10:53 - 2015-10-02 10:53 - 00000000 ____D C:\Users\kathr\AppData\Roaming\DAZ 3D
2015-10-02 10:52 - 2015-10-02 18:28 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-10-02 10:52 - 2015-10-02 10:52 - 30151896 _____ (DAZ 3D) C:\Users\kathr\Downloads\DAZ3DIM_1.1.0.41_Win32 (1).exe
2015-10-02 10:52 - 2015-10-02 10:52 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2015-10-02 10:48 - 2015-10-02 17:57 - 00000000 ____D C:\Users\kathr\AppData\Roaming\vlc
2015-10-02 10:48 - 2015-10-02 10:48 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-02 10:44 - 2015-10-02 10:45 - 28849904 _____ C:\Users\kathr\Downloads\vlc-2.2.1-win32.exe
2015-10-02 10:38 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-02 10:34 - 2015-10-02 18:39 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001UA.job
2015-10-02 10:34 - 2015-10-02 11:04 - 00001199 _____ C:\Users\kathr\Desktop\Internet (Chromodo).lnk
2015-10-02 10:34 - 2015-10-02 10:39 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001Core.job
2015-10-02 10:34 - 2015-10-02 10:34 - 00004054 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001UA
2015-10-02 10:34 - 2015-10-02 10:34 - 00003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1443800042
2015-10-02 10:34 - 2015-10-02 10:34 - 00003678 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001Core
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\Users\Public\Desktop\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Opera Software
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Local\Opera Software
2015-10-02 10:33 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Local\Google
2015-10-02 10:33 - 2015-10-02 10:34 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 10:33 - 2015-10-02 10:33 - 00724456 _____ (Opera Software) C:\Users\kathr\Downloads\Opera_NI_stable.exe
2015-10-02 10:32 - 2015-10-02 10:33 - 00929872 _____ (Google Inc.) C:\Users\kathr\Downloads\ChromeSetup (1).exe
2015-10-02 10:25 - 2015-10-01 00:15 - 02544872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-10-02 10:21 - 2015-10-02 10:32 - 00000000 ____D C:\Users\kathr\AppData\Local\MicrosoftEdge
2015-10-02 10:16 - 2015-10-02 10:16 - 00002338 _____ C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-02 10:08 - 2015-10-02 10:08 - 00014044 _____ C:\Users\kathr\Desktop\Removed Apps.html
2015-10-02 10:08 - 2015-10-02 10:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 10:07 - 2015-10-02 10:07 - 00000000 ____D C:\Users\kathr\AppData\Local\Comms
2015-10-02 10:06 - 2015-10-02 19:01 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Adobe
2015-10-02 10:06 - 2015-10-02 10:33 - 00000000 ____D C:\Users\kathr\AppData\Local\Packages
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\VirtualStore
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\TileDataLayer
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\Publishers
2015-10-02 10:05 - 2015-10-02 18:00 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 10:05 - 2015-10-02 10:05 - 00000020 ___SH C:\Users\kathr\ntuser.ini
2015-10-02 10:02 - 2015-10-02 10:02 - 00000000 __SHD C:\Recovery
2015-10-02 10:00 - 2015-10-02 18:36 - 00000000 ____D C:\Users\kathr
2015-10-02 10:00 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 10:00 - 2015-10-02 10:06 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 09:54 - 2015-10-02 16:56 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 09:54 - 2015-07-13 12:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-02 09:54 - 2015-07-13 12:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-02 09:54 - 2015-07-13 11:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-02 09:53 - 2015-10-02 09:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-02 09:53 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOShared
2015-10-02 09:53 - 2015-07-10 00:37 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-02 09:51 - 2015-10-02 17:58 - 00004446 _____ C:\WINDOWS\setupact.log
2015-10-02 09:51 - 2015-10-02 09:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-02 09:50 - 2015-10-02 15:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 09:49 - 2015-10-02 09:59 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-02 01:41 - 2015-10-02 01:41 - 00000000 ____D C:\Users\kathr\Documents\Bills
2015-10-02 01:34 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\unzipped
2015-10-02 00:42 - 2015-09-17 22:57 - 138614960 _____ C:\Users\kathr\Desktop\Contemporary.7z
2015-10-02 00:39 - 2015-09-17 22:58 - 140702508 _____ C:\Users\kathr\Desktop\Barbarian.7z
2015-10-02 00:39 - 2015-09-17 22:52 - 661759905 _____ C:\Users\kathr\Desktop\Box Set Legacy.7z
2015-10-02 00:39 - 2015-07-15 04:45 - 1636930063 _____ C:\Users\kathr\Desktop\Caitlyn and Revian.7z
2015-10-02 00:38 - 2015-09-17 22:56 - 00634518 _____ C:\Users\kathr\Desktop\Star Song.7z
2015-10-02 00:38 - 2015-09-17 22:41 - 111781367 _____ C:\Users\kathr\Desktop\Heart's Ransom.7z
2015-10-02 00:36 - 2015-09-17 23:07 - 2851067503 _____ C:\Users\kathr\Desktop\Heart's Ransom cover.7z
2015-10-02 00:36 - 2015-09-17 22:56 - 00081827 _____ C:\Users\kathr\Desktop\dragoninksketch.7z
2015-10-02 00:36 - 2015-09-17 22:55 - 62534172 _____ C:\Users\kathr\Desktop\Demon Heir.7z
2015-10-02 00:36 - 2015-09-17 22:54 - 02936301 _____ C:\Users\kathr\Desktop\coverformat settings.7z
2015-10-02 00:36 - 2015-09-17 22:46 - 118194152 _____ C:\Users\kathr\Desktop\Demon Seed.7z
2015-10-01 11:56 - 2015-10-01 11:56 - 01592640 _____ (LogMeIn, Inc.) C:\Users\kathr\Downloads\Support-LogMeInRescue.exe
2015-10-01 10:05 - 2015-10-01 13:41 - 00000000 ____D C:\Users\kathr\Documents\DAZ 3D
2015-10-01 09:58 - 2015-10-01 10:40 - 00000000 ____D C:\Users\kathr\Documents\Outlook Files
2015-10-01 02:37 - 2015-10-01 23:35 - 00000000 ____D C:\Users\Public\Documents\My DAZ 3D Library
2015-10-01 02:12 - 2015-10-01 02:12 - 00000000 ____D C:\Users\Public\Documents\DAZ 3D
2015-10-01 02:11 - 2015-10-02 18:25 - 00002114 _____ C:\Users\kathr\Desktop\DAZ Install Manager.lnk
2015-10-01 02:09 - 2015-10-01 02:48 - 02875456 _____ (Microsoft Corporation) C:\Users\kathr\Desktop\Setup.X86.en-US_O365HomePremRetail_fce58278-39ee-4cee-bbf1-e65d341595be_TX_PR_.exe
2015-10-01 02:03 - 2015-10-02 18:51 - 00000000 ____D C:\Users\kathr\Documents\Adobe
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\d956d726f5b732d32501
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\c9112f9ef026831bf709
2015-10-01 01:46 - 2015-10-02 18:36 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (1)
2015-10-01 01:39 - 2015-10-01 01:39 - 00686768 _____ (Adobe Systems Incorporated) C:\Users\kathr\Desktop\CreativeCloudSet-Up.exe
2015-10-01 01:05 - 2015-10-01 01:06 - 16790552 _____ (LastPass) C:\Users\kathr\Desktop\lastpass_x64.exe
2015-10-01 01:05 - 2015-10-01 01:05 - 00929872 _____ (Google Inc.) C:\Users\kathr\Downloads\ChromeSetup.exe
2015-10-01 00:38 - 2015-10-01 00:38 - 00832016 _____ (Webroot) C:\Users\kathr\Downloads\wsainstall.exe
2015-10-01 00:20 - 2015-10-02 15:15 - 00000000 ___RD C:\Users\kathr\OneDrive
2015-10-01 00:17 - 2015-10-01 00:17 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-10-01 00:15 - 2015-10-01 00:15 - 00447576 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 30518928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 22972560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16159608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16009800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 15892904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 14510584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 13274560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 12972336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11842680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11139216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 03344672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02955832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02360976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02163856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01061192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01052488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00452240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00384464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00374416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00340624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00314936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00031976 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-30 23:26 - 2015-09-30 23:26 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00019976 _____ (ASUS) C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys
2015-09-30 23:01 - 2015-09-30 23:01 - 00000000 ___HD C:\$Windows.~WS
2015-09-30 21:54 - 2015-09-30 23:13 - 00000000 ____D C:\ESD
2015-09-30 21:45 - 2015-10-02 19:18 - 00000000 ____D C:\FRST
2015-09-30 21:24 - 2015-09-30 22:08 - 00000000 ____D C:\SUPERDelete
2015-09-17 23:23 - 2015-09-04 05:19 - 809386882 _____ C:\Users\kathr\Desktop\Render Library.7z
2015-09-10 00:08 - 2015-09-10 00:08 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-10 00:08 - 2015-09-10 00:08 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-10 00:08 - 2015-09-10 00:08 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 00:20 - 2015-07-09 22:36 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:36 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2015-09-10 00:20 - 2015-07-09 22:34 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2015-09-10 00:20 - 2015-07-09 22:32 - 02533888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysis.dll
2015-09-10 00:20 - 2015-07-09 22:31 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:28 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2015-09-10 00:20 - 2015-07-09 22:26 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SNTSearch.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00274224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-09-10 00:20 - 2015-07-09 22:24 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2015-09-10 00:20 - 2015-07-09 22:23 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2015-09-10 00:20 - 2015-07-09 22:22 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2015-09-10 00:20 - 2015-07-09 22:21 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2015-09-10 00:20 - 2015-07-09 22:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:17 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-09-10 00:20 - 2015-07-09 22:06 - 00147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2015-09-10 00:20 - 2015-07-09 22:06 - 00043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2015-09-10 00:20 - 2015-07-09 21:33 - 00147439 _____ C:\WINDOWS\system32\gpedit.msc
2015-09-10 00:20 - 2015-07-09 21:33 - 00043566 _____ C:\WINDOWS\system32\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:30 - 00120458 _____ C:\WINDOWS\system32\secpol.msc
2015-09-10 00:20 - 2015-07-09 21:19 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2015-09-10 00:19 - 2015-07-09 22:29 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2015-09-10 00:19 - 2015-07-09 22:27 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:26 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2015-09-10 00:19 - 2015-07-09 22:24 - 01977856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2015-09-10 00:19 - 2015-07-09 22:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2015-09-10 00:19 - 2015-07-09 22:23 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 03603968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysis.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2015-09-10 00:19 - 2015-07-09 22:21 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2015-09-10 00:19 - 2015-07-09 22:18 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2015-09-10 00:19 - 2015-07-09 22:17 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DFDWiz.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00052576 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00041312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2015-09-10 00:19 - 2015-07-09 22:13 - 00147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2015-09-10 00:19 - 2015-07-09 21:28 - 00146389 _____ C:\WINDOWS\system32\printmanagement.msc
2015-09-10 00:08 - 2015-07-09 22:38 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:28 - 06358016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:21 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-02 09:49
 
==================== End of FRST.txt ============================
 
 
And ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by kathr (2015-10-02 19:18:52)
Running from C:\Users\kathr\Desktop
Windows 10 Pro (X64) (2015-10-02 15:02:37)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-4055827758-3256202687-3425098328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4055827758-3256202687-3425098328-503 - Limited - Disabled)
Guest (S-1-5-21-4055827758-3256202687-3425098328-501 - Limited - Disabled)
kathr (S-1-5-21-4055827758-3256202687-3425098328-1001 - Administrator - Enabled) => C:\Users\kathr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.07 beta (HKLM-x32\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 44.5.7.268 - Comodo)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
ELAN Touchpad 11.5.19.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.19.2 - ELAN Microelectronic Corp.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastPictureViewer Professional 1.9.348.0 (64-bit) (HKLM\...\{91486A00-EE17-4211-A270-E26113687892}) (Version: 1.9.348.0 - Axel Rietschin Software Developments)
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.27 - SecureMix LLC)
Google Chrome (HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Opera Stable 32.0.1948.44 (HKLM-x32\...\Opera 32.0.1948.44) (Version: 32.0.1948.44 - Opera Software)
Sandboxie 5.04 (64-bit) (HKLM\...\Sandboxie) (Version: 5.04 - Sandboxie Holdings, LLC)
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\kathr\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kathr\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
02-10-2015 11:06:12 Installing COMODO Internet Security Pro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-02 12:36 - 2015-10-02 12:34 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {27B546C1-AD48-419E-BF85-DEC9BC9D948E} - System32\Tasks\Microsoft\Windows\RestartManager\{E3E162D6-BC06-46b9-89F8-CD6111B3F88E} => C:\WINDOWS\system32\rmclient.exe [2015-07-09] (Microsoft Corporation)
Task: {345A834E-F2F0-4B7B-980D-EF4BB31E6B62} - System32\Tasks\Opera scheduled Autoupdate 1443800042 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-17] (Opera Software)
Task: {36B12D98-0193-4F4D-B435-CB70C0EB4CD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001Core => C:\Users\kathr\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: {61E9F3CF-110D-4DF2-AB06-FAC5827C5C56} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {6564E134-DBC3-4BE8-B474-27A248CB1ECB} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {976014CE-36C5-4BC5-8F3A-25BDA3B26981} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001UA => C:\Users\kathr\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.)
Task: {AABF306E-EEBF-45C5-8911-7C12999A9E6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {BDDD28F9-991E-4BD9-BFDD-A188161677CD} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-12-18] (Reason Software Company Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001Core.job => C:\Users\kathr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4055827758-3256202687-3425098328-1001UA.job => C:\Users\kathr\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 02875584 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 01283776 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 10451648 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 00039104 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2015-08-13 14:34 - 2015-08-13 14:34 - 01529024 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00165224 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\MotionDetection.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-09 22:19 - 2015-07-09 22:19 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-09 22:13 - 2015-09-10 00:08 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 22:13 - 2015-09-10 00:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-11 19:01 - 2015-09-11 19:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-09-29 05:20 - 2015-09-29 05:20 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00412008 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\MotionDetection\AVCapture.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341864 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\MotionDetection\AVSrc.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00699752 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\avformat-52.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00084328 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\avutil-50.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 01826664 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\avcodec-52.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\MotionDetection\DevManagerCore.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\PicturesAndVideos\DevManagerCore.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 02084712 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\MotionDetection\videoC.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 06712680 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\MotionDetection\LogiPerformanceRoutines.DLL
2015-09-15 08:08 - 2015-09-15 08:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-09-15 08:08 - 2015-09-15 08:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2015-09-11 16:39 - 2015-09-11 16:39 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-09-11 16:39 - 2015-09-11 16:39 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\c9112f9ef026831bf709:Win32App
AlternateDataStreams: C:\d956d726f5b732d32501:Win32App
AlternateDataStreams: C:\Users\kathr\Desktop\OBS_0_655b.zip:$CmdZnID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kathr\desktop\heart's ransom cover\heart's ransom\talon and gwen renders\best\heartsransomcover1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ChromodoUpdater => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: dmwappushservice => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DDFAC25B-E6FF-4E72-9056-8D6D3FDC185C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{354AE44B-35D4-4362-8763-5203BA22917F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{BE81FEA5-9DB1-4812-9851-293758698903}] => (Block) c:\program files\comodo\geekbuddy\version_logging.exe
FirewallRules: [{3CB0BCEA-C6AD-456E-8ED6-4BFDC4D3162E}] => (Block) c:\program files\comodo\geekbuddy\version_logging.exe
FirewallRules: [{406B962E-1B34-464B-9E53-835B470FBDD2}] => (Block) c:\program files\comodo\geekbuddy\unit_manager.exe
FirewallRules: [{72B31B23-D910-4F20-8A41-D5A21CE80F0E}] => (Block) c:\program files\comodo\geekbuddy\unit_manager.exe
FirewallRules: [{CAD3E2CA-66DD-4462-A5B4-A8F0E398E010}] => (Block) c:\program files\comodo\geekbuddy\unit.exe
FirewallRules: [{740D67F7-D191-4869-816A-1A3ABDC0D922}] => (Block) c:\program files\comodo\geekbuddy\unit.exe
FirewallRules: [{1AB1727C-0178-4E05-99EF-8812D5958D92}] => (Block) c:\windows\explorer.exe
FirewallRules: [{E3E57F9A-7530-4773-B18D-0323A4AF71C2}] => (Block) c:\windows\explorer.exe
FirewallRules: [{ED0A1FB5-88E7-4CA7-9249-DEDBD84C0CE1}] => (Block) c:\users\kathr\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [{98842238-0EAB-4576-8DAE-B19AA821202F}] => (Block) c:\users\kathr\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [{8266BB68-6F9B-4C75-A4B6-399CC6BA2F89}] => (Block) c:\windows\system32\wermgr.exe
FirewallRules: [{26AA02F8-6727-454C-818F-3543FE437501}] => (Block) c:\windows\system32\wermgr.exe
FirewallRules: [{9E112340-E96D-43E4-B57E-D3EBA796BE28}] => (Block) c:\program files (x86)\common files\comodo\launcher_service.exe
FirewallRules: [{EFC9CB00-0A03-4789-986A-7CA914B819A8}] => (Block) c:\program files (x86)\common files\comodo\launcher_service.exe
FirewallRules: [{EB7DA36E-FB0E-4976-BFE3-FDD51AFD22FD}] => (Block) c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{7112B84E-4BA5-496E-B780-CE40F77D5946}] => (Block) c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{FAF484CC-AE7E-46BC-A45A-99E756C1308E}] => (Block) c:\program files (x86)\opera\32.0.1948.44\opera.exe
FirewallRules: [{6ACFAF0E-C54E-4D8F-AD5C-8342F9A26EA9}] => (Block) c:\program files (x86)\opera\32.0.1948.44\opera.exe
FirewallRules: [{5732F854-55C1-4CC8-94A3-71803B3BE0A0}] => (Block) c:\program files (x86)\opera\32.0.1948.44\opera_autoupdate.exe
FirewallRules: [{DD82AC3B-CD8E-4D0A-AA87-4800CCB0B54E}] => (Block) c:\program files (x86)\opera\32.0.1948.44\opera_autoupdate.exe
 
==================== Faulty Device Manager Devices =============
 
Name: ELAN Input Device
Description: ELAN Input Device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: ELAN
Service: i8042prt
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2015 07:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ExManBridgeTalkCmd.exe, version: 1.0.0.91, time stamp: 0x55a3f6b5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x66302e25
Faulting process id: 0x1684
Faulting application start time: 0xExManBridgeTalkCmd.exe0
Faulting application path: ExManBridgeTalkCmd.exe1
Faulting module path: ExManBridgeTalkCmd.exe2
Report Id: ExManBridgeTalkCmd.exe3
Faulting package full name: ExManBridgeTalkCmd.exe4
Faulting package-relative application ID: ExManBridgeTalkCmd.exe5
 
Error: (10/02/2015 05:03:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1340
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5
 
Error: (10/02/2015 05:00:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1340
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5
 
Error: (10/02/2015 04:26:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1340
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5
 
Error: (10/02/2015 04:15:36 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: GeekBuddy -- Error 1704. An installation for COMODO Internet Security Pro is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (10/02/2015 04:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1340
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5
 
Error: (10/02/2015 03:44:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_shell32.dll, version: 10.0.10240.16384, time stamp: 0x559f39d6
Faulting module name: combase.dll, version: 10.0.10240.16384, time stamp: 0x559f3aac
Exception code: 0xc0000005
Fault offset: 0x00000000000bcf8d
Faulting process id: 0x1124
Faulting application start time: 0xrundll32.exe_shell32.dll0
Faulting application path: rundll32.exe_shell32.dll1
Faulting module path: rundll32.exe_shell32.dll2
Report Id: rundll32.exe_shell32.dll3
Faulting package full name: rundll32.exe_shell32.dll4
Faulting package-relative application ID: rundll32.exe_shell32.dll5
 
Error: (10/02/2015 03:09:10 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/02/2015 03:09:10 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3860) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/02/2015 03:08:59 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3860) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 

System errors:
=============
Error: (10/02/2015 03:02:27 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000ef (0xffffe0004fafb080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP100215-39906-01
 
Error: (10/02/2015 02:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%5
 
Error: (10/02/2015 02:45:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (10/02/2015 02:45:57 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-NlaSvc/Operational.
 
Error: (10/02/2015 02:45:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Setup.
 
Error: (10/02/2015 02:45:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-DeviceSetupManager/Admin.
 
Error: (10/02/2015 02:45:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Kernel-PnP/Configuration.
 
Error: (10/02/2015 02:45:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=5) while initializing logging resources for channel Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity.
 
Error: (10/02/2015 02:42:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%5
 
Error: (10/02/2015 02:41:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 

CodeIntegrity:
===================================
  Date: 2015-10-02 11:10:30.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-02 09:57:19.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-02 09:57:19.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 13%
Total physical RAM: 32685.47 MB
Available physical RAM: 28142.53 MB
Total Virtual: 37805.47 MB
Available Virtual: 33540.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.49 GB) (Free:427.44 GB) NTFS
Drive e: (Seagate) (Fixed) (Total:443.11 GB) (Free:423.77 GB) NTFS
Drive g: (Seagate BK) (Fixed) (Total:488.28 GB) (Free:485.19 GB) NTFS
Drive h: (BK) (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 748798B0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
Just a few notes that might be helpful - I have the touchpad mouse - which is the ELAN driver disabled in the BIOS. I'm a writer and it gets in my way. I also have the built in camera locked and Bluetooth. Bluetooth magically reinstalls itself and starts linking to anything it can find. I prefer to use my external webcam which is the Logitech stuff and I also use a Logitech wireless mouse.
 
Behavior of various drivers and processes has been highly suspicious, primarily the NVIDIA processes. Also there's something going on with the SQL files I believe. When I reinstalled DAZ those files didn't behave normally and it's trying to use the old database system not the new one. I see Win32App in the alternate data streams so Open Candy is still an issue but what's with OBS? I use that to stream on Twitch and haven't even opened the zip file yet.
 
Comodo lasted a half hour before locking up entirely and forcing me to do yet another system restore.
 
I have a sub to Webroot but had to uninstall it due to lockups. Right now I'm trying Windows Defender (at one point it flagged a Ransomware virus which it uninstalled and nothing else could find it. I was running Crypto Prevent but haven't re-downloaded it yet. I think it had a hand in keeping everything at bay for Defender to find the original virus. And as you can see, I have an arsenal prepared to once again go to battle with Open Candy but I'm more worried about a back door being left open and that Ransomware sneaking back in.
 
Oh and the router software/driver/service? AJRouter. That's a mystery. I think computer guy installed it and I don't trust it at all but can't get rid of it.
 
When I had reinstalled everything and thought I was running okay, I had a paid sub to Webroot, paid forever sub to Malwarebytes, and was running Windows Firewall and Crypto Prevent. I have all of my stuff backed up (redundantly). I desperately need to get this thing clean and defenses properly in place to keep the bad stuff out so I can get back to running my business. Any help would be greatly appreciated.
 
Cheers,
Stormy
 
PS- 9/10 was the date computer guy supposedly fixed everything. So much for a clean install huh? I did that a few days later but as you can see the dates aren't there.


Edited by stormrider22, 02 October 2015 - 07:30 PM.

  • 0

Advertisements

#2
Essexboy
Posted 03 October 2015 - 07:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, this appears to be an upgrade from either 7 or 8 that does make the system rather slow.

There is little apparent malware showing however, Comodo still has services and drivers running, I will remove those with this fix.

After the fix we will try to speed up and stop the freezes for you. Be aware that although a lot of antivirus programmes say they are compatible with windows 10 they are using very loose terminology

First to remove the little I found

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-10-02]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
R4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
2015-10-02 18:36 - 2015-10-02 18:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-02 16:15 - 2015-10-02 16:15 - 00002086 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-10-02 16:15 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-10-02 16:14 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_3264_29.exe
2015-10-02 16:13 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_5964_b8.exe
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files\COMODO
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-10-02 11:04 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-10-02 11:04 - 2015-10-02 11:04 - 00000000 ____D C:\Users\kathr\AppData\Local\Comodo
2015-10-02 11:03 - 2015-10-02 17:57 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-10-02 11:02 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\Comodo
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\c9112f9ef026831bf709:Win32App
AlternateDataStreams: C:\d956d726f5b732d32501:Win32App
AlternateDataStreams: C:\Users\kathr\Desktop\OBS_0_655b.zip:$CmdZnID
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
OK now the long winded speed up bit :)

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn off UAC, move the slider to the Never notify position, and then click OK.


Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default
wdk%20location.JPG

Windows Performance Toolkit
Wintoolkitselect.JPG

You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

When ready start an elevated command prompt :

Press Windows + X keys together
On the menu select Command Prompt (Admin)
Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot

sdk%20command.JPG

Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

THEN

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn on UAC, move the slider to the notify position (default), and then click OK.

Now let me know how it is
  • 0

#3
stormrider22
Posted 03 October 2015 - 06:10 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi Essexboy!

 

Thank you so much for your speedy reply and for the help!

 

I ran the fix and AdwCleaner so am posting those logs here then will jump into the rest of your speed up instructions.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by kathr (2015-10-03 18:34:35) Run:1
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-10-02]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
R4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-08-19] (Comodo)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
2015-10-02 18:36 - 2015-10-02 18:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-02 16:15 - 2015-10-02 16:15 - 00002086 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-10-02 16:15 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-10-02 16:14 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_3264_29.exe
2015-10-02 16:13 - 2015-10-02 16:15 - 225688096 _____ (COMODO) C:\Users\kathr\Documents\cav_installer_5964_b8.exe
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files\COMODO
2015-10-02 11:04 - 2015-10-02 17:57 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-10-02 11:04 - 2015-10-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-10-02 11:04 - 2015-10-02 11:04 - 00000000 ____D C:\Users\kathr\AppData\Local\Comodo
2015-10-02 11:03 - 2015-10-02 17:57 - 00000000 ____D C:\ProgramData\Comodo Downloader
2015-10-02 11:02 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\Comodo
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\c9112f9ef026831bf709:Win32App
AlternateDataStreams: C:\d956d726f5b732d32501:Win32App
AlternateDataStreams: C:\Users\kathr\Desktop\OBS_0_655b.zip:$CmdZnID
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk => moved successfully
C:\Program Files\COMODO\GeekBuddy\launcher.exe => moved successfully
ChromodoUpdater => Unable to stop service.
ChromodoUpdater => service removed successfully
CLPSLauncher => Unable to stop service.
CLPSLauncher => service removed successfully
GeekBuddyRSP => Unable to stop service.
GeekBuddyRSP => service removed successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\Users\Public\Desktop\GeekBuddy.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc => moved successfully
"C:\Users\kathr\Documents\cav_installer_3264_29.exe" => File/Folder not found.
"C:\Users\kathr\Documents\cav_installer_5964_b8.exe" => File/Folder not found.
 
"C:\Program Files\COMODO" folder move:
 
Could not move "C:\Program Files\COMODO" => Scheduled to move on reboot.
 
C:\Program Files (x86)\Comodo => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo => moved successfully
C:\Users\kathr\AppData\Local\Comodo => moved successfully
C:\ProgramData\Comodo Downloader => moved successfully
 
"C:\ProgramData\Comodo" folder move:
 
Could not move "C:\ProgramData\Comodo" => Scheduled to move on reboot.
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B} => key not found. 
C:\c9112f9ef026831bf709 => ":Win32App" ADS removed successfully.
C:\d956d726f5b732d32501 => ":Win32App" ADS removed successfully.
"C:\Users\kathr\Desktop\OBS_0_655b.zip" => ":$CmdZnID" ADS not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {0A19E82F-FF4C-45D4-AAD5-DEAC799B1FB3}.
{D1725538-61EB-47BA-850E-FEE00DE65356} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 891.9 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-03 18:39:57)
 
C:\Program Files\COMODO => Is moved successfully
C:\ProgramData\Comodo => Is moved successfully
 
==== End of Fixlog 18:39:57 ====
 
 
There were two AdwareCleaner logs not just one - it appears one before and one after? Maybe? I'm posting both just in case.
 
AdwCleaner(S1)
# AdwCleaner v5.009 - Logfile created 03/10/2015 at 18:45:05
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : kathr - KATHRYNLAPTOP
# Running from : C:\Users\kathr\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\GeekBuddyRSP
 
***** [ Web browsers ] *****
 
[C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [793 bytes] ##########
 
 
AdwCleaner (C1)
 
# AdwCleaner v5.009 - Logfile created 03/10/2015 at 18:46:30
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : kathr - KATHRYNLAPTOP
# Running from : C:\Users\kathr\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
 
***** [ Web browsers ] *****
 
[-] [C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [875 bytes] ##########
 
 
 
Although in the middle of copying and pasting this stuff, I saw a blank shortcut appear on my desktop for Chromodo. So I dug around and found a remaining directory with various files in Program Files (86)/Common Files. And while typing this I just had a black window open on it's own. It looked like the command line screen but I didn't see any execute but it vanished too quickly to know for certain. I'm just sitting here typing, I didn't do anything to cause it and it went full screen. Whenever I execute a command line I keep the screen small. So that was really weird happened too fast for me to do anything. But I'm going to close Opera and run FARBAR right now. Maybe it will catch something in the services or processes.

Edited by stormrider22, 03 October 2015 - 06:11 PM.

  • 0

#4
Essexboy
Posted 04 October 2015 - 03:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK, Comodo can be a pain to get rid of
  • 0

#5
stormrider22
Posted 04 October 2015 - 09:47 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Well that's frustrating. Yesterday I posted the new FARBAR logs but I see they poofed on me. So I'll post them again just to be sure. Adobe totally wigged out on me and locked up the computer several times yesterday, now it's broken. One of my partitions on the big 1TB drive has some strange stuff (screenshot):

 

screencapstrangedrive.PNG

 

Also I opened Scrivener and had this:

 

screencapscrivener.PNG

 

Looks like Russian to me. Plus I noticed Glasswire reporting that my connection to DAZ3D was in Costa Rica - ummmm they're based in Salt Lake City, UT. So I have no idea what's happening. Here are the new FARBAR logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by kathr (administrator) on KATHRYNLAPTOP (03-10-2015 19:12:36)
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-10-03] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10485248 2015-09-29] (SecureMix LLC)
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\RunOnce: [Uninstall C:\Users\kathr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\kathr\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-10-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19d2050b-3eb4-4079-8edf-fcea30acdb4b}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-10-03] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-10-03] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-10-03] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-10-03] (LastPass)
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Gmail) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (manzel) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccigdaajfpngfcglknmfnbhjbbeoogbc [2015-10-03]
OPR Extension: (JacKDuRdEn) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggjlfplepecnbnlkjphikdkapeepipbm [2015-10-03]
OPR Extension: (jdavid214) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2015-10-03]
OPR Extension: (LastPass) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-10-02]
OPR Extension: (shwetankdixit) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipbblipgmilipflgplphffjhipcmidlb [2015-10-03]
OPR Extension: (Opera Software ASA) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\kkgebkpedfmelmhohaphicmmoahkplgp [2015-10-03]
OPR Extension: (Laurynas Sukys) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\nmlaffhbgpimkimckkcpbjpbkobahaec [2015-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8825344 2015-09-29] (SecureMix LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-01] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 19:12 - 2015-10-03 19:13 - 00008550 _____ C:\Users\kathr\Desktop\FRST.txt
2015-10-03 18:56 - 2015-10-03 18:45 - 00000871 _____ C:\Users\kathr\Desktop\AdwCleaner[S1].txt
2015-10-03 18:51 - 2015-10-03 18:51 - 00000000 ___HD C:\OneDriveTemp
2015-10-03 18:47 - 2015-10-03 18:47 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathr_HistoryPrediction.bin
2015-10-03 18:46 - 2015-10-03 18:46 - 00000953 _____ C:\Users\kathr\Desktop\AdwCleaner[C1].txt
2015-10-03 18:45 - 2015-10-03 18:50 - 00000000 ____D C:\AdwCleaner
2015-10-03 18:34 - 2015-10-03 18:34 - 00000000 ____D C:\WINDOWS\SMSS-PFRO20f5.tmp
2015-10-03 17:45 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-03 17:10 - 2015-10-03 17:24 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AB9CB54-4CE0-4F7C-A83A-83EBCF8FAC11}
2015-10-03 16:18 - 2015-10-03 16:18 - 00001974 _____ C:\Users\kathr\Desktop\GlassWire.lnk
2015-10-03 16:18 - 2015-10-03 16:18 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-10-03 16:18 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2015-10-03 16:18 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2015-10-03 16:01 - 2015-10-03 16:02 - 00791656 _____ (Foolish IT LLC ) C:\Users\kathr\Desktop\dMaintenanceHomeSetup.exe
2015-10-03 16:01 - 2015-10-03 16:01 - 00972464 _____ (Foolish IT LLC ) C:\Users\kathr\Desktop\CryptoPreventSetup.exe
2015-10-03 15:40 - 2015-10-03 15:40 - 00001058 _____ C:\WINDOWS\PFRO.log
2015-10-03 15:38 - 2015-10-03 15:38 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-03 15:38 - 2015-10-03 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 15:37 - 2015-10-03 18:48 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 15:37 - 2015-10-03 18:42 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 15:37 - 2015-10-03 15:37 - 04079264 _____ (SurfRight B.V.) C:\Users\kathr\Desktop\hmpalert3.exe
2015-10-03 15:37 - 2015-10-03 15:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 15:37 - 2015-10-03 15:37 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-03 15:32 - 2015-10-03 15:32 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-10-03 15:28 - 2015-10-03 15:29 - 06679744 _____ (Adobe System Incorporated.) C:\Users\kathr\Desktop\AdobeCreativeCloudCleanerTool.exe
2015-10-03 15:24 - 2015-10-03 15:24 - 00001226 _____ C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
2015-10-03 15:24 - 2015-10-03 15:24 - 00001156 _____ C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
2015-10-03 15:24 - 2015-10-03 15:24 - 00000000 ____D C:\WINDOWS\WICCodecs
2015-10-03 15:19 - 2015-10-03 18:44 - 01670656 _____ C:\Users\kathr\Desktop\AdwCleaner.exe
2015-10-03 15:18 - 2015-10-03 17:19 - 02193408 _____ (Farbar) C:\Users\kathr\Desktop\FRST64.exe
2015-10-03 15:17 - 2015-10-03 16:17 - 21854008 _____ (SecureMix LLC) C:\Users\kathr\Desktop\GlassWireSetup.exe
2015-10-03 15:17 - 2015-10-03 15:18 - 02873112 _____ (Reason Company Software Inc.) C:\Users\kathr\Desktop\herdProtectScan_Setup.exe
2015-10-03 15:10 - 2015-10-03 15:10 - 00001704 _____ C:\Users\Public\Desktop\Scrivener.lnk
2015-10-03 15:10 - 2015-10-03 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-10-03 14:48 - 2015-10-03 14:49 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-10-03 14:48 - 2015-10-03 14:48 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-03 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:47 - 2015-10-03 15:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-03 14:47 - 2015-10-03 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-10-03 14:39 - 2015-10-03 14:41 - 00001176 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit).lnk
2015-10-03 14:38 - 2015-10-03 14:39 - 00000000 ____D C:\Program Files\DAZ 3D
2015-10-03 14:38 - 2015-10-03 14:38 - 00000969 _____ C:\Users\kathr\Desktop\Carrara 8.5 Pro (64-bit).lnk
2015-10-03 09:32 - 2015-10-03 09:31 - 00117242 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151003-093132.zip
2015-10-02 21:36 - 2015-10-02 21:49 - 00000000 ____D C:\Users\kathr\AppData\Roaming\NVIDIA
2015-10-02 21:35 - 2015-10-02 21:35 - 00000000 ____D C:\Users\kathr\AppData\Local\CEF
2015-10-02 18:55 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-02 18:52 - 2015-10-02 21:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-02 18:49 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-02 18:49 - 2015-10-03 15:49 - 00000000 ____D C:\Program Files\Adobe
2015-10-02 18:49 - 2015-10-02 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Scrivener
2015-10-02 18:35 - 2015-10-03 17:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 18:35 - 2015-10-03 15:29 - 00000000 ____D C:\ProgramData\Adobe
2015-10-02 18:34 - 2015-10-03 17:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 18:31 - 2015-10-03 15:10 - 00000000 ____D C:\Program Files (x86)\Scrivener
2015-10-02 18:29 - 2015-10-02 18:29 - 00000000 ____D C:\ProgramData\DAZ 3D
2015-10-02 18:00 - 2015-10-02 18:00 - 00000000 ____D C:\Users\kathr\AppData\Local\Logitech® Webcam Software
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Leadertech
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\LogiShrd
2015-10-02 17:57 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-10-02 17:57 - 2015-10-02 17:58 - 00003850 _____ C:\WINDOWS\LDPINST.LOG
2015-10-02 17:49 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-02 17:49 - 2015-10-02 17:58 - 00007384 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-02 17:43 - 2015-10-02 17:43 - 00000000 ____D C:\Users\kathr\Desktop\Heart's Ransom cover
2015-10-02 17:40 - 2015-10-03 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-10-02 17:40 - 2015-10-03 15:24 - 00000000 ____D C:\Program Files\FastPictureViewer
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\FastPictureViewer
2015-10-02 17:38 - 2015-10-03 17:20 - 00000000 ____D C:\Users\kathr\Desktop\3d n Art
2015-10-02 17:37 - 2015-10-03 19:01 - 00000000 ____D C:\Users\kathr\Desktop\computer
2015-10-02 16:06 - 2015-10-02 16:06 - 00000000 ____D C:\Users\kathr\AppData\Local\PeerDistRepub
2015-10-02 16:02 - 2015-10-03 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\Program Files\Reason
2015-10-02 15:50 - 2015-10-03 16:18 - 00000000 ____D C:\Program Files (x86)\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Local\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\ProgramData\GlassWire
2015-10-02 15:37 - 2015-10-03 17:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-02 15:36 - 2015-10-03 17:49 - 00000000 ____D C:\Program Files\Elantech
2015-10-02 15:29 - 2015-10-03 17:19 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 15:13 - 2015-10-02 15:13 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Macromedia
2015-10-02 14:47 - 2015-10-02 14:47 - 00000000 ___HD C:\VTRoot
2015-10-02 12:48 - 2015-10-02 12:48 - 00000000 ____D C:\Windows.old
2015-10-02 12:48 - 2015-10-02 10:02 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-02 12:45 - 2015-10-02 12:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-02 12:44 - 2015-10-02 12:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-02 12:43 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Setup
2015-10-02 12:41 - 2015-10-02 12:41 - 00000000 ____D C:\WINDOWS\OCR
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-02 12:38 - 2015-10-01 02:57 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38 - 2015-10-01 02:57 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 12:37 - 2015-10-02 09:57 - 00001189 _____ C:\WINDOWS\DtcInstall.log
2015-10-02 12:36 - 2015-10-03 18:49 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 12:36 - 2015-10-03 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-02 12:36 - 2015-10-03 17:18 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 12:36 - 2015-10-03 17:18 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-02 12:36 - 2015-10-03 14:59 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 12:36 - 2015-10-03 14:39 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-02 12:36 - 2015-10-02 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\tracing
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\System
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SKB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\security
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Resources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\PLA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Performance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Branding
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\addins
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Comms
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-02 12:36 - 2015-10-02 12:34 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-02 12:36 - 2015-10-02 12:34 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-02 12:36 - 2015-10-02 12:34 - 00000219 _____ C:\WINDOWS\system.ini
2015-10-02 12:36 - 2015-10-02 12:34 - 00000092 _____ C:\WINDOWS\win.ini
2015-10-02 12:36 - 2015-10-02 11:06 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-02 12:36 - 2015-10-02 10:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-02 12:36 - 2015-10-02 09:59 - 00000000 ____D C:\WINDOWS\CSC
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-02 12:36 - 2015-10-02 09:54 - 00000000 ____D C:\WINDOWS\Help
2015-10-02 12:36 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-02 12:28 - 2015-10-03 17:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 12:25 - 2015-10-03 14:47 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-10-02 12:24 - 2015-10-03 18:46 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 12:24 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\servicing
2015-10-02 12:24 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-02 12:24 - 2015-10-02 10:02 - 00000000 __RHD C:\Users\Default
2015-10-02 12:24 - 2015-10-02 09:53 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-02 12:24 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-02 12:23 - 2015-10-02 12:44 - 00000000 ___HD C:\$Windows.~BT
2015-10-02 12:23 - 2015-10-02 12:23 - 00000000 ___HD C:\$SysReset
2015-10-02 11:32 - 2015-10-02 13:50 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Comodo
2015-10-02 11:09 - 2015-10-02 11:09 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-02 11:07 - 2015-10-03 15:29 - 00000000 ____D C:\Users\kathr\AppData\Local\Adobe
2015-10-02 11:07 - 2015-10-02 11:07 - 00686768 _____ (Adobe Systems Incorporated) C:\Users\kathr\Downloads\CreativeCloudSet-Up (1).exe
2015-10-02 11:01 - 2015-10-02 11:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-02 11:01 - 2015-10-02 11:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-02 11:00 - 2015-10-02 11:00 - 11278928 _____ (COMODO) C:\Users\kathr\Downloads\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7.exe
2015-10-02 10:59 - 2015-10-02 11:02 - 225688136 _____ (COMODO) C:\Users\kathr\Downloads\cispro_30day_installer_1157_1a.exe
2015-10-02 10:59 - 2015-10-02 11:00 - 225688096 _____ (COMODO) C:\Users\kathr\Downloads\cmd_fw_installer_6106_c6.exe
2015-10-02 10:58 - 2015-10-03 14:47 - 01079856 _____ (Igor Pavlov) C:\Users\kathr\Desktop\7z1507.exe
2015-10-02 10:53 - 2015-10-03 17:16 - 00000000 ____D C:\Users\kathr\AppData\Roaming\DAZ 3D
2015-10-02 10:52 - 2015-10-03 14:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-10-02 10:52 - 2015-10-02 10:52 - 30151896 _____ (DAZ 3D) C:\Users\kathr\Downloads\DAZ3DIM_1.1.0.41_Win32 (1).exe
2015-10-02 10:52 - 2015-10-02 10:52 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\vlc
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-02 10:48 - 2015-10-02 10:48 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-02 10:44 - 2015-10-02 10:45 - 28849904 _____ C:\Users\kathr\Downloads\vlc-2.2.1-win32.exe
2015-10-02 10:38 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-02 10:34 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 10:34 - 2015-10-02 11:04 - 00001199 _____ C:\Users\kathr\Desktop\Internet (Chromodo).lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1443800042
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\Users\Public\Desktop\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Opera Software
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Local\Opera Software
2015-10-02 10:33 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Google
2015-10-02 10:33 - 2015-10-02 10:34 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 10:33 - 2015-10-02 10:33 - 00724456 _____ (Opera Software) C:\Users\kathr\Downloads\Opera_NI_stable.exe
2015-10-02 10:32 - 2015-10-02 10:33 - 00929872 _____ (Google Inc.) C:\Users\kathr\Downloads\ChromeSetup (1).exe
2015-10-02 10:25 - 2015-10-01 00:15 - 02544872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-10-02 10:21 - 2015-10-02 10:32 - 00000000 ____D C:\Users\kathr\AppData\Local\MicrosoftEdge
2015-10-02 10:16 - 2015-10-03 15:43 - 00002338 _____ C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-02 10:08 - 2015-10-02 10:08 - 00014044 _____ C:\Users\kathr\Desktop\Removed Apps.html
2015-10-02 10:08 - 2015-10-02 10:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 10:07 - 2015-10-03 15:39 - 00000000 ____D C:\Users\kathr\AppData\Local\Comms
2015-10-02 10:06 - 2015-10-03 15:29 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Adobe
2015-10-02 10:06 - 2015-10-03 14:52 - 00000000 ____D C:\Users\kathr\AppData\Local\Packages
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\VirtualStore
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\TileDataLayer
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\Publishers
2015-10-02 10:05 - 2015-10-03 18:53 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 10:05 - 2015-10-02 10:05 - 00000020 ___SH C:\Users\kathr\ntuser.ini
2015-10-02 10:02 - 2015-10-02 10:02 - 00000000 __SHD C:\Recovery
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 __RSD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 10:00 - 2015-10-03 17:13 - 00000000 ____D C:\Users\kathr
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 09:54 - 2015-10-03 19:02 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 09:54 - 2015-07-13 12:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-02 09:54 - 2015-07-13 12:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-02 09:54 - 2015-07-13 11:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-02 09:53 - 2015-10-02 09:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-02 09:53 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOShared
2015-10-02 09:53 - 2015-07-10 00:37 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-02 09:51 - 2015-10-02 21:23 - 00005885 _____ C:\WINDOWS\setupact.log
2015-10-02 09:51 - 2015-10-02 09:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-02 09:50 - 2015-10-03 18:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 09:49 - 2015-10-02 09:59 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-02 02:37 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\Presets-2015-09-09
2015-10-02 01:34 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\unzipped
2015-10-01 13:43 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\21966-01_ContentCatalogerEasy
2015-10-01 13:32 - 2015-10-01 13:32 - 00000776 _____ C:\Users\kathr\Desktop\Hexagon 2.lnk
2015-10-01 12:35 - 2015-10-03 18:34 - 00000000 ____D C:\Users\kathr\Desktop\renderosity
2015-10-01 12:02 - 2015-10-01 12:03 - 87423600 _____ (Literature and Latte) C:\Users\kathr\Desktop\Scrivener-installer.exe
2015-10-01 11:56 - 2015-10-01 11:56 - 01592640 _____ (LogMeIn, Inc.) C:\Users\kathr\Downloads\Support-LogMeInRescue.exe
2015-10-01 08:35 - 2015-10-03 18:39 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Temp
2015-10-01 08:33 - 2015-10-01 08:34 - 37376000 _____ C:\Users\kathr\Desktop\FastPictureViewer64.msi
2015-10-01 03:27 - 2015-10-02 21:35 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Adobe
2015-10-01 02:57 - 2015-10-01 02:57 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 02:20 - 2015-10-02 21:56 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\_1 Writing
2015-10-01 02:20 - 2015-10-01 10:14 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Keep
2015-10-01 02:20 - 2015-10-01 03:13 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Scriverner
2015-10-01 02:11 - 2015-10-02 10:52 - 00002114 _____ C:\Users\kathr\Desktop\DAZ Install Manager.lnk
2015-10-01 02:09 - 2015-10-01 02:48 - 02875456 _____ (Microsoft Corporation) C:\Users\kathr\Desktop\Setup.X86.en-US_O365HomePremRetail_fce58278-39ee-4cee-bbf1-e65d341595be_TX_PR_.exe
2015-10-01 02:06 - 2015-10-01 02:06 - 00076330 _____ C:\Users\kathr\Desktop\PFx REFLECTIONS.atn
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\d956d726f5b732d32501
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\c9112f9ef026831bf709
2015-10-01 01:46 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files
2015-10-01 01:46 - 2015-10-03 17:20 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (1)
2015-10-01 01:40 - 2015-10-01 01:48 - 30151896 _____ (DAZ 3D) C:\Users\kathr\Downloads\DAZ3DIM_1.1.0.41_Win32.exe
2015-10-01 01:39 - 2015-10-01 01:39 - 00686768 _____ (Adobe Systems Incorporated) C:\Users\kathr\Desktop\CreativeCloudSet-Up.exe
2015-10-01 01:14 - 2015-10-03 14:48 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-10-01 01:06 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\LastPass
2015-10-01 01:05 - 2015-10-01 01:06 - 16790552 _____ (LastPass) C:\Users\kathr\Desktop\lastpass_x64.exe
2015-10-01 01:05 - 2015-10-01 01:05 - 00929872 _____ (Google Inc.) C:\Users\kathr\Desktop\ChromeSetup.exe
2015-10-01 00:39 - 2015-10-01 01:15 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\webroot
2015-10-01 00:38 - 2015-10-01 00:38 - 00832016 _____ (Webroot) C:\Users\kathr\Desktop\wsainstall.exe
2015-10-01 00:20 - 2015-10-03 18:51 - 00000000 ____D C:\Users\kathr\OneDrive
2015-10-01 00:17 - 2015-10-01 00:17 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-10-01 00:15 - 2015-10-01 00:15 - 00447576 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 30518928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 22972560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16159608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16009800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 15892904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 14510584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 13274560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 12972336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11842680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11139216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 03344672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02955832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02360976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02163856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01061192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01052488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00452240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00384464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00374416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00340624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00314936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00031976 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-30 23:26 - 2015-09-30 23:26 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00019976 _____ (ASUS) C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys
2015-09-30 23:01 - 2015-09-30 23:01 - 00000000 ___HD C:\$Windows.~WS
2015-09-30 21:54 - 2015-09-30 23:13 - 00000000 ____D C:\ESD
2015-09-30 21:45 - 2015-10-03 19:12 - 00000000 ____D C:\FRST
2015-09-30 21:24 - 2015-09-30 22:08 - 00000000 ____D C:\SUPERDelete
2015-09-10 00:08 - 2015-09-10 00:08 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-10 00:08 - 2015-09-10 00:08 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 00:20 - 2015-07-09 22:36 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:36 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2015-09-10 00:20 - 2015-07-09 22:34 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2015-09-10 00:20 - 2015-07-09 22:32 - 02533888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysis.dll
2015-09-10 00:20 - 2015-07-09 22:31 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:28 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2015-09-10 00:20 - 2015-07-09 22:26 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SNTSearch.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00274224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-09-10 00:20 - 2015-07-09 22:24 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2015-09-10 00:20 - 2015-07-09 22:23 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2015-09-10 00:20 - 2015-07-09 22:22 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2015-09-10 00:20 - 2015-07-09 22:21 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2015-09-10 00:20 - 2015-07-09 22:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:17 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-09-10 00:20 - 2015-07-09 22:06 - 00147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2015-09-10 00:20 - 2015-07-09 22:06 - 00043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2015-09-10 00:20 - 2015-07-09 21:33 - 00147439 _____ C:\WINDOWS\system32\gpedit.msc
2015-09-10 00:20 - 2015-07-09 21:33 - 00043566 _____ C:\WINDOWS\system32\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:30 - 00120458 _____ C:\WINDOWS\system32\secpol.msc
2015-09-10 00:20 - 2015-07-09 21:19 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2015-09-10 00:19 - 2015-07-09 22:29 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2015-09-10 00:19 - 2015-07-09 22:27 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:26 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2015-09-10 00:19 - 2015-07-09 22:24 - 01977856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2015-09-10 00:19 - 2015-07-09 22:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2015-09-10 00:19 - 2015-07-09 22:23 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 03603968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysis.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2015-09-10 00:19 - 2015-07-09 22:21 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2015-09-10 00:19 - 2015-07-09 22:18 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2015-09-10 00:19 - 2015-07-09 22:17 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DFDWiz.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00052576 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00041312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2015-09-10 00:19 - 2015-07-09 22:13 - 00147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2015-09-10 00:19 - 2015-07-09 21:28 - 00146389 _____ C:\WINDOWS\system32\printmanagement.msc
2015-09-10 00:08 - 2015-07-09 22:38 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:28 - 06358016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:21 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
 
==================== Files in the root of some directories =======
 
2015-10-01 01:07 - 2015-10-03 14:48 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-01 00:39 - 2015-10-01 00:39 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
 
Some files in TEMP:
====================
C:\Users\kathr\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 09:49
 
==================== End of FRST.txt ============================
 
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by kathr (2015-10-03 19:14:15)
Running from C:\Users\kathr\Desktop
Windows 10 Pro (X64) (2015-10-02 15:02:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4055827758-3256202687-3425098328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4055827758-3256202687-3425098328-503 - Limited - Disabled)
Guest (S-1-5-21-4055827758-3256202687-3425098328-501 - Limited - Disabled)
kathr (S-1-5-21-4055827758-3256202687-3425098328-1001 - Administrator - Enabled) => C:\Users\kathr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.07 beta (HKLM-x32\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Chromodo (HKLM-x32\...\Chromodo) (Version: 44.5.7.269 - Comodo)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
ELAN Touchpad 11.5.19.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.19.2 - ELAN Microelectronic Corp.)
FastPictureViewer Professional 1.9.348.0 (64-bit) (HKLM\...\{91486A00-EE17-4211-A270-E26113687892}) (Version: 1.9.348.0 - Axel Rietschin Software Developments)
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.27 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Opera Stable 32.0.1948.44 (HKLM-x32\...\Opera 32.0.1948.44) (Version: 32.0.1948.44 - Opera Software)
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-10-2015 11:06:12 Installing COMODO Internet Security Pro
03-10-2015 15:23:54 Installed FastPictureViewer Professional 1.9.348.0 (64-bit)
03-10-2015 18:34:35 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-02 12:36 - 2015-10-02 12:34 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {345A834E-F2F0-4B7B-980D-EF4BB31E6B62} - System32\Tasks\Opera scheduled Autoupdate 1443800042 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-17] (Opera Software)
Task: {3739F324-5D7D-40CD-88CC-8CEDDE1BC848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {48682BDB-FA20-45B7-9B97-0017104153B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-09-10] (Microsoft Corporation)
Task: {6564E134-DBC3-4BE8-B474-27A248CB1ECB} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {68468A53-B52B-4C72-8952-C4CF523B5348} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {984146FB-DD1B-41F6-9D98-8164EBCEFF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 22:13 - 2015-07-09 22:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 22:13 - 2015-09-10 00:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-29 05:20 - 2015-09-29 05:20 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kathr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\warrioraxethrowflame3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4DA06DE7-1C70-4261-B059-B4A06B2C974C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{59C9ED91-2EDD-4E48-BD02-9C040269A0EB}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{49573119-47A6-40E6-A27F-8DAC51A57A36}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{2DA45B8B-8B84-4B60-8BFC-7C7D888F23CC}] => (Block) c:\program files (x86)\common files\comodo\launcher_service.exe
FirewallRules: [{7FC01996-9882-4F4B-887A-06383DA754F6}] => (Block) c:\program files (x86)\common files\comodo\launcher_service.exe
FirewallRules: [{DFEB0A0A-6783-4425-AE80-7A1B45230F33}] => (Block) c:\program files\comodo\geekbuddy\unit_manager.exe
FirewallRules: [{A503E528-7690-4ED2-B96C-300631B12926}] => (Block) c:\program files\comodo\geekbuddy\unit_manager.exe
FirewallRules: [{AFD83B7C-F0F8-46B7-A6E9-3A7AA119012B}] => (Block) c:\program files\comodo\geekbuddy\version_logging.exe
FirewallRules: [{70E9F55E-AB0B-4854-9C46-FE76E0FA43CC}] => (Block) c:\program files\comodo\geekbuddy\version_logging.exe
FirewallRules: [{128E3618-A1FC-481E-8C43-6690947DD873}] => (Block) c:\program files\comodo\geekbuddy\unit.exe
FirewallRules: [{64F3DB27-28B9-4FD5-B47D-DF501C036A3B}] => (Block) c:\program files\comodo\geekbuddy\unit.exe
 
==================== Faulty Device Manager Devices =============
 
Name: ELAN Input Device
Description: ELAN Input Device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: ELAN
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2015 06:52:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4988) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/03/2015 06:52:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4988) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/03/2015 06:52:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4988) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/03/2015 06:52:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4988) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/03/2015 06:52:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4988) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/03/2015 06:52:31 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4988) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/03/2015 06:52:21 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4988) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/03/2015 06:52:21 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4988) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/03/2015 06:52:10 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4988) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/03/2015 06:52:10 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4988) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (10/03/2015 06:46:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GlassWire Control Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/03/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (10/03/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/03/2015 06:35:56 PM) (Source: DCOM) (EventID: 10010) (User: KATHRYNLAPTOP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/03/2015 06:35:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-02 11:10:30.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-02 09:57:19.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-02 09:57:19.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 5%
Total physical RAM: 32685.47 MB
Available physical RAM: 30939.96 MB
Total Virtual: 37805.47 MB
Available Virtual: 36191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.49 GB) (Free:426.42 GB) NTFS
Drive e: (Seagate) (Fixed) (Total:443.11 GB) (Free:418.85 GB) NTFS
Drive g: (Seagate BK) (Fixed) (Total:488.28 GB) (Free:485.19 GB) NTFS
Drive h: (BK) (Fixed) (Total:0.44 GB) (Free:0.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 748798B0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
What concerns me are the unsigned files and the failure to write some logs. Along with several programs I didn't install and don't recognize. I did download some stuff yesterday that I want to install after we finish here, but that's all. Adobe broke and had locked up the computer several times yesterday causing Windows to try an automatic repair at one point. And the theme listing is just plain wrong. I changed that a couple of days ago.
 
I'm self employed and work from home. I don't have a server and I don't do remote anything. I have all of that disabled. I even disabled the wifi temporarily and am accessing the internet through the LAN cable. I had intended to do a full system back up on my new WD Cloud drive and it's best to do that with an ethernet connection, but then things started going crazy and I didn't get the chance to do that yet.
 
If we're good to go, however, I'll jump in with working on your speed instructions.
 
Thank you again for the help - and your patience.  :D
 
Cheers,
Stormy
 
 

Attached Thumbnails

  • screencapstrangedrive.PNG
  • screencapscrivener.PNG

  • 0

#6
stormrider22
Posted 04 October 2015 - 09:53 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Oh PS - I forgot to mention I originally had Windows 8.1 Pro on this before I switched to Windows 10. The computer guy installed Windows 10 Home but I switched it to Pro without a problem and Windows didn't even bat an eye. So what's the XP stuff doing on one of the partitions?


  • 0

#7
Essexboy
Posted 04 October 2015 - 10:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it looks as though the scrivener default language has changed to Russian, can you revert it to English ?

Comodo geekbuddy wanted to stay, so I will evict it once more

The G drive elemetns can be deleted if you do not want them as they are just residue files

Daz is probably like most major firms and has servers located around the world rather than in any one specific location. I will also reset your DNS though

Start the speed up when you have the time after this

The XP MBR is being reported on your Seagate

What unsigned files are you concerned about ?


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
C:\Program Files (x86)\Common Files\COMODO
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
stormrider22
Posted 04 October 2015 - 01:15 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thank you so much Essex!

 

I'll try to change Scrivener back - I just got it not too long ago and so am not that familiar with the Preferences. It's hard to remember where to change that stuff when you can't read it. lol!

 

DAZ really isn't a major firm. They're not like Autodesk or anything. Their software is still free and they make their money off of people buying elements in their 3D marketplace. But I like their stuff which is why I use them to create the art for my book covers.

 

Yeah, the Seagate is my 1TB which I partitioned. I got it brand new about a month or so ago so it's never had XP on it.

 

Here's the Fix Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by kathr (2015-10-04 13:58:46) Run:2
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
C:\Program Files (x86)\Common Files\COMODO
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tvncontrol => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Program Files (x86)\Common Files\COMODO => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:4dbb:5e9:f20:e10
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:2928:8546:a4da:3357
   Link-local IPv6 Address . . . . . : fe80::4dbb:5e9:f20:e10%2
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%2
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:4dbb:5e9:f20:e10
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:2928:8546:a4da:3357
   Link-local IPv6 Address . . . . . : fe80::4dbb:5e9:f20:e10%2
   IPv4 Address. . . . . . . . . . . : 192.168.1.9
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%2
                                       192.168.1.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 218.5 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:00:05 ====
 
Now I'll see what trouble I can get into with doing the rest. lol! I have a lot of work to finish and if I can get this thing running like it should it will help tremendously.

  • 0

#9
Essexboy
Posted 04 October 2015 - 02:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Take your time, once the xbootmgr starts running it will continue all by itself (if UAC is disabled)

When I first used that on my windows 10 it dropped the boot time from 3 minutes to 40 seconds :)
  • 0

#10
stormrider22
Posted 04 October 2015 - 03:04 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'm responding from my phone as the thing has been running over 45 min. It's still on the second boot and running the defrag I guess. I had my maintenance set to defrag once a week but I guess it still needed it done. The boot up is reasonably fast, it's all of the extra processes going that I don't need or use. Like I don't need Cortana phoning home when I'm trying to render in Daz or format a layout for a 400 page novel. Or Homegroup and a ton of network carp hogging all of the memory when I'm completely disconnected from the network. I thought increasing ram and HD so age for the page file and stuff would help that but I think Microsoft just fills the extra with their stuff so mine can't get a word in edgewise. Lol! Hopefully it won't be too much longer.

Oh I turned of the UAC but still have to log onto my account when it reboots. I was going to go get some groceries while this was runninG. Oh well! ;-)

UPDATE: 2 hours and it hasn't budged from the second reboot. How long should I wait before hollering uncle?

Edited by stormrider22, 04 October 2015 - 04:09 PM.

  • 0

Advertisements

#11
stormrider22
Posted 05 October 2015 - 12:06 AM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Well, that kinda worked - I think. At four hours still on the second reboot and not budging an inch, I wound up the courage to take a peek at the task manager. The defrag process was listed but was under 350kb memory and not writing to the HD. That indicated to me it was like the "friend" who says he'll help you move but he just hangs out, drinks all the beer and tells everyone else how to do stuff while they're doing all the heavy lifting. I checked it a couple of times and it stayed the same while the other processes were running normally, so I finally killed it.

 

I then went to the disk manager and all the drives, not just the C drive were 0% fragmented and had today's time stamp on them. I did an error check of each drive just in case even though it popped up that it wasn't necessary. Everything was fine. Then just for an experiment, I did another defrag on one of the small partitions. It again said not necessary and like I said I have it set to auto defrag all drives once a week. But it zoomed right through until it got to compiling and hung. I'm assuming it did that because there was no real defragging to do, I'm not sure. But double-checked with another disk error check and it was fine.

 

I ran the xbootmgr again but it only ran once which according to the help is the default. So I was wondering if there was a way to get it to run without the defrag. I found the log it created. The initial boot after it ran was lightning fast - as in blink and you miss it - but after that it went back to normal which has been around 6-8 seconds or so.

 

Here's the log:

[2015/10/04-14:25:57.521] Performance Analyzer Power Transition Performance Testing Utility (Microsoft® Windows® Performance Analyzer) Version 6.2.9200 - © 2012 Microsoft Corporation. All rights reserved.
[2015/10/04-14:25:57.521] Detected Win8 physical (ReadyBoot) prefetcher; the SysMain service is auto-started.
[2015/10/04-14:25:57.536] Registering for auto-run with a 120000 msec delay...
[2015/10/04-14:25:57.536] Completed auto-run change.
[2015/10/04-14:25:57.974] Starting trace...
[2015/10/04-14:26:04.646] Enabled boot logging to 'C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1_km_premerge.etl'
 
[2015/10/04-14:31:23.779] Performance Analyzer Power Transition Performance Testing Utility (Microsoft® Windows® Performance Analyzer) Version 6.2.9200 - © 2012 Microsoft Corporation. All rights reserved.
[2015/10/04-14:31:23.779] Detected Win8 physical (ReadyBoot) prefetcher; the SysMain service is auto-started.
[2015/10/04-14:31:23.779] Stopping trace...
[2015/10/04-14:31:27.138] Stopped kernel logger.
[2015/10/04-14:31:27.294] Stopped user-mode logger.
[2015/10/04-14:31:27.294] The trace you are capturing "C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl" may contain personally identifiable information, including but not necessarily limited to paths to files accessed, paths to registry accessed and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.
[2015/10/04-14:31:41.451] Merged ETL file to 'C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl'
[2015/10/04-14:31:41.466] Waiting for prefetcher...
[2015/10/04-14:31:41.466] Requesting Win8 ReadyBoot boot plan recalculation...
[2015/10/04-14:31:46.451] Completed Win8 ReadyBoot boot plan recalculation.
[2015/10/04-14:31:46.451] Saving prefetcher data...
[2015/10/04-14:31:46.482] Failed to save prefetcher data (C:\WINDOWS\prefetch\layout.ini) in cab archive (stage 1, error 0)
[2015/10/04-14:31:48.498] Saved prefetcher data from C:\WINDOWS\prefetch\ReadyBoot\*.* in cab archive.
[2015/10/04-14:31:48.670] Saved prefetcher data from C:\WINDOWS\prefetch\AgCx*.db in cab archive.
[2015/10/04-14:31:48.764] Saved prefetcher data from C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.ppf.newPlan in cab archive
[2015/10/04-14:31:48.779] Starting trace...
[2015/10/04-14:31:48.795] Enabled boot logging to 'C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2_km_premerge.etl'
 
[2015/10/04-14:37:31.107] Performance Analyzer Power Transition Performance Testing Utility (Microsoft® Windows® Performance Analyzer) Version 6.2.9200 - © 2012 Microsoft Corporation. All rights reserved.
[2015/10/04-14:37:31.107] Detected Win8 physical (ReadyBoot) prefetcher; the SysMain service is auto-started.
[2015/10/04-14:37:31.138] Stopping trace...
[2015/10/04-14:37:33.029] Stopped kernel logger.
[2015/10/04-14:37:33.201] Stopped user-mode logger.
[2015/10/04-14:37:33.216] The trace you are capturing "C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl" may contain personally identifiable information, including but not necessarily limited to paths to files accessed, paths to registry accessed and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.
[2015/10/04-14:37:46.404] Merged ETL file to 'C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl'
[2015/10/04-14:37:46.435] Waiting for prefetcher...
[2015/10/04-14:37:46.435] Requesting Win8 ReadyBoot boot plan recalculation...
[2015/10/04-14:37:53.498] Completed Win8 ReadyBoot boot plan recalculation.
[2015/10/04-14:37:53.498] Saving prefetcher data...
[2015/10/04-14:37:53.545] Failed to save prefetcher data (C:\WINDOWS\prefetch\layout.ini) in cab archive (stage 1, error 0)
[2015/10/04-14:37:56.310] Saved prefetcher data from C:\WINDOWS\prefetch\ReadyBoot\*.* in cab archive.
[2015/10/04-14:37:56.373] Saved prefetcher data from C:\WINDOWS\prefetch\AgCx*.db in cab archive.
[2015/10/04-14:37:56.842] Saved prefetcher data from C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.ppf.newPlan in cab archive
[2015/10/04-14:37:56.857] Preparing system...
[2015/10/04-14:37:56.857] Launching attempt #1 to defragment disk...
 
[2015/10/04-19:26:09.933] Performance Analyzer Power Transition Performance Testing Utility (Microsoft® Windows® Performance Analyzer) Version 6.2.9200 - © 2012 Microsoft Corporation. All rights reserved.
[2015/10/04-19:26:09.933] Detected Win8 physical (ReadyBoot) prefetcher; the SysMain service is auto-started.
[2015/10/04-19:26:09.933] Registering for auto-run with a 120000 msec delay...
[2015/10/04-19:26:09.933] Completed auto-run change.
[2015/10/04-19:26:09.933] Starting trace...
[2015/10/04-19:26:10.138] Enabled boot logging to 'C:\WINDOWS\system32\boot_BASE+CSWITCH_1_km_premerge.etl'
 
[2015/10/04-19:31:05.653] Performance Analyzer Power Transition Performance Testing Utility (Microsoft® Windows® Performance Analyzer) Version 6.2.9200 - © 2012 Microsoft Corporation. All rights reserved.
[2015/10/04-19:31:05.653] Detected Win8 physical (ReadyBoot) prefetcher; the SysMain service is auto-started.
[2015/10/04-19:31:05.685] Stopping trace...
[2015/10/04-19:31:07.513] Stopped kernel logger.
[2015/10/04-19:31:07.716] Stopped user-mode logger.
[2015/10/04-19:31:07.716] The trace you are capturing "C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl" may contain personally identifiable information, including but not necessarily limited to paths to files accessed, paths to registry accessed and process names. Exact information depends on the events that were logged. Please be aware of this when sharing out this trace with other people.
[2015/10/04-19:31:20.935] Merged ETL file to 'C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl'
[2015/10/04-19:31:20.966] Waiting for prefetcher...
[2015/10/04-19:31:20.966] Requesting Win8 ReadyBoot boot plan recalculation...
[2015/10/04-19:31:49.334] Completed Win8 ReadyBoot boot plan recalculation.
[2015/10/04-19:31:49.334] Saving prefetcher data...
[2015/10/04-19:31:49.506] Saved prefetcher data from C:\WINDOWS\prefetch\layout.ini in cab archive
[2015/10/04-19:31:53.464] Saved prefetcher data from C:\WINDOWS\prefetch\ReadyBoot\*.* in cab archive.
[2015/10/04-19:31:53.495] Saved prefetcher data from C:\WINDOWS\prefetch\AgCx*.db in cab archive.
[2015/10/04-19:31:53.620] Saved prefetcher data from C:\WINDOWS\system32\boot_BASE+CSWITCH_1.ppf.newPlan in cab archive
[2015/10/04-19:31:53.636] Unregistering auto-run...
[2015/10/04-19:31:53.636] Completed auto-run change.
 
 
Should I give it another shot? It seems to be a bit better running but that could be wishful thinking on my part. I'll keep an eye on it.


  • 0

#12
Essexboy
Posted 05 October 2015 - 08:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you can disable startup items in 10 by right clicking the task bar and running task manager

Select startup tab and disable what you do not want

Capture.JPG

If xboot ran properly you should have these 6 files in windows\system32

Capture1.JPG

If not then it would not harm to run it again

Finally for the phoning home network stuff look here :) http://www.oo-software.com/en/shutup10
  • 0

#13
stormrider22
Posted 06 October 2015 - 08:08 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks Essex! Unfortunately, I think I'm back to square one. I swear gremlins come in and mess with this thing when I'm not looking. I had just about everything set up the way I wanted it and was getting ready to follow your latest post's suggestions when I suddenly couldn't get on the internet. Everyone else is fine but my IP was configured wrong according to the troubleshooter. I ran an ipconfig and it was definitely a strange one for IPv4. I tried flushing the DNS and renewing the IP addy but it didn't work. I have been manually creating system restore points when I get my downloaded software (like Adobe stuff which is a PITA) where I wanted it. So I did a system restore and can at least get on the internet now but I ran another FARBAR to see what was going on. I think there's something hinkie in the Additional report. If you're not sick of me yet, I'm posting the reports and highlighting what I think is a problem. I installed my Cryptoprevent so there are a ton of group policy restrictions so I understand that, but there are a couple of hidden files on the second report that caught my attention. I put those in red text. What do you think? If there's nothing to worry about, I promise that I'll stop bugging you.  :prop:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by kathr (administrator) on KATHRYNLAPTOP (06-10-2015 20:47:14)
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Sysinternals - www.sysinternals.com) C:\Users\kathr\Desktop\autoruns.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [832016 2015-10-04] (Webroot)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\HitmanPro.Alert <====== ATTENTION
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [10485248 2015-09-29] (SecureMix LLC)
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-10-04] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-10-04] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-10-04] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-10-04] (Webroot)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-10-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-10-04]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-10-04]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-10-05]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19d2050b-3eb4-4079-8edf-fcea30acdb4b}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-10-03] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-10-04] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-10-04] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-10-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-10-03] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-10-04] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-10-04] (Webroot)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-10-03] (LastPass)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-10-04] (Webroot)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-10-03] (LastPass)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-10-04] (Webroot)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-03] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-06] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-10-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://kathrynloch.deviantart.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR NewTab: Default -> "chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-10-05]
CHR Extension: (Theme Creator) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-10-05]
CHR Extension: (Google Docs) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Assassin's Creed 4 Black Flag [FVD]) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpadpijpfghpinpafnpjlipafpahkahk [2015-10-05]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-10-05]
CHR Extension: (Google Search) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-10-05]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-10-05]
CHR Extension: (Gmail Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-05]
CHR Extension: (App for Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkanjjdncmgmmmeceedfmncfejmbjef [2015-10-05]
CHR Extension: (Readium) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Save to Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-10-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-05]
CHR Extension: (Dropbox) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-10-05]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2015-10-05]
CHR Extension: (Booktrack Studio) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog [2015-10-05]
CHR Extension: (Webroot Filtering Extension) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-10-05]
CHR Extension: (Hangouts) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-02]
CHR Extension: (Blogger) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-10-05]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-10-05]
CHR Extension: (Google Maps) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-05]
CHR Extension: (Mint) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2015-10-05]
CHR Extension: (Google Play Books) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-10-05]
CHR Extension: (OneDrive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-10-05]
CHR Extension: (Webroot Password Manager) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-10-05]
CHR Extension: (KDSPY) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocoibgfbhcplhnfdjldohepoeboiloo [2015-10-05]
CHR Extension: (Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-10-05]
CHR Extension: (Gmail) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-10-04]
 
Opera: 
=======
OPR Extension: (manzel) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ccigdaajfpngfcglknmfnbhjbbeoogbc [2015-10-03]
OPR Extension: (JacKDuRdEn) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ggjlfplepecnbnlkjphikdkapeepipbm [2015-10-03]
OPR Extension: (jdavid214) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2015-10-03]
OPR Extension: (LastPass) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2015-10-02]
OPR Extension: (shwetankdixit) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipbblipgmilipflgplphffjhipcmidlb [2015-10-03]
OPR Extension: (Opera Software ASA) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\kkgebkpedfmelmhohaphicmmoahkplgp [2015-10-03]
OPR Extension: (Laurynas Sukys) - C:\Users\kathr\AppData\Roaming\Opera Software\Opera Stable\Extensions\nmlaffhbgpimkimckkcpbjpbkobahaec [2015-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2842808 2015-09-26] (Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8825344 2015-09-29] (SecureMix LLC)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4079264 2015-10-04] (SurfRight B.V.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [832016 2015-10-04] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows ® Win 7 DDK provider)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-10-06] ()
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [198216 2015-10-04] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [69448 2015-10-04] (SurfRight B.V.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-01] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-10-04] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [43600 2015-10-04] (Webroot)
S4 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:45 - 2015-10-06 20:45 - 00000000 ___HD C:\OneDriveTemp
2015-10-06 20:44 - 2015-10-06 20:44 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathr_HistoryPrediction.bin
2015-10-06 19:12 - 2015-10-06 19:12 - 00031964 _____ C:\Users\kathr\Desktop\Addition.txt
2015-10-06 19:11 - 2015-10-06 20:49 - 00049159 _____ C:\Users\kathr\Desktop\FRST.txt
2015-10-06 18:53 - 2015-10-06 18:41 - 36438016 _____ C:\WINDOWS\system32\config\components.old
2015-10-06 18:53 - 2015-10-06 13:54 - 05242880 _____ C:\WINDOWS\system32\config\drivers.old
2015-10-06 17:57 - 2015-10-06 17:57 - 00916254 _____ C:\Users\kathr\Desktop\WSA_SA_Report-Tue_2015-10-06_17-57-37.bmp
2015-10-06 17:57 - 2015-10-06 17:57 - 00000079 _____ C:\Users\kathr\Desktop\WSA_SA_Report-Tue_2015-10-06_17-57-37.html
2015-10-06 16:23 - 2015-10-06 16:23 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\post.scriv
2015-10-06 14:14 - 2015-10-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-10-06 14:12 - 2015-10-06 14:12 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-06 13:49 - 2015-10-06 13:49 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-10-06 13:49 - 2015-10-06 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-10-06 13:46 - 2015-10-06 13:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-06 13:46 - 2015-10-06 13:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-06 13:43 - 2015-10-06 13:43 - 00003626 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr
2015-10-06 11:27 - 2015-10-06 11:32 - 00830266 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-05 16:55 - 2015-10-05 16:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-05 12:47 - 2015-10-05 12:47 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KATHRYNLAPTOP-Windows-10-Pro-(64-bit).dat
2015-10-05 12:47 - 2015-10-05 12:47 - 00000000 ____D C:\RegBackup
2015-10-05 11:56 - 2015-10-06 12:07 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-05 09:09 - 2015-10-05 09:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 08:58 - 2015-10-05 09:50 - 00000000 ____D C:\ProgramData\InstallMate
2015-10-05 08:58 - 2015-10-05 09:00 - 00000000 ____D C:\Users\kathr\AppData\Roaming\WinPatrol
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-10-05 05:15 - 2015-10-05 05:15 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Adobe
2015-10-05 05:13 - 2015-10-05 05:13 - 00003668 _____ C:\WINDOWS\System32\Tasks\[email protected]
2015-10-05 04:24 - 2015-10-05 04:24 - 00001213 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\Users\kathr\AppData\Local\AntiLogger Free
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2015-10-05 04:24 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2015-10-05 03:37 - 2015-10-05 03:37 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2015-10-05 03:37 - 2015-10-05 03:37 - 00000000 ____D C:\Users\kathr\Desktop\ProcessExplorer
2015-10-05 01:38 - 2015-10-05 01:38 - 00001713 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-10-05 01:38 - 2015-10-05 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-10-05 01:36 - 2015-10-05 01:37 - 74520472 _____ (Logitech, Inc.) C:\Users\kathr\Downloads\lws280.exe
2015-10-05 01:26 - 2015-10-05 01:27 - 01488360 _____ C:\Users\kathr\OneDrive\Documents\KATHRYNLAPTOP.arn
2015-10-05 00:34 - 2015-10-06 14:13 - 27312128 _____ C:\Users\kathr\Desktop\FastPictureViewerCodecPackTRIAL.msi
2015-10-05 00:33 - 2015-10-05 00:33 - 00000000 ____D C:\Users\kathr\AppData\Local\FastPictureViewer
2015-10-05 00:19 - 2015-10-05 00:19 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2015-10-05 00:19 - 2015-10-05 00:19 - 00000000 ____D C:\Program Files (x86)\My Company Name
2015-10-05 00:19 - 2012-06-22 03:01 - 00056336 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2015-10-05 00:19 - 2012-04-24 03:01 - 00011376 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2015-10-05 00:19 - 2012-04-24 03:01 - 00010864 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2015-10-05 00:15 - 2015-10-05 00:15 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-05 00:13 - 2015-10-05 00:13 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-10-05 00:13 - 2015-10-05 00:13 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-10-05 00:13 - 2015-10-05 00:13 - 00002091 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-10-05 00:03 - 2015-10-05 00:03 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-10-04 23:48 - 2015-10-05 05:14 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Adobe
2015-10-04 23:48 - 2015-10-05 05:13 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-04 23:48 - 2015-10-04 23:48 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-10-04 23:44 - 2015-10-05 00:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-04 23:44 - 2015-10-05 00:19 - 00000000 ____D C:\Program Files\Adobe
2015-10-04 23:36 - 2015-10-05 05:17 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-04 23:36 - 2015-10-05 00:23 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files
2015-10-04 23:34 - 2015-10-04 23:34 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-04 23:34 - 2015-10-04 23:34 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-04 23:29 - 2015-10-06 13:44 - 00000000 ____D C:\Users\kathr\AppData\Local\Adobe
2015-10-04 23:21 - 2015-10-04 23:21 - 00781312 _____ C:\Users\kathr\Desktop\delfix_1.010.exe
2015-10-04 23:18 - 2015-10-05 01:10 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\kathr\Desktop\autoruns.exe
2015-10-04 23:03 - 2015-10-06 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-10-04 23:03 - 2015-10-05 16:55 - 00000000 ____D C:\Users\kathr\AppData\Local\lptmp1408514441
2015-10-04 23:03 - 2015-10-04 23:03 - 00043600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-10-04 23:02 - 2015-10-06 20:41 - 00000000 ____D C:\Program Files\Webroot
2015-10-04 23:02 - 2015-10-06 13:24 - 00000000 ____D C:\ProgramData\WRData
2015-10-04 23:02 - 2015-10-04 23:02 - 00167664 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-10-04 23:02 - 2015-10-04 23:02 - 00116224 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-10-04 23:02 - 2015-10-04 23:02 - 00105376 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-10-04 22:43 - 2015-10-04 22:43 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-10-04 22:43 - 2015-10-04 22:43 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-10-04 22:36 - 2015-10-05 05:15 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Adobe
2015-10-04 22:16 - 2015-10-04 22:16 - 00001325 _____ C:\Users\Public\Desktop\dMaintenance Home Edition.lnk
2015-10-04 21:06 - 2015-10-04 21:06 - 00828752 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2015-10-04 21:06 - 2015-10-04 21:06 - 00766288 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-10-04 21:06 - 2015-10-04 21:06 - 00198216 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-10-04 21:06 - 2015-10-04 21:06 - 00069448 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2015-10-04 21:06 - 2015-10-04 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-10-04 21:06 - 2015-10-04 21:06 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-10-04 21:05 - 2015-10-04 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-10-04 21:05 - 2015-10-04 21:05 - 00004210 _____ C:\WINDOWS\System32\Tasks\CryptoPrevent Update
2015-10-04 21:05 - 2015-10-04 21:05 - 00001289 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-10-04 20:10 - 2015-10-06 20:43 - 00021012 __RSH C:\ProgramData\ntuser.pol
2015-10-04 19:58 - 2015-10-04 19:58 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-10-04 19:34 - 2015-10-04 19:36 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\WPA Files
2015-10-04 19:34 - 2015-10-04 19:34 - 00000000 ____D C:\SymCache
2015-10-04 19:31 - 2015-10-04 19:31 - 163577856 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl
2015-10-04 19:31 - 2015-10-04 19:31 - 07345250 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.cab
2015-10-04 18:51 - 2015-10-04 18:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-04 14:37 - 2015-10-04 14:37 - 191889408 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl
2015-10-04 14:37 - 2015-10-04 14:37 - 04993712 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.cab
2015-10-04 14:31 - 2015-10-04 14:31 - 220200960 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl
2015-10-04 14:31 - 2015-10-04 14:31 - 03730738 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.cab
2015-10-04 14:20 - 2015-10-04 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-10-04 14:20 - 2015-10-04 14:20 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-10-04 00:23 - 2015-10-06 20:48 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-10-04 00:23 - 2015-10-06 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-04 00:16 - 2015-10-06 20:43 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-10-04 00:05 - 2015-10-04 00:05 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Blacksmith3D
2015-10-03 23:06 - 2015-10-03 23:06 - 00002826 _____ C:\Users\kathr\Desktop\AHB_magnaheart_dress_02 - Shortcut.lnk
2015-10-03 21:35 - 2015-10-03 21:35 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Security
2015-10-03 21:00 - 2015-10-03 21:00 - 00058675 _____ C:\Users\kathr\OneDrive\Documents\registryleaks.txt
2015-10-03 20:43 - 2015-10-03 20:43 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\DAZ 3D
2015-10-03 20:30 - 2015-10-03 20:30 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2015-10-03 20:26 - 2015-10-04 22:16 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-10-03 20:26 - 2015-10-04 21:05 - 00000000 ____D C:\ProgramData\Foolish IT
2015-10-03 20:26 - 2015-10-04 12:51 - 00007641 _____ C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
2015-10-03 18:45 - 2015-10-04 18:28 - 00000000 ____D C:\AdwCleaner
2015-10-03 18:34 - 2015-10-03 18:34 - 00000000 ____D C:\WINDOWS\SMSS-PFRO20f5.tmp
2015-10-03 17:45 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-03 17:10 - 2015-10-06 20:49 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AB9CB54-4CE0-4F7C-A83A-83EBCF8FAC11}
2015-10-03 16:18 - 2015-10-03 16:18 - 00001974 _____ C:\Users\kathr\Desktop\GlassWire.lnk
2015-10-03 16:18 - 2015-10-03 16:18 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-10-03 16:18 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2015-10-03 16:18 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2015-10-03 15:40 - 2015-10-06 18:26 - 02077898 _____ C:\WINDOWS\PFRO.log
2015-10-03 15:38 - 2015-10-03 15:38 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-03 15:38 - 2015-10-03 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 15:37 - 2015-10-06 20:45 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 15:37 - 2015-10-06 13:43 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 15:37 - 2015-10-03 15:37 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 15:37 - 2015-10-03 15:37 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-03 15:32 - 2015-10-03 15:32 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-10-03 15:18 - 2015-10-04 13:58 - 02193920 _____ (Farbar) C:\Users\kathr\Desktop\FRST64.exe
2015-10-03 15:10 - 2015-10-03 15:10 - 00001704 _____ C:\Users\Public\Desktop\Scrivener.lnk
2015-10-03 15:10 - 2015-10-03 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-10-03 14:48 - 2015-10-03 14:49 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-10-03 14:48 - 2015-10-03 14:48 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-03 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:47 - 2015-10-03 15:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-03 14:47 - 2015-10-03 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-10-03 14:39 - 2015-10-03 14:41 - 00001176 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit).lnk
2015-10-03 14:38 - 2015-10-03 14:39 - 00000000 ____D C:\Program Files\DAZ 3D
2015-10-03 14:38 - 2015-10-03 14:38 - 00000969 _____ C:\Users\kathr\Desktop\Carrara 8.5 Pro (64-bit).lnk
2015-10-03 09:32 - 2015-10-03 09:31 - 00117242 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151003-093132.zip
2015-10-02 21:36 - 2015-10-02 21:49 - 00000000 ____D C:\Users\kathr\AppData\Roaming\NVIDIA
2015-10-02 21:35 - 2015-10-02 21:35 - 00000000 ____D C:\Users\kathr\AppData\Local\CEF
2015-10-02 18:55 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-02 18:49 - 2015-10-02 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Scrivener
2015-10-02 18:35 - 2015-10-05 04:33 - 00000000 ____D C:\ProgramData\Adobe
2015-10-02 18:35 - 2015-10-04 14:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 18:34 - 2015-10-04 23:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 18:31 - 2015-10-03 15:10 - 00000000 ____D C:\Program Files (x86)\Scrivener
2015-10-02 18:29 - 2015-10-02 18:29 - 00000000 ____D C:\ProgramData\DAZ 3D
2015-10-02 18:00 - 2015-10-02 18:00 - 00000000 ____D C:\Users\kathr\AppData\Local\Logitech® Webcam Software
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Leadertech
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\ProgramData\LogiShrd
2015-10-02 17:57 - 2015-10-05 01:39 - 00007775 _____ C:\WINDOWS\LDPINST.LOG
2015-10-02 17:57 - 2015-10-05 01:39 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-10-02 17:49 - 2015-10-06 20:46 - 00017415 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-02 17:49 - 2015-10-05 01:32 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-02 17:43 - 2015-10-02 17:43 - 00000000 ____D C:\Users\kathr\Desktop\Heart's Ransom cover
2015-10-02 17:40 - 2015-10-06 13:42 - 00000000 ____D C:\Program Files\FastPictureViewer
2015-10-02 17:40 - 2015-10-02 17:40 - 00000000 ____D C:\ProgramData\FastPictureViewer
2015-10-02 17:38 - 2015-10-03 17:20 - 00000000 ____D C:\Users\kathr\Desktop\3d n Art
2015-10-02 17:37 - 2015-10-06 20:46 - 00000000 ____D C:\Users\kathr\Desktop\computer
2015-10-02 16:06 - 2015-10-02 16:06 - 00000000 ____D C:\Users\kathr\AppData\Local\PeerDistRepub
2015-10-02 16:02 - 2015-10-03 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\Program Files\Reason
2015-10-02 15:50 - 2015-10-03 16:18 - 00000000 ____D C:\Program Files (x86)\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Local\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\ProgramData\GlassWire
2015-10-02 15:37 - 2015-10-03 17:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-02 15:29 - 2015-10-03 17:19 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 15:13 - 2015-10-02 15:13 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Macromedia
2015-10-02 14:47 - 2015-10-02 14:47 - 00000000 ___HD C:\VTRoot
2015-10-02 12:48 - 2015-10-04 23:32 - 00000000 ____D C:\Windows.old
2015-10-02 12:48 - 2015-10-02 10:02 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-02 12:45 - 2015-10-02 12:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-02 12:44 - 2015-10-02 12:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-02 12:43 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Setup
2015-10-02 12:41 - 2015-10-02 12:41 - 00000000 ____D C:\WINDOWS\OCR
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-02 12:38 - 2015-10-01 02:57 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38 - 2015-10-01 02:57 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 12:37 - 2015-10-06 20:37 - 00001683 _____ C:\WINDOWS\DtcInstall.log
2015-10-02 12:36 - 2015-10-06 20:45 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 12:36 - 2015-10-06 20:39 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 12:36 - 2015-10-06 20:26 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 12:36 - 2015-10-06 13:46 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-02 12:36 - 2015-10-04 23:13 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-02 12:36 - 2015-10-04 18:51 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 12:36 - 2015-10-04 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 12:36 - 2015-10-03 20:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-02 12:36 - 2015-10-03 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-02 12:36 - 2015-10-03 17:18 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-02 12:36 - 2015-10-02 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\tracing
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\System
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SKB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\security
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Resources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\PLA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Performance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Branding
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\addins
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Comms
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-02 12:36 - 2015-10-02 12:34 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-02 12:36 - 2015-10-02 12:34 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-02 12:36 - 2015-10-02 12:34 - 00000219 _____ C:\WINDOWS\system.ini
2015-10-02 12:36 - 2015-10-02 12:34 - 00000092 _____ C:\WINDOWS\win.ini
2015-10-02 12:36 - 2015-10-02 11:06 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-02 12:36 - 2015-10-02 09:59 - 00000000 ____D C:\WINDOWS\CSC
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-02 12:36 - 2015-10-02 09:54 - 00000000 ____D C:\WINDOWS\Help
2015-10-02 12:36 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-02 12:28 - 2015-10-06 13:23 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 12:25 - 2015-10-03 14:47 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-10-02 12:24 - 2015-10-06 13:25 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 12:24 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\servicing
2015-10-02 12:24 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-02 12:24 - 2015-10-02 10:02 - 00000000 __RHD C:\Users\Default
2015-10-02 12:24 - 2015-10-02 09:53 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-02 12:24 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-02 12:23 - 2015-10-04 15:07 - 00000000 ___HD C:\$SysReset
2015-10-02 11:09 - 2015-10-02 11:09 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-02 11:01 - 2015-10-02 11:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-02 11:01 - 2015-10-02 11:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-02 10:53 - 2015-10-03 20:47 - 00000000 ____D C:\Users\kathr\AppData\Roaming\DAZ 3D
2015-10-02 10:52 - 2015-10-03 14:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-10-02 10:52 - 2015-10-02 10:52 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\vlc
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-02 10:48 - 2015-10-02 10:48 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-02 10:38 - 2015-07-05 05:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-02 10:34 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 10:34 - 2015-10-02 10:34 - 00003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1443800042
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\Users\Public\Desktop\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Opera Software
2015-10-02 10:34 - 2015-10-02 10:34 - 00000000 ____D C:\Users\kathr\AppData\Local\Opera Software
2015-10-02 10:33 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Google
2015-10-02 10:33 - 2015-10-02 10:34 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 10:25 - 2015-10-03 17:49 - 02544872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-10-02 10:21 - 2015-10-02 10:32 - 00000000 ____D C:\Users\kathr\AppData\Local\MicrosoftEdge
2015-10-02 10:16 - 2015-10-03 15:43 - 00002338 _____ C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-02 10:08 - 2015-10-02 10:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 10:07 - 2015-10-03 15:39 - 00000000 ____D C:\Users\kathr\AppData\Local\Comms
2015-10-02 10:06 - 2015-10-03 14:52 - 00000000 ____D C:\Users\kathr\AppData\Local\Packages
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\VirtualStore
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\TileDataLayer
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\Publishers
2015-10-02 10:05 - 2015-10-06 20:47 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 10:05 - 2015-10-02 10:05 - 00000020 ___SH C:\Users\kathr\ntuser.ini
2015-10-02 10:02 - 2015-10-02 10:02 - 00000000 __SHD C:\Recovery
2015-10-02 10:00 - 2015-10-06 20:44 - 00000000 ____D C:\Users\kathr
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 __RSD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 09:54 - 2015-10-06 20:43 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-02 09:54 - 2015-10-02 09:54 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 09:54 - 2015-07-13 12:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-02 09:54 - 2015-07-13 12:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-02 09:54 - 2015-07-13 11:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-02 09:53 - 2015-10-02 09:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-02 09:53 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOShared
2015-10-02 09:53 - 2015-07-10 00:37 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-02 09:51 - 2015-10-05 16:55 - 00006631 _____ C:\WINDOWS\setupact.log
2015-10-02 09:51 - 2015-10-02 09:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-02 09:50 - 2015-10-06 20:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 09:49 - 2015-10-06 20:42 - 00335168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-02 02:37 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\Presets-2015-09-09
2015-10-02 01:34 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\unzipped
2015-10-01 13:43 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\21966-01_ContentCatalogerEasy
2015-10-01 13:32 - 2015-10-01 13:32 - 00000776 _____ C:\Users\kathr\Desktop\Hexagon 2.lnk
2015-10-01 12:35 - 2015-10-05 00:26 - 00000000 ____D C:\Users\kathr\Desktop\renderosity
2015-10-01 08:35 - 2015-10-04 14:01 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Temp
2015-10-01 02:57 - 2015-10-01 02:57 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 02:20 - 2015-10-02 21:56 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\_1 Writing
2015-10-01 02:20 - 2015-10-01 10:14 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Keep
2015-10-01 02:20 - 2015-10-01 03:13 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Scriverner
2015-10-01 02:11 - 2015-10-05 00:01 - 00002126 _____ C:\Users\kathr\Desktop\DAZ Install Manager.lnk
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\d956d726f5b732d32501
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\c9112f9ef026831bf709
2015-10-01 01:46 - 2015-10-04 23:36 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (2)
2015-10-01 01:46 - 2015-10-03 17:20 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (1)
2015-10-01 01:14 - 2015-10-03 14:48 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-10-01 01:06 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\LastPass
2015-10-01 00:39 - 2015-10-04 23:03 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\webroot
2015-10-01 00:20 - 2015-10-06 20:45 - 00000000 ____D C:\Users\kathr\OneDrive
2015-10-01 00:17 - 2015-10-01 00:17 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-10-01 00:15 - 2015-10-01 00:15 - 00447576 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 42730128 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 30518928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 22972560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 18514616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16159608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 16009800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 15892904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 14510584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 13274560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 12972336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11842680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 11139216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 03344672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02955832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02360976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 02163856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01061192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01052488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00983368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00976528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00452240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00384464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00374416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00340624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00314936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00031976 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-30 23:26 - 2015-09-30 23:26 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00019976 _____ (ASUS) C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys
2015-09-30 23:01 - 2015-09-30 23:01 - 00000000 ___HD C:\$Windows.~WS
2015-09-30 21:54 - 2015-09-30 23:13 - 00000000 ____D C:\ESD
2015-09-30 21:45 - 2015-10-06 20:47 - 00000000 ____D C:\FRST
2015-09-30 21:24 - 2015-09-30 22:08 - 00000000 ____D C:\SUPERDelete
2015-09-10 00:08 - 2015-09-10 00:08 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-09-10 00:08 - 2015-09-10 00:08 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-10 00:08 - 2015-09-10 00:08 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 00:20 - 2015-07-09 22:36 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:36 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2015-09-10 00:20 - 2015-07-09 22:34 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2015-09-10 00:20 - 2015-07-09 22:32 - 02533888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysis.dll
2015-09-10 00:20 - 2015-07-09 22:31 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:29 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:28 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2015-09-10 00:20 - 2015-07-09 22:27 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2015-09-10 00:20 - 2015-07-09 22:26 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SNTSearch.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00274224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2015-09-10 00:20 - 2015-07-09 22:25 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2015-09-10 00:20 - 2015-07-09 22:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-09-10 00:20 - 2015-07-09 22:24 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2015-09-10 00:20 - 2015-07-09 22:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2015-09-10 00:20 - 2015-07-09 22:24 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2015-09-10 00:20 - 2015-07-09 22:23 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2015-09-10 00:20 - 2015-07-09 22:23 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2015-09-10 00:20 - 2015-07-09 22:22 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2015-09-10 00:20 - 2015-07-09 22:22 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2015-09-10 00:20 - 2015-07-09 22:21 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2015-09-10 00:20 - 2015-07-09 22:21 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2015-09-10 00:20 - 2015-07-09 22:20 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2015-09-10 00:20 - 2015-07-09 22:19 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2015-09-10 00:20 - 2015-07-09 22:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2015-09-10 00:20 - 2015-07-09 22:18 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2015-09-10 00:20 - 2015-07-09 22:17 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2015-09-10 00:20 - 2015-07-09 22:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2015-09-10 00:20 - 2015-07-09 22:15 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2015-09-10 00:20 - 2015-07-09 22:15 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2015-09-10 00:20 - 2015-07-09 22:14 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2015-09-10 00:20 - 2015-07-09 22:13 - 00029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-09-10 00:20 - 2015-07-09 22:06 - 00147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2015-09-10 00:20 - 2015-07-09 22:06 - 00043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2015-09-10 00:20 - 2015-07-09 21:33 - 00147439 _____ C:\WINDOWS\system32\gpedit.msc
2015-09-10 00:20 - 2015-07-09 21:33 - 00043566 _____ C:\WINDOWS\system32\rsop.msc
2015-09-10 00:20 - 2015-07-09 21:30 - 00120458 _____ C:\WINDOWS\system32\secpol.msc
2015-09-10 00:20 - 2015-07-09 21:19 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2015-09-10 00:19 - 2015-07-09 22:29 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2015-09-10 00:19 - 2015-07-09 22:27 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:26 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2015-09-10 00:19 - 2015-07-09 22:24 - 01977856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2015-09-10 00:19 - 2015-07-09 22:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2015-09-10 00:19 - 2015-07-09 22:24 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2015-09-10 00:19 - 2015-07-09 22:23 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2015-09-10 00:19 - 2015-07-09 22:23 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 03603968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysis.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2015-09-10 00:19 - 2015-07-09 22:22 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2015-09-10 00:19 - 2015-07-09 22:21 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2015-09-10 00:19 - 2015-07-09 22:18 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2015-09-10 00:19 - 2015-07-09 22:17 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2015-09-10 00:19 - 2015-07-09 22:16 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2015-09-10 00:19 - 2015-07-09 22:15 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DFDWiz.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00052576 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2015-09-10 00:19 - 2015-07-09 22:15 - 00041312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2015-09-10 00:19 - 2015-07-09 22:13 - 00147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2015-09-10 00:19 - 2015-07-09 21:28 - 00146389 _____ C:\WINDOWS\system32\printmanagement.msc
2015-09-10 00:08 - 2015-07-09 22:38 - 04847104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:36 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:28 - 06358016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2015-09-10 00:08 - 2015-07-09 22:25 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2015-09-10 00:08 - 2015-07-09 22:21 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
 
==================== Files in the root of some directories =======
 
2015-10-01 01:07 - 2015-10-03 14:48 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-01 00:39 - 2015-10-04 23:03 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-10-03 20:26 - 2015-10-04 12:51 - 0007641 _____ () C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\kathr\AppData\Local\Temp\HitmanPro_x64.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-04 23:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by kathr (2015-10-06 20:53:27)
Running from C:\Users\kathr\Desktop
Windows 10 Pro (X64) (2015-10-02 15:02:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4055827758-3256202687-3425098328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4055827758-3256202687-3425098328-503 - Limited - Disabled)
Guest (S-1-5-21-4055827758-3256202687-3425098328-501 - Limited - Disabled)
kathr (S-1-5-21-4055827758-3256202687-3425098328-1001 - Administrator - Enabled) => C:\Users\kathr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.07 beta (HKLM-x32\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
dMaintenance Home Edition v3.1.0 (HKLM-x32\...\{8198FCBE-715F-4C8A-B22B-DA73C6F2788F}_is1) (Version:  - Foolish IT LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.27 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 3.0.48.196 - SurfRight B.V.)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.4229.1029 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Opera Stable 32.0.1948.44 (HKLM-x32\...\Opera 32.0.1948.44) (Version: 32.0.1948.44 - Opera Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.4.7 - Webroot)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
04-10-2015 19:46:14 boot
04-10-2015 19:47:33 boot
04-10-2015 19:48:19 boot
04-10-2015 19:57:06 Removed GeekBuddy.
04-10-2015 20:00:52 Windows Modules Installer
06-10-2015 13:41:08 Removed FastPictureViewer Professional 1.9.348.0 (64-bit)
06-10-2015 14:14:10 Installed FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION
06-10-2015 14:22:31 Checkpoint by HitmanPro
06-10-2015 20:36:37 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-02 12:36 - 2015-10-02 12:34 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2EB45325-6A4E-469E-8808-4434449746EB} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {345A834E-F2F0-4B7B-980D-EF4BB31E6B62} - System32\Tasks\Opera scheduled Autoupdate 1443800042 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-17] (Opera Software)
Task: {3739F324-5D7D-40CD-88CC-8CEDDE1BC848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {48682BDB-FA20-45B7-9B97-0017104153B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-09-10] (Microsoft Corporation)
Task: {49E95CEC-95E3-4486-9830-48EBAB9A3CD0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {5241B496-4D8A-44A1-8FD2-199082B86A2F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {6564E134-DBC3-4BE8-B474-27A248CB1ECB} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {741E520D-9831-4AEE-B4AD-522C2D8236DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {93762A40-53C1-4C1F-8C81-2AAF952C0BAC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {984146FB-DD1B-41F6-9D98-8164EBCEFF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {B6339BC1-406C-4290-B10D-CA5F364B6A1D} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-04-10] (Foolish IT LLC)
Task: {F607940A-806B-43DD-A7AF-9E87BD05E9A3} - System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-02 09:54 - 2015-07-13 12:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02641760 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-10-06 13:46 - 2015-09-26 22:46 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-07-09 22:16 - 2015-07-09 23:39 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-09-29 05:20 - 2015-09-29 05:20 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-10-03 15:38 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-03 15:38 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kathr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\warrioraxethrowflame3.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{42D3308A-6596-4CA3-9798-106E0F254933}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{22C3E981-E1B0-4A08-A34E-E2CA06DD68BC}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{28C7B7A1-D0B2-4180-8715-68FBA7F2D2C6}] => (Block) c:\windows\explorer.exe
FirewallRules: [{5C369078-3008-434E-BC1B-428D84BEB318}] => (Block) c:\windows\explorer.exe
FirewallRules: [{14270E15-942D-47FE-A954-A3824212643F}] => (Block) c:\windows\helppane.exe
FirewallRules: [{7B383460-5FF9-4FD8-AD8D-0C56CAC83778}] => (Block) c:\windows\helppane.exe
FirewallRules: [{1187F0C8-BF30-490F-B8FB-842D0031352B}] => (Block) c:\program files (x86)\common files\adobe\oobe\pdapp\adobegcclient\customhook\gccustomhook.exe
FirewallRules: [{557E5185-3CE0-4866-808D-691DE2381331}] => (Block) c:\program files (x86)\common files\adobe\oobe\pdapp\adobegcclient\customhook\gccustomhook.exe
FirewallRules: [{89E8F136-C91D-48DE-A4D8-F2A34FB71124}] => (Block) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{9C41E5B6-5B2F-41AB-9B35-63D071633F4D}] => (Block) c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
FirewallRules: [{F6ABBDB2-0D0D-40B7-98F0-1C9C7439F866}] => (Block) c:\program files (x86)\common files\adobe\adobegcclient\agshelper.exe
FirewallRules: [{9C83FABE-FBD3-4E23-BEB5-59C56C1A230F}] => (Block) c:\program files (x86)\common files\adobe\adobegcclient\agshelper.exe
FirewallRules: [{F24B6632-6ADF-40DB-BC3E-E4AEB4729BAC}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{67D8BF88-A20D-4348-BAAD-AA8F4125A2A4}] => (Block) c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{6E505ADB-0F21-4C25-8527-9E2B813042E0}] => (Block) c:\program files\windows media player\wmplayer.exe
FirewallRules: [{E71B7458-8C40-4FB0-9F60-58BD5C8324C5}] => (Block) c:\program files\windows media player\wmplayer.exe
FirewallRules: [{C8E078C8-FA1C-4A71-AAA5-EA23FF22CAF4}] => (Block) c:\program files\windowsapps\microsoft.windows.photos_15.820.12440.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{F6480330-2F97-4712-8A0A-B5B8C743E63C}] => (Block) c:\program files\windowsapps\microsoft.windows.photos_15.820.12440.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
FirewallRules: [{4101007A-211B-466A-B807-484BE802A844}] => (Block) c:\windows\system32\compattelrunner.exe
FirewallRules: [{C0868A66-B569-4CD8-9038-C42652A0CAA0}] => (Block) c:\windows\system32\compattelrunner.exe
FirewallRules: [{21B15F85-3C64-4DDF-AEB5-1414C37C5956}] => (Block) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{F5B2ED19-F2AF-4912-9FCB-C1B8E8B5B93A}] => (Block) c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe
FirewallRules: [{96F88562-A37F-4A47-B219-4D1A715BB049}] => (Block) c:\users\kathr\appdata\local\temp\creative cloud uninstaller.exe
FirewallRules: [{AF0D3968-00BC-45FB-A54C-E406D0328E4B}] => (Block) c:\users\kathr\appdata\local\temp\creative cloud uninstaller.exe
FirewallRules: [{DF6AE4FD-72A0-40E5-9A85-E4009AF17135}] => (Block) c:\users\kathr\desktop\creative cloud uninstaller\creative cloud uninstaller.exe
FirewallRules: [{862AFAA2-2ECC-41F5-967B-1140250328AF}] => (Block) c:\users\kathr\desktop\creative cloud uninstaller\creative cloud uninstaller.exe
FirewallRules: [{8E65178A-9038-48A4-9D7F-38800F326B91}] => (Block) c:\windows\system32\rundll32.exe
FirewallRules: [{3CAE0D84-0E49-45E2-AE47-4E7121E5942F}] => (Block) c:\windows\system32\rundll32.exe
FirewallRules: [{919B517E-FD60-4EA6-810A-0640B5FD327E}] => (Block) c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{E7035919-8FF1-4624-88AD-097B0324B319}] => (Block) c:\program files\windows defender\mpcmdrun.exe
FirewallRules: [{2B62D964-7AE1-4822-9463-AEBDF97D7232}] => (Block) c:\users\kathr\desktop\frst64.exe
FirewallRules: [{199A8133-5011-4DB8-AA56-E3BDE3854E17}] => (Block) c:\users\kathr\desktop\frst64.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0B0DDEAA-BC82-48A3-80C7-43787E49A5CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2015 08:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsoSync.exe, version: 16.0.4229.1029, time stamp: 0x56067802
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000001
Faulting process id: 0x1ac4
Faulting application start time: 0xMsoSync.exe0
Faulting application path: MsoSync.exe1
Faulting module path: MsoSync.exe2
Report Id: MsoSync.exe3
Faulting package full name: MsoSync.exe4
Faulting package-relative application ID: MsoSync.exe5
 
Error: (10/06/2015 08:43:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1080) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00067.log.
 
Error: (10/06/2015 06:53:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16515, time stamp: 0x55fa5578
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55fa5354
Exception code: 0x80000003
Fault offset: 0x0000000000151a73
Faulting process id: 0x9b0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (10/06/2015 06:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16515, time stamp: 0x55fa5578
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55fa5354
Exception code: 0x80000003
Fault offset: 0x0000000000151a73
Faulting process id: 0x160
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (10/06/2015 06:53:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16515, time stamp: 0x55fa5578
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55fa5354
Exception code: 0x80000003
Fault offset: 0x0000000000151a73
Faulting process id: 0x490
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (10/06/2015 06:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16515, time stamp: 0x55fa5578
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55fa5354
Exception code: 0x80000003
Fault offset: 0x0000000000151a73
Faulting process id: 0x8
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (10/06/2015 06:33:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 06:33:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KATHRYNLAPTOP)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
 
Error: (10/06/2015 06:30:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 06:28:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16515, time stamp: 0x55fa5578
Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x55fa5354
Exception code: 0x80000003
Fault offset: 0x0000000000151a73
Faulting process id: 0xbc0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
 
System errors:
=============
Error: (10/06/2015 08:46:27 PM) (Source: DCOM) (EventID: 10010) (User: KATHRYNLAPTOP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}
 
Error: (10/06/2015 08:43:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (10/06/2015 08:43:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: 
%%1053
 
Error: (10/06/2015 08:43:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.
 
Error: (10/06/2015 08:37:41 PM) (Source: DCOM) (EventID: 10010) (User: KATHRYNLAPTOP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/06/2015 08:37:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/06/2015 08:37:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/06/2015 08:37:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/06/2015 08:37:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/06/2015 06:55:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
 
CodeIntegrity:
===================================
  Date: 2015-10-06 20:43:45.867
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-06 18:55:55.379
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-06 18:27:21.698
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-06 13:26:52.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-02 11:10:30.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-02 09:57:19.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-02 09:57:19.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 7%
Total physical RAM: 32685.47 MB
Available physical RAM: 30149.48 MB
Total Virtual: 37805.47 MB
Available Virtual: 35035.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.49 GB) (Free:463.5 GB) NTFS
Drive e: (Seagate) (Fixed) (Total:443.11 GB) (Free:416.44 GB) NTFS
Drive g: (Seagate BK) (Fixed) (Total:488.28 GB) (Free:390.35 GB) NTFS
Drive h: (450) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 748798B0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#14
stormrider22
Posted 06 October 2015 - 08:09 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Duplicate post sorry


Edited by stormrider22, 06 October 2015 - 08:13 PM.

  • 0

#15
stormrider22
Posted 06 October 2015 - 08:11 PM

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Duplicate post sorry


Edited by stormrider22, 06 October 2015 - 08:13 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP