Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

After wipe and reinstall still having problems Open Candy and possible


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you having problems with the start button and Cortana at windows start ?
 

couple of hidden files on the second report that caught my attention. I put those in red text. What do you think? If there's nothing to worry about, I promise that I'll stop bugging you. :prop:

I am here to be bugged :) there are two that I am unsure of so I will get those to reveal themselves
 
Also I will give you a full network reset and see if that helps

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

Advertisements


#17
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Thanks Essex!

 

Well, I see the errors in the event logs but when I open the task manager Cortana is there like bad weather and an uninvited guest - arrives sooner than expected and overstays her welcome. Anyway, my computer is really bogging down now but at least I was able to get on the internet this time. How long that will last, I don't know because I'd go to a static IP and could get on then it would change and there we go again. Those two programs are now visible as uninstallable in Programs and Features. I have no clue what they are. It's not like I'm miss daring do when it comes to the internet. For years I was an office manager so worn my share of the IT hats when needed, so I have a bit of a clue about security. On this one I wasn't thinking though and wasn't connected to the internet. I plug in do what I need to do and I'm out and unplugged. It's a habit now.

 

I'm thinking it might be something java related because my phone is freaking out too even though I have ESET and some other security. It's filling up the memory within seconds even though I'm not doing anything. I had an 32gb SD card in there but it wasn't writing to that, just filling up the phone memory so things started crashing. I regularly swap that SD card out. Since it wasn't writing to the card and since ESENT and Verizon said no virus or malware, I put the card in my laptop but it didn't open and didn't even acknowledge the removable drive. I removed it and said forget that. But it wasn't until 12 hours later that the laptop freaked out with the IP thing, so I'm not positive that the two are related. As you can see I've got my security pretty lined out with paid versions on the laptop (but any suggestions for improvement are appreciated). Webroot had received some fantastic reviews so I thought it would be great. But nothing ever jumped up and said anything. WinPatrol was the only thing that notified me of the startups trying to install themselves and I said no of course.

 

Anyway I can run the reset and anything else that failed through ipconfig, I'm pretty familiar with that command set and I had been flushing the DNS like a toilet. lol! Just let me know.

 

Here's the report. I haven't uninstalled those programs yet but would like to get rid of them ASAP if possible. ;)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by kathr (2015-10-07 17:45:50) Run:4
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathr (Available Profiles: kathr)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => value removed successfully
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 200.1 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:51:01 ====
 
Thanks again!
Cheers,
Stormy

  • 0

#18
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Please tell me I'm reading this wrong. I found this and I haven't moved anything or attempted to share anything.

 

& p u b l i c k e y =   p r i v a t e k e y e n c =     "“   ¸Š…         1   °‹… x           LastPassPrivateKey<     _lppri.lps      "“
   X…           ¨…             "“
   X…           @Ž…             "“   ÐŽ…         
   …             "“   …           „…             y u b i k e y   "“   …           h…             g o o g l e a u t h     "“   ì…           Ü‘…             o u t o f b a n d       "“   ¨’…           8“… °           s e c u r i t y q u e s t i o n         "“   Ì“…           d”… p           "“
     l o g i n . p h p       & o u t o f b a n d s u p p o r t e d = 1       &wrfrom=        & g r i d r e s p o n s e =     & m u l t i f a c t o r r e s p o n s e =       & s e s a m e o t p =   & o t p =       & f r o m =     & e n c r y p t e d _ u s e r n a m e =         & h p = 0       & h p = 1       & h a s h =     x m l = 2 & u s e r n a m e =   &version=       t r a v e l p o r t t r a y     t r a v e l p o r t     _ l p . x m l   l p W R N A M E D P I P E L O G I N _ A S O R E G I S T R Y     l p W R P L U G I N L O G I N _ A S O R E G I S T R Y   l p W R W E B S I T E L O G I N _ A S O R E G I S T R Y         "“R   ìÀ…         T   |Ã…          w i n b i o     C a n c e l             S w i p e   y o u r   f i n g e r   o n   t h e   f i n g e r p r i n t   s e n s o r   S w i p e   f i n g e r         v a l i d i t y         p l u g i n l o g i n   "“d   HÆ…         \   hÉ…          R e p r o m p t T i m e         "“   dÌ…           ”Ì… (           "“
   
   D o   y o u   w a n t   t o   c o n t i n u e ?         Y o u   a r e   m o v i n g   s i t e s   t o   a   s h a r e d   f o l d e r .   T h i s   w i l l   p o t e n t i a l l y   m a k e   t h e m   a v a i l a b l e   t o   o t h e r s . 
 
 A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   c o n t i n u e ?   "“A   ¬õ…         6   ´÷… `          _ l t . c a c   & u n =         & n =   & u =   h t t p : / / s n       "“   €ù…           Øù… H           . .     .   *   i e t m p \     "“   Hú…           û… `           & u s e g e t = 1 & j s o n p = _ _ j s o n p 1 _ _     ? m e s s a g e =       " , " v e r s i o n " : " 1 . 0 " , " s u p p o r t e d C o n n e c t i o n T y p e s " : [ " c a l l b a c k - p o l l i n g " ] , " i d " : " 1 " } ]         [ { " c h a n n e l " : "       / m e t a / h a n d s h a k e   A d v a n c e d         p o l l s e r v e r     "“C   Üû…         @   ôý… H          s h o w . p h p         a j a x = 1 & e x t j s = 1 & d e l e t e = 1 & a i d =     )     (             A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h i s   s i t e ?                 A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h i s   s e c u r e   n o t e ?   A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h i s   g e n e r a t e d   p a s s w o r d ?     A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h i s   b o o k m a r k ?         "“O   †         O   Œ† p          a d d a p p . p h p     x m l = 1 & c m d = d e l e t e & a p p a i d =                 A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h i s   a p p l i c a t i o n ?   A r e   y o u   s u r e   y o u   w o u l d   l i k e   t o   d e l e t e   t h e   s e l e c t e d   a p p l i c a t i o n s ?         "“   (†           ð† h           "“   Œ†           ̆             "“   H†    †   †             "“   Àvˆ           ø†             "“   0†           `†             "“   ˜†           à† 0           "“?   € †         E   x† ˜          h t t p : / / g r o u p         "“   ü
†   Ô
† 
 
 
 
Now this part really worries me:
 
 
h t t p : / / p r o d u c t s . w e b r o o t . c o m / d i s p 0 2 0 1 . p h p ? o c = 2 0 4 & p c = 6 4 1 5 0 & m j v = 8 & c o n t e x t = 8         F O R M G E T   F I L E P O S T         F O R M P O S T         * / *   H T T P / 1 . 1                 M o z i l l a / 4 . 0   ( c o m p a t i b l e ;   M S I E   7 . 0 ;   W i n 3 2 ;   L a s t P a s s )   "“   XŠ           xŠ 8           S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t   S e t t i n g s   U s e r   A g e n t     "“   èŠ   ÀŠ 
   (Š X           I n t e r n e t C l o s e H a n d l e   m _ o p e n     I n t e r n e t C l o s e H a n d l e   m _ c o n n e c t       I n t e r n e t C l o s e H a n d l e   m _ r e q u e s t       "“   ”Š           ôŠ x           L A S T P A S S   W I N I N E T   E R R O R     
 % s   
 G e t L a s t E r r o r =     E R R O R =     E R R O R = % s 
 % s   "“   lŠ           DŠ          I n t e r n e t C o n n e c t   /       I n t e r n e t C r a c k U r l         I n t e r n e t O p e n         I n t e r n e t C h e c k C o n n e c t i o n   I n t e r n e t A t t e m p t C o n n e c t     C o n n e c t   U n i n i t   f a i l e d       C o n n e c t   u r l   i s   i n v a l i d     "“   DŠ           ¤Š P           I n t e r n e t R e a d F i l e         R e s p o n s e   i n v a l i d   m _ r e q u e s t     R e s p o n s e   i n v a l i d   m _ c o n n e c t     R e s p o n s e   i n v a l i d   m _ o p e n   "“   <Š           ´Š h                   H t t p Q u e r y I n f o ( % u )   c o u l d   n o t   c o n v e r t   t o   l o n g   H t t p Q u e r y I n f o ( % u )       Q u e r y R e s u l t L o n g   i n v a l i d   m _ r e q u e s t       "“   0Š           pŠ P           Q u e r y R e s u l t S t r i n g   i n v a l i d   m _ r e q u e s t   "“   ¸Š           øŠ 0           G e t O p t i o n H a n d l e   i n v a l i d   m _ o p e n     G e t O p t i o n H a n d l e   i n v a l i d   m _ c o n n e c t               G e t O p t i o n H a n d l e   i n v a l i d   m _ r e q u e s t       G e t O p t i o n H a n d l e   i n v a l i d   t y p e                 I n t e r n e t Q u e r y O p t i o n ( )   o p t i o n = % d   "“   XŠ           €Š 0           G e t O p t i o n L o n g   i n v a l i d   o p t i o n         "“   XŠ           ¼Š 0           S e t O p t i o n L o n g   i n v a l i d   o p t i o n         I n t e r n e t S e t O p t i o n ( )   o p t i o n = % d       "“¦    Š         §   0"Š °                  Q u e r y R e s u l t L o n g ( H T T P _ Q U E R Y _ S T A T U S _ C O D E )   R e c e i v e d   s t a t u s c o d e = % d     P r o x y   A u t h e n t i c a t i o n   F a i l e d   S e r v e r   A u t h e n t i c a t i o n   F a i l e d                 H a n d l i n g   f o r   E R R O R _ H T T P _ R E D I R E C T _ N E E D S _ C O N F I R M A T I O N   n o t   i m p l e m e n t e d   h t t p s :     h t t p :               R e c e i v e d   H t t p S e n d R e q u e s t   l a s t e r r o r = % d   r e s e n d o n c e = % d   g e t = % d   s e t = % d       % s :   % s             m u l t i p a r t / f o r m - d a t a ;   b o u n d a r y = - - M U L T I - P A R T S - F O R M - D A T A - B O U N D A R Y     a p p l i c a t i o n / x - w w w - f o r m - u r l e n c o d e d       H t t p A d d R e q u e s t H e a d e r s       S e t - C o o k i e :   % s = % s 
 
   I n t e r n e t S e t C o o k i e       H t t p O p e n R e q u e s t   G E T   & u s e g e t =         % s = % s       h t t p : / /   R e q u e s t   m e t h o d   i s   i n v a l i d       R e q u e s t   m _ c o n n e c t   i s   i n v a l i d         R e q u e s t   m _ o p e n   i s   i n v a l i d       urlmon.dll      äÉêyùºÎŒ‚ ª K©"“   ˜'Š            'Š             "“   À'Š           ø'Š 0           ãÉêyùºÎŒ‚ ª K©"“   ˜'Š           <(Š             "“   Œ(Š   d(Š   ¤(Š             "“   Œ(Š   ô(Š   )Š             "“   \)Š           Ì)Š             €ò€€   l*O€   l*O€   l

  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is that from webroot (it appears to be) as it looks like stock responses to certain scenarios that may be encountered
 
Use this tool to totally uninstall webroot http://www.webroot.c...=6&omn=1&osl=en

Do you need Java ? As I have not had it on my system for the last 3 years with no problems
  • 0

#20
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

It's in a webroot file which also has a lot of lastpass files. That's why I got nervous those two shouldn't be hanging out together, people will start talking. ;)

 

This morn when I got up I was able to log onto the net just fine. But this afternoon when I logged on GlassWire reported my DNS settings changed in mid-stream going from an IPv4 to an IPvb6 address. I was able to get on to the internet but wasn't able to go anywhere. Plus I forgot to install the latest Nvidia driver but It keeps saying that it's not compatible for my system when it was working fine before. Triple checked the code and everything. Oh I also uninstalled the two programs that we made visible. Plus Hitman Alert wasn't able to run a scan.

 

So I recopied your fixlist and this time ran it again with the network up and running.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by kathryn (2015-10-08 14:56:15) Run:5
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathryn (Available Profiles: kathryn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Createrestorepoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:f4bc:a749:8ec5:844c
   Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%4
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%4
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:f4bc:a749:8ec5:844c
   Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%4
   IPv4 Address. . . . . . . . . . . : 192.168.1.5
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%4
                                       192.168.1.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
That looks more normal but if my DNS or IP keeps changing on a whim, I'll have to dig deeper. Fingers crossed, running okay thus far. At least I can navigate the internet now. Webroot is paid for, I supposed I could remove it and see if I can get my money back. Then I'll have to find another antivirus. I think I'm still inside the window for refund. 
 
I have been trying to drop java for a very, very long time. Unfortunately, my business is publishing and I'm constantly using createspace.com's and Amazon's various previewers (both online and offline). I can get around some of that but Createspace especially I can't and I have to have that stuff to publish. That program requires Java so I'm stuck.  :smashcomp:  If not for that I'd be waving goodbye to Java as we speak. I'm tempted to see if I can some how run it in a virtual or sandboxed environment.
 
Keep your fingers crossed that its all working now.  :spoton:

  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
IPV6 is the new protocol so there are some teething problems with it... I do not know if you have switched yet but last I heard the UK was going over next year

This is my ISP

Your DNS server (possibly run by your ISP) appears to have no access to the IPv6 Internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites


You can test yours here http://test-ipv6.com/
You look to be IPV6 enabled but it all depends on your ISP

There were problems with windows 10 and Nvidia drivers although I was under the impression that they had cured that

There are several free antivirus programmes if you wish to save a few bob :) But, for general use and not going to dodgy sites then defender will in most cases suffice
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#24
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay I'm back. Sorry about that but something went really wonky and I couldn't get online at all. Once I fixed that, I lost the keyboard and it didn't want to install the driver. I was using the onscreen for that. You'd think I'd be good to go after all that because I had my anti-virus and anti-malware the way I wanted it. I was running Webroot as I said before as my antivirus and boosted it with HitmanPro/Alert which uses HitmanPro to scan I have CryptoPrevent set up and was using it on the standard level. The higher protection levels prevent installation of regular software most of the time so I kept it on the set it and forget it level. I was running Glasswire in conjunction with Windows Firewall but I'm still not happy with my firewall settings and think that could be part of the problem. Last but not least I run WinPatrol so I can spot adverse changes hopefully before they get implemented and it's thanks to WinPatrol that the old laptop is still kicking. 

 

But I was still getting mystery problems. For example, HitmanPro Alert would run it's first scan and not find anything but after that it wouldn't run again. I found some suspicious registry entries so uninstalled it and am using the trial version of Trend Micro. I did a little research online and found out it's a good possibility that those suspicious entries came from Webroot and they got worse after I uninstalled. That's when everything went crazy and I couldn't get online and lost my keyboard drivers. After fixing that, I was doing a bit more research on some mystery files to make sure they weren't bad when Chrome suddenly stopped working. That was last night. I reinstalled but I couldn't get it to work no matter what. That's when I looked at my WinPatrol logs and didn't like what I saw. I ran Emsisoft's Emergency Kit which had helped me get back online last time and it found a Trojan. Oh I also have been running Herd Protect as a second opinion software and it found some suspicious stuff too. I saved a bunch of logs so let me see if I can post some to get everyone up to speed here.

 

I was also using FARBAR to help me fix stuff but it wouldn't complete the fix - it would run and fix some things then quit.

 

This is the WinPatrol Hijack log I ran on the 12th when I lost internet and then had to reinstall the keyboard driver.

WinPatrol [FREE Edition] installed, running WinPatrol v33.1.2015.0 - WinPatrol Explorer v33.1.2015.0
Scan saved at  7:30:56 AM, on 10/12/2015
Platform: Windows 8.1  
Windows x64 Version 6.3 Build 9600  2 
Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384
MSIE: Internet Explorer (11.00.10240.16384)
Boot mode: Normal
 
Running processes:
C:\PROGRAM FILES (X86)\HITMANPRO.ALE
C:\PROGRAM FILES\Webroot\WRSA.exe
C:\Users\kathr\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe
C:\PROGRAM FILES (X86)\GLASSWIRE\GLASSWIRE.EXE
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES (X86)\ZEMANA ANTILOGGER FREE\ANTILOGGER FREE.EXE
C:\PROGRAM FILES (X86)\Adobe\ACROBAT DC\Acrobat\acrotray.exe
C:\PROGRAM FILES (X86)\GLASSWIRE\GWIdlMon.exe
C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\OOBE\PDApp\IPC\ADOBEIPCBROKER.EXE
C:\PROGRAM FILES\Adobe\ADOBE INDESIGN CC 2015\RESOURCES\CEP\CEPHTMLENGINE\CEPHTMLENGINE.EXE
C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CCLIBRARY\CCLIBRARY.EXE
C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CCLIBRARY\libs\node.exe
C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ADS\ADOBE DESKTOP SERVICE.EXE
C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CoreSync\CoreSync.exe
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
O2 - BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
O2 - BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0]C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [OneDrive]C:\Users\kathr\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\Run: [GlassWire]C:\Program Files (x86)\GlassWire\GlassWire.exe -hide
O4 - HKCU\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
O4 - HKU\..\Run: [WRSVC]C:\Program Files\Webroot\WRSA.exe -ul
O4 - HKU\..\Run: [ZALFree]C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe /MINIMIZED
O4 - HKU\..\Run: [FPVCodecPackTrialInfo]C:\Windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe
O4 - HKU\..\Run: [WD Quick View]C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKU\..\Run: [Acrobat Assistant 8.0]C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk=C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install Webroot FF RunOnce.lnk=C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk=C:\Program Files (x86)\Common Files\wruninstall.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\kathr\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\kathr\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O11 - Options group: [Se&nd to OneNote] Se&nd to OneNote - {47833539-D0C5-4125-9FA8-0819E2EAAC93}
O11 - Options group: [Se&nd to OneNote] Se&nd to OneNote - {47833539-D0C5-4125-9FA8-0819E2EAAC93}
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\PROGRAM FILES (X86)\Bonjour\MDNSRESPONDER.EXE
O23 - Service: GlassWire Control Service - SecureMix LLC - C:\PROGRAM FILES (X86)\GLASSWIRE\GWCtlSrv.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: HitmanPro Scheduler - SurfRight B.V. - C:\PROGRAM FILES\HITMANPRO\hmpsched.exe
O23 - Service: HitmanPro.Alert service -  - C:\PROGRAM FILES (X86)\HITMANPRO.ALE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\NVVSVC.EXE
O23 - Service: NVIDIA Stereoscopic 3D Driver Service - NVIDIA Corporation - C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\3D VISION\NVSCPAPISVR.EXE
O23 - Service: WD Drive Manager - Western Digital Technologies, Inc. - C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD DRIVE MANAGER\WDDRIVESERVICE.EXE
O23 - Service: WRSVC - Webroot - C:\PROGRAM FILES\Webroot\WRSA.exe
O23 - Service: Wacom Professional Service - Wacom Technology, Corp. - C:\PROGRAM FILES\Tablet\Wacom\WTABLETSERVICEPRO.EXE
 
---  Additional WinPatrol Info  ---
Default Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384
MSIE: Internet Explorer (11.00.10240.16384)
7 IE Cookies in Folder: C:\Users\kathr\AppData\Local\Microsoft\Windows\INetCookies\
 
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\SysWOW64\drivers\wVFueZUR.sys
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe
 
 
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
 
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never
WP31 - Scheduled Tasks: [CreateExplorerShellUnelevatedTask.job]C:\Windows\explorer.exe Never
 
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 11.00.10240.16384
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.110.10240.16384
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 11.00.10240.16384
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.10240.16384
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\PROGRAM FILES\MICROSOFT OFFICE\root\Office16\INTERCEPTOR.DLL 16.0.4229.1029
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 10.0.10240.16384
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 10.0.10240.16384
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\PROGRAM FILES\MICROSOFT OFFICE\root\VFS\System\FM20.DLL 16.0.4229.1029
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\Windows\System32\Macromed\Flash\Flash.ocx 19,0,0,185
 
WP32 - Hidden File: C:\BOOTNXT
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\swapfile.sys
WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_1UNNEjC84e2lnn4
WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_PlKMzTaXvpkXnQi
 
WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\WINDOWS\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u
WP33 - File Type .EML: [E-mail Message]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .JS: [JavaScript File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u
WP33 - File Type .SCR: [Screen saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /dde
 
Memory currently in use: 28%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,974,640 KB
 
 
--
End of file
 
Now here's the current WinPatrol Hijack Log
WinPatrol [FREE Edition] installed, running WinPatrol v33.1.2015.0 - WinPatrol Explorer v33.1.2015.0
Scan saved at  9:19:47 AM, on 10/17/2015
Platform: Windows 8.1  
Windows x64 Version 6.3 Build 9600  2 
Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384
MSIE: Internet Explorer (11.00.10240.16384)
Boot mode: Normal
 
Running processes:
C:\PROGRAM FILES (X86)\HITMANPRO.ALE
C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATKOSD2\ATKOSD2.exe
C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATK MEDIA\DMedia.exe
C:\PROGRAM FILES (X86)\GLASSWIRE\GWIdlMon.exe
C:\PROGRAM FILES\TREND MICRO\TMIDS\tower\PwmTower.exe
C:\PROGRAM FILES\TREND MICRO\AMSP\module\20013\CHROMEEXT\CHROMEEXTENSION\TMOPCHROMEMSGHOST32.EXE
C:\PROGRAM FILES\TREND MICRO\AMSP\module\20002\9.1.1035\9.1.1035\CHROME_EXTENSION2\host\CHROME_NATIVE_MSG_HOST.EXE
C:\PROGRAM FILES\TREND MICRO\Titanium\UIFRAMEWORK\Toolbar\CHROMEEXTENSION\NATIVEMESSAGEHOST\TOOLBARNATIVEMSGHOST.EXE
C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
O2 - BHO: Trend Micro Security Toolbar Helper - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll
O2 - BHO: Trend Micro Security Toolbar Helper - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll
O4 - HKLM\..\Run: [Trend Micro Client Framework]C:\Program Files\Trend Micro\UniClient\UiFrmwrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Platinum]C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe 1
O4 - HKCU\..\Run: [HijackThis startup scan]C:\Users\kathr\Downloads\HijackThis.exe /startupscan
O11 - Options group: []  - {CCAC5586-44D7-4c43-B64A-F042461A97D2}
O11 - Options group: []  - {CCAC5586-44D7-4c43-B64A-F042461A97D2}
O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE
O23 - Service: Trend Micro Solution Platform - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\AMSP\CORESERVICESHELL.EXE
O23 - Service: ASLDR Service - ASUSTek Computer Inc. - C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATK HOTKEY\AsLdrSrv.exe
O23 - Service: ATKGFNEX Service - ASUS - C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATKGFNEX\GFNEXSrv.exe
O23 - Service: GlassWire Control Service - SecureMix LLC - C:\PROGRAM FILES (X86)\GLASSWIRE\GWCtlSrv.exe
O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE
O23 - Service: HitmanPro.Alert service -  - C:\PROGRAM FILES (X86)\HITMANPRO.ALE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\NVVSVC.EXE
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\Titanium\plugin\Pt\PTSVCHOST.EXE
O23 - Service: Trend Micro Password Manager Central Control Service - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\TMIDS\PwmSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service - NVIDIA Corporation - C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\3D VISION\NVSCPAPISVR.EXE
O23 - Service: Wacom Professional Service - Wacom Technology, Corp. - C:\PROGRAM FILES\Tablet\Wacom\WTABLETSERVICEPRO.EXE
 
---  Additional WinPatrol Info  ---
Default Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384
MSIE: Internet Explorer (11.00.10240.16384)
9 IE Cookies in Folder: C:\Users\kathr\AppData\Local\Microsoft\Windows\INetCookies\
 
WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS2: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\SysWOW64\drivers\wVFueZUR.sys
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe
 
 
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://
 
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never
WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never
WP31 - Scheduled Tasks: [CreateExplorerShellUnelevatedTask.job]C:\Windows\explorer.exe Never
 
WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 11.00.10240.16384
WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.110.10240.16384
WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 11.00.10240.16384
WP16 - ActiveX: {F5A20523-62BB-4D8C-A180-B7E05953ACDC} [Trend Micro Security Toolbar ActiveX] C:\PROGRAM FILES\TREND MICRO\Titanium\plugin\TOOLBARIE64\PROTOOLBARIMRATINGACTIVEX.DLL 9.0
WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.10240.16384
WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\PROGRAM FILES\MICROSOFT OFFICE\root\Office16\INTERCEPTOR.DLL 16.0.4229.1029
WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 10.0.10240.16384
WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 10.0.10240.16384
WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\PROGRAM FILES\MICROSOFT OFFICE\root\VFS\System\FM20.DLL 16.0.4229.1029
WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\Windows\System32\Macromed\Flash\Flash.ocx 19,0,0,185
 
WP32 - Hidden File: C:\BOOTNXT
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\swapfile.sys
WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_2DwtPB22jcyJDMo
WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_zenBrPiZJt2FoS9
WP32 - Hidden File: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
WP32 - Hidden File: C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
 
WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [Windows Batch File]%1 %*
WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L
WP33 - File Type .CAT: [Security Catalog]C:\WINDOWS\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u
WP33 - File Type .EML: [E-mail Message]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml %1
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .JS: [JavaScript File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [CryptoPreventFilterMod.CryptoPreventEXEC *%]C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC *%1 %*
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u
WP33 - File Type .SCR: [CryptoPreventFilterMod.CryptoPreventEXEC %1 /]C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC %1 /S %*
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1
WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /dde
 
Memory currently in use: 8%
Physical Memory Free: 2,097,151 KB
Paging File Free: 4,194,303 KB
Virtual Memory Free: 1,964,368 KB
 
 
--
End of file
 
 
 
It's the script and other commands with the %1 %* stuff etc that have me concerned.
 
Another concern was after installing Trend Micro it didn't take long for me to see a new process running, "Client Session Agent" . I did some more research and this is the program that runs when you're a paid customer and you have problems with a virus. They use this to log in to help you fix it. I'm on the 30 Trial and never contacted support. But according to Glasswire it's live and actively making connections in Japan and all over the world. I know TM is based out of Japan but it shouldn't be connecting because I'm not a paid customer yet.
 
Anyway, after seeing WinPatrol's Hijack log (I couldn't get the regular log to run at all. I again used Emsisoft Emergency kit to at least get a handle on this because I knew it would take time to get my thread here fired up again and receive responses. I've been trying to complete some cover art and other work and because all of this has been happen so fast my backups are lagging plus I don't want to accidentally back up any bad stuff. I do have my file history on in Windows however so I have those. Along with a Windows 10 recovery disk and a Windows 10 clean install USB and I purchased a Windows 10 product ID because of all of this mayhem.
 
Here's what Emsisoft found on the 14th:
Emsisoft Emergency Kit - Version 10.0
Last update: 10/14/2015 6:54:10 AM
User account: KATHRYNLAPTOP\kathryn
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 10/14/2015 6:58:30 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
 
Scanned 77059
Found 19
 
Scan end: 10/14/2015 7:05:05 AM
Scan time: 0:06:35
 
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A)
 
Quarantined 16
 
 
Deleted 0
 
 
It found 19 but only quarantined 16. Then I had to run it again yesterday. Here's that log:
 
Emsisoft Emergency Kit - Version 10.0
Last update: 10/16/2015 6:27:13 PM
User account: KATHRYNLAPTOP\kathryn
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 10/16/2015 6:33:54 PM
C:\Users\kathr\AppData\Local\Temp\calc.exe detected: Trojan.Win32.Miner (A)
 
Scanned 77488
Found 1
 
Scan end: 10/16/2015 6:36:52 PM
Scan time: 0:02:58
 
C:\Users\kathr\AppData\Local\Temp\calc.exe Quarantined Trojan.Win32.Miner (A)
 
Quarantined 1
 
 
Because FARBAR wouldn't complete the last time, I tried Hijack This to see if it would work. Here's what it found.Well, now I can't find Hijack This even though I have it set up to run on boot. But it has a ton of registry entries such as lass where the file can't be found or owner unknown.
 
I figure you need a new FARBAR.
 
Oh and this is the first time Trend Micro jumped up and blocked FARBAR. I turned it off temporarily and here's the latest and greatest.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by kathryn (administrator) on KATHRYNLAPTOP (17-10-2015 09:43:37)
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathryn (Available Profiles: kathryn)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\notepad.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\setup.exe" <====== ATTENTION
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [HijackThis startup scan] => C:\Users\kathr\Downloads\HijackThis.exe [388608 2015-10-16] (Trend Micro Inc.)
AlternateShell: 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6e290f83-55f8-4f72-918b-7194d9a47859}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
Handler: AutorunsDisabled - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2015-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-10-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://kathrynloch.deviantart.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR NewTab: Default -> "chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-10-05]
CHR Extension: (Theme Creator) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-10-05]
CHR Extension: (Google Docs) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Assassin's Creed 4 Black Flag [FVD]) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpadpijpfghpinpafnpjlipafpahkahk [2015-10-05]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-10-05]
CHR Extension: (Google Search) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-10-05]
CHR Extension: (Adobe Acrobat) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-10-05]
CHR Extension: (Gmail Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-05]
CHR Extension: (App for Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkanjjdncmgmmmeceedfmncfejmbjef [2015-10-05]
CHR Extension: (Readium) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Save to Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-10-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-05]
CHR Extension: (Dropbox) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-10-05]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2015-10-05]
CHR Extension: (Booktrack Studio) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog [2015-10-05]
CHR Extension: (Google Hangouts) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-05]
CHR Extension: (Blogger) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-10-05]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-10-05]
CHR Extension: (Google Maps) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-05]
CHR Extension: (Mint) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2015-10-05]
CHR Extension: (Google Play Books) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-10-05]
CHR Extension: (OneDrive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Trend Micro Toolbar) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-10-16]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-10-05]
CHR Extension: (KDSPY) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocoibgfbhcplhnfdjldohepoeboiloo [2015-10-05]
CHR Extension: (Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-10-05]
CHR Extension: (Gmail) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8902144 2015-10-07] (SecureMix LLC)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4088016 2015-10-16] (SurfRight B.V.)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [1432840 2015-08-27] (Trend Micro Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-10-16] ()
R3 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [198216 2015-10-16] (SurfRight B.V.)
R3 hmpnet; C:\WINDOWS\system32\drivers\hmpnet.sys [69960 2015-10-16] (SurfRight B.V.)
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2015-10-14] ( )
S4 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-01] (Intel Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [134280 2015-07-21] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [326896 2015-07-21] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [100320 2015-07-21] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
S3 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-28] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-16] ()
S4 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S4 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 TMAgent; no ImagePath
S4 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 09:43 - 2015-10-17 09:43 - 00049830 _____ C:\Users\kathr\Desktop\FRST.txt
2015-10-17 08:55 - 2015-10-17 08:55 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathryn_HistoryPrediction.bin
2015-10-16 19:49 - 2015-10-16 19:49 - 00000000 ___HD C:\TMRescueDisk
2015-10-16 19:46 - 2015-10-16 19:46 - 00001385 _____ C:\Users\kathr\Desktop\Trend Micro Maximum Security.lnk
2015-10-16 19:46 - 2015-10-16 19:46 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2015-10-16 19:44 - 2015-10-16 19:44 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2015-10-16 19:44 - 2015-10-16 19:44 - 00000000 ____D C:\WINDOWS\system32\tmumh
2015-10-16 19:44 - 2015-07-21 20:32 - 00100320 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2015-10-16 19:44 - 2015-07-21 20:28 - 00326896 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-10-16 19:44 - 2015-07-21 20:28 - 00134280 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2015-10-16 19:44 - 2015-06-28 21:38 - 00091536 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2015-10-16 19:44 - 2015-06-26 05:20 - 00116528 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2015-10-16 19:44 - 2015-06-22 21:49 - 00039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2015-10-16 19:44 - 2015-06-11 03:54 - 00059712 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2015-10-16 19:44 - 2015-06-08 00:54 - 00116576 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2015-10-16 19:44 - 2015-05-28 05:26 - 00416608 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2015-10-16 19:42 - 2015-10-17 09:42 - 00000000 ____D C:\Users\kathr\Desktop\FRST-OlderVersion
2015-10-16 19:42 - 2015-10-16 19:42 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2015-10-16 19:37 - 2015-10-16 19:37 - 00000000 ____D C:\Users\kathr\Downloads\backups
2015-10-16 18:51 - 2015-10-16 18:51 - 00007013 _____ C:\Users\kathr\Downloads\hijackthis.log
2015-10-16 18:50 - 2015-10-16 18:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\HiJackThis.exe
2015-10-16 18:46 - 2015-10-16 18:47 - 169374816 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TTi_10.0_HE_64bit.exe
2015-10-16 18:46 - 2015-10-16 18:46 - 06630392 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\TrendMicro_MAX_8.0_US-en_Downloader.exe
2015-10-16 18:38 - 2015-10-16 18:38 - 00000370 _____ C:\Users\kathr\OneDrive\Documents\Viruses.csv
2015-10-16 18:33 - 2015-10-16 18:33 - 00004448 _____ C:\Users\kathr\Desktop\rouguekiller.txt
2015-10-16 18:24 - 2015-10-16 18:43 - 00000000 ____D C:\Users\kathr\AppData\Local\CrashDumps
2015-10-16 18:24 - 2015-10-16 18:33 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-16 18:24 - 2015-10-16 18:24 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-16 17:04 - 2015-10-16 17:15 - 00929872 _____ (Google Inc.) C:\Users\kathr\Downloads\ChromeSetup.exe
2015-10-16 16:46 - 2015-10-16 16:46 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-16 16:30 - 2015-10-16 16:53 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-10-16 16:30 - 2015-10-16 16:31 - 00830288 _____ (SurfRight B.V.) C:\WINDOWS\system32\hmpalert.dll
2015-10-16 16:30 - 2015-10-16 16:31 - 00772944 _____ (SurfRight B.V.) C:\WINDOWS\SysWOW64\hmpalert.dll
2015-10-16 16:30 - 2015-10-16 16:31 - 00198216 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpalert.sys
2015-10-16 16:30 - 2015-10-16 16:31 - 00069960 _____ (SurfRight B.V.) C:\WINDOWS\system32\Drivers\hmpnet.sys
2015-10-16 16:30 - 2015-10-16 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-10-16 16:18 - 2015-10-17 08:56 - 00000000 ____D C:\Users\kathr\AppData\Local\DP_Tower
2015-10-16 16:18 - 2015-10-16 19:42 - 00000000 ____D C:\Program Files\Trend Micro
2015-10-16 16:18 - 2015-10-16 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2015-10-16 15:24 - 2015-10-16 16:17 - 00003130 _____ C:\Users\kathr\Desktop\gore.txt
2015-10-16 15:21 - 2015-10-16 15:21 - 00001974 _____ C:\Users\kathr\Desktop\GlassWire.lnk
2015-10-16 15:21 - 2015-10-16 15:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-10-16 15:21 - 2015-10-16 15:21 - 00000000 ____D C:\Program Files (x86)\GlassWire
2015-10-16 15:21 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2015-10-16 15:21 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2015-10-16 12:33 - 2015-10-16 12:33 - 09325066 _____ C:\Users\kathr\OneDrive\Documents\SoundofMadnessChorus.wav
2015-10-16 12:33 - 2015-10-16 12:33 - 00291036 _____ C:\Users\kathr\OneDrive\Documents\SoundofMadnessChorus.pkf
2015-10-15 13:34 - 2015-10-15 13:34 - 00002672 _____ C:\Users\kathr\Desktop\Kilt02.jpg - Shortcut.lnk
2015-10-15 13:00 - 2015-10-15 13:00 - 00000000 ____D C:\Users\kathr\AppData\Roaming\WTablet
2015-10-15 12:43 - 2015-10-15 12:43 - 00000000 ____D C:\Users\Public\Pixologic
2015-10-15 12:32 - 2015-10-15 13:44 - 00001267 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit) Public Build +Beta+.lnk
2015-10-15 10:54 - 2015-10-15 10:54 - 00002789 _____ C:\Users\kathr\Desktop\Google Hangouts.lnk
2015-10-14 09:20 - 2015-10-14 09:20 - 00447576 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-10-14 07:59 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr\temp
2015-10-14 07:59 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr\AppData\Roaming\TeamViewer
2015-10-14 07:54 - 2015-10-14 07:55 - 04079264 _____ (SurfRight B.V.) C:\Users\kathr\Desktop\hmpalert3.exe
2015-10-14 07:53 - 2015-10-14 07:53 - 00722448 _____ (Threatstar B.V.) C:\Users\kathr\Desktop\hmpalert64-test.exe
2015-10-14 07:21 - 2015-10-16 18:39 - 00005196 _____ C:\Users\kathr\Desktop\quarantine.txt
2015-10-14 07:20 - 2015-10-16 18:24 - 18832456 _____ C:\Users\kathr\Desktop\RogueKiller.exe
2015-10-14 07:20 - 2015-10-16 18:23 - 00002806 _____ C:\Users\kathr\Desktop\Rkill.txt
2015-10-14 07:19 - 2015-10-14 07:20 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\kathr\Desktop\rkill.exe
2015-10-14 06:42 - 2015-10-17 09:32 - 00000000 ____D C:\EEK
2015-10-14 06:42 - 2015-10-16 18:20 - 00000784 _____ C:\Users\kathr\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-14 06:41 - 2015-10-14 06:42 - 168430496 _____ C:\Users\kathr\Desktop\EmsisoftEmergencyKit.exe
2015-10-14 06:26 - 2015-10-14 06:26 - 00002148 _____ C:\Users\kathr\Desktop\VirusTotal Uploader 2.2.lnk
2015-10-14 06:26 - 2015-10-14 06:26 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-10-14 06:26 - 2015-10-14 06:26 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2015-10-14 06:25 - 2015-10-14 06:25 - 00142744 _____ C:\Users\kathr\Desktop\vtuploader2.2.exe
2015-10-14 05:59 - 2015-10-16 20:59 - 00000010 _____ C:\Users\kathr\AppData\Local\sponge.last.runtime.cache
2015-10-14 05:14 - 2015-10-14 05:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-14 04:53 - 2015-10-15 19:18 - 00000000 ____D C:\Program Files\TabletPlugins
2015-10-14 04:53 - 2015-10-15 19:18 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2015-10-14 04:53 - 2015-10-14 04:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-10-14 04:53 - 2015-04-28 12:08 - 00103192 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2015-10-14 04:53 - 2015-04-28 12:08 - 00015128 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2015-10-14 04:52 - 2015-10-14 04:53 - 00000000 ____D C:\Program Files\Tablet
2015-10-14 04:52 - 2015-08-21 13:33 - 02090176 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 02064576 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 02057920 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01928896 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01674944 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01672384 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01664704 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01545408 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2015-10-14 04:51 - 2015-10-14 04:52 - 82016736 _____ C:\Users\kathr\Desktop\WacomTablet_6.3.14-1.exe
2015-10-14 04:43 - 2015-10-14 04:43 - 00000000 ____D C:\Users\kathr\AppData\Roaming\NVIDIA
2015-10-14 04:09 - 2015-10-14 04:09 - 00003268 _____ C:\WINDOWS\System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1}
2015-10-14 03:55 - 2015-10-16 16:18 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Trend Micro
2015-10-14 03:54 - 2015-10-16 19:46 - 00000000 ____D C:\ProgramData\Trend Micro
2015-10-14 03:53 - 2015-10-16 16:29 - 00000000 ____D C:\ProgramData\TMDP_Log
2015-10-14 03:53 - 2015-10-16 16:28 - 00000000 ____D C:\ProgramData\TMDP_Setup
2015-10-14 03:53 - 2015-10-14 03:53 - 00000036 _____ C:\Users\kathr\AppData\Local\housecall.guid.cache
2015-10-14 03:23 - 2015-10-14 03:23 - 21871440 _____ (SecureMix LLC) C:\Users\kathr\Desktop\GlassWireSetup.exe
2015-10-14 03:19 - 2015-10-16 19:39 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-14 03:19 - 2015-10-14 03:19 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-10-14 03:19 - 2015-10-02 21:28 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-10-14 03:18 - 2015-10-14 03:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-14 03:18 - 2015-10-02 23:58 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-14 03:18 - 2015-10-02 23:58 - 00105264 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 02982704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00938800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-14 03:18 - 2015-10-02 21:38 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-14 03:18 - 2015-10-01 04:30 - 05284082 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-14 03:17 - 2015-10-14 03:17 - 02873112 _____ (Reason Company Software Inc.) C:\Users\kathr\Desktop\herdProtectScan_Setup.exe
2015-10-14 03:17 - 2015-10-14 03:17 - 00001162 _____ C:\Users\Public\Desktop\herdProtect.lnk
2015-10-14 03:17 - 2015-10-06 13:45 - 11210056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-10-14 03:17 - 2015-10-02 23:58 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 22342264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 18387064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 18354984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 16548768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 15837152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 15803800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 14841232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 13525200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 12868120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 12038368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 03534888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 03121144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 02313336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01994360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00689968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00414000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00388048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00376112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00339064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-10-14 03:17 - 2015-10-02 23:58 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00034392 _____ C:\WINDOWS\system32\nvinfo.pb
2015-10-14 03:15 - 2015-10-16 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Trend Micro
2015-10-14 03:13 - 2015-10-14 03:13 - 169370152 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2015-10-14 03:12 - 2015-10-14 03:12 - 06924136 _____ (Trend Micro Inc.) C:\Users\kathr\Desktop\TrendMicro_MAX_10.0_US-en_Downloader.exe
2015-10-14 03:11 - 2015-10-14 03:15 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql.exe
2015-10-14 03:10 - 2015-10-14 03:10 - 00003646 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2015-10-14 03:10 - 2015-10-14 03:10 - 00002874 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2015-10-14 03:10 - 2015-10-14 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-14 03:10 - 2015-10-14 03:10 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-14 03:08 - 2015-10-14 03:08 - 00000000 ____D C:\Users\kathr\Desktop\ATKPackage_Win10_64_VER100039
2015-10-14 03:07 - 2015-10-14 03:07 - 00000000 ____D C:\Users\kathr\Desktop\KBFilter_Win81_64_VER1005
2015-10-14 03:06 - 2015-10-14 03:06 - 00160580 _____ C:\Users\kathr\Desktop\KBFilter_Win81_64_VER1005.zip
2015-10-14 03:05 - 2015-10-14 03:05 - 12379704 _____ C:\Users\kathr\Desktop\ATKPackage_Win10_64_VER100039.zip
2015-10-14 01:51 - 2015-10-14 01:51 - 00003266 _____ C:\WINDOWS\System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F}
2015-10-12 11:13 - 2015-10-12 11:14 - 757922649 _____ C:\Users\kathr\OneDrive\Documents\Historical.zip
2015-10-12 11:12 - 2015-10-12 11:12 - 15543068 _____ C:\Users\kathr\OneDrive\Documents\Last of the desktop.zip
2015-10-12 10:15 - 2015-10-08 23:42 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql (2).exe
2015-10-12 10:13 - 2015-10-09 00:00 - 304224616 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.98-notebook-win10-64bit-international-whql (2).exe
2015-10-12 10:13 - 2015-10-08 23:44 - 304583336 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.82-notebook-win10-64bit-international-whql (2).exe
2015-10-12 07:45 - 2015-10-12 07:45 - 04296704 _____ C:\Users\kathr\OneDrive\Documents\demon_laird.indd
2015-10-12 07:45 - 2015-10-12 07:45 - 00011486 _____ C:\2HijackPatrol.log
2015-10-12 06:51 - 2015-10-12 06:52 - 03723264 _____ C:\Users\kathr\OneDrive\Documents\mist warrior.indd
2015-10-11 16:12 - 2015-10-12 10:19 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 16:11 - 2015-10-11 16:11 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-10-11 16:11 - 2015-10-11 16:11 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-10-11 16:11 - 2015-10-11 16:11 - 00002091 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-10-11 06:08 - 2015-10-11 05:56 - 69420720 _____ C:\Users\kathr\OneDrive\Documents\1011150555.mp4
2015-10-11 06:08 - 2015-10-11 05:55 - 40000723 _____ C:\Users\kathr\OneDrive\Documents\1011150553.mp4
2015-10-11 06:08 - 2015-10-11 05:52 - 05270801 _____ C:\Users\kathr\OneDrive\Documents\1011150551.mp4
2015-10-11 06:08 - 2015-10-11 05:51 - 304524280 _____ C:\Users\kathr\OneDrive\Documents\1011150548.mp4
2015-10-11 06:08 - 2015-10-11 05:47 - 39634706 _____ C:\Users\kathr\OneDrive\Documents\1011150543.mp4
2015-10-11 06:08 - 2015-10-11 05:37 - 10247585 _____ C:\Users\kathr\OneDrive\Documents\1011150537.mp4
2015-10-11 06:08 - 2015-10-11 05:36 - 322664427 _____ C:\Users\kathr\OneDrive\Documents\1011150533.mp4
2015-10-11 06:08 - 2015-10-11 04:25 - 174367577 _____ C:\Users\kathr\OneDrive\Documents\1011150423.mp4
2015-10-11 06:08 - 2015-10-11 04:22 - 519388367 _____ C:\Users\kathr\OneDrive\Documents\1011150417.mp4
2015-10-11 03:08 - 2015-10-11 03:08 - 00150348 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030815.zip
2015-10-11 03:06 - 2015-10-11 03:06 - 00145074 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030603.zip
2015-10-11 03:04 - 2015-10-11 03:04 - 00129868 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030437.zip
2015-10-11 03:00 - 2015-10-11 03:00 - 00120877 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030036.zip
2015-10-10 19:32 - 2015-10-10 19:23 - 00132745 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151010-192329.zip
2015-10-09 13:27 - 2015-04-28 12:08 - 00014104 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2015-10-09 13:27 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2015-10-09 13:27 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2015-10-09 13:26 - 2015-10-09 12:10 - 82016736 _____ C:\Users\kathr\Desktop\WacomTablet_6.3.14-1 (2015_09_27 15_29_22 UTC).exe
2015-10-09 11:51 - 2015-10-09 11:51 - 00000000 ____D C:\ProgramData\Apple
2015-10-09 11:49 - 2015-10-09 11:51 - 00000000 ____D C:\Users\kathr\AppData\Local\Western Digital
2015-10-09 11:45 - 2015-10-09 11:45 - 00004398 _____ C:\WINDOWS\DPINST.LOG
2015-10-09 11:44 - 2015-10-09 11:49 - 71601392 _____ C:\Users\kathr\Desktop\mc_windows_setup.exe
2015-10-09 11:44 - 2015-10-09 11:44 - 04341113 _____ C:\Users\kathr\Desktop\WD_Quick_View_Setup_for_Windows.zip
2015-10-09 11:44 - 2015-10-09 11:44 - 00000000 ____D C:\Users\kathr\Desktop\WD_Quick_View_Setup_for_Windows
2015-10-09 11:43 - 2015-10-09 11:50 - 63831744 _____ C:\Users\kathr\Desktop\WDMyCloud_win.exe
2015-10-09 07:28 - 2015-10-12 10:19 - 00002406 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2015-10-09 07:28 - 2015-10-09 07:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-09 07:27 - 2015-10-12 10:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-09 07:27 - 2015-10-09 07:27 - 00000000 ____D C:\Program Files\Realtek
2015-10-09 05:47 - 2015-10-15 20:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-09 04:31 - 2015-10-09 04:31 - 00000259 _____ C:\AmazonMusic.log
2015-10-09 04:11 - 2015-10-09 04:11 - 00000000 ____D C:\Users\kathr\Desktop\Audio_Realtek_Win81_64_VER6017304
2015-10-09 04:10 - 2015-10-12 10:19 - 00002516 _____ C:\WINDOWS\System32\Tasks\Amazon Music Helper
2015-10-09 04:10 - 2015-10-09 04:10 - 41261584 _____ (Amazon) C:\Users\kathr\Desktop\Amazon_Music_with_Prime_Music_PC_Download.exe
2015-10-08 23:40 - 2015-10-12 10:42 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql (1).exe
2015-10-08 23:40 - 2015-10-08 23:44 - 304583336 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.82-notebook-win10-64bit-international-whql.exe
2015-10-08 23:38 - 2015-10-09 00:00 - 304224616 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.98-notebook-win10-64bit-international-whql.exe
2015-10-08 19:14 - 2015-10-08 19:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-08 17:56 - 2015-10-08 17:58 - 02520048 _____ C:\Users\kathr\OneDrive\Documents\KATHRYNLAPTOP2.arn
2015-10-08 17:19 - 2015-10-08 17:48 - 00002834 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathryn
2015-10-08 17:08 - 2015-10-14 02:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-10-08 16:40 - 2015-10-08 16:40 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-08 16:13 - 2015-10-08 16:13 - 00000029 _____ C:\Users\kathr\OneDrive\Documents\windows10pro.txt
2015-10-08 16:09 - 2015-10-08 16:09 - 00000000 ___HD C:\$Windows.~WS
2015-10-08 16:07 - 2015-10-08 16:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-08 16:04 - 2015-10-08 16:04 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-10-08 16:00 - 2015-10-08 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-08 16:00 - 2015-10-08 16:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-08 15:52 - 2015-10-08 15:52 - 00000357 _____ C:\Users\kathr\AppData\Local\LMIR0001.tmp_r.bat
2015-10-08 15:42 - 2015-10-08 15:54 - 00000000 ____D C:\Users\kathr\AppData\Local\LogMeIn Rescue Applet
2015-10-08 15:09 - 2015-10-08 15:09 - 00024288 _____ C:\WINDOWS\system32\WacDriverDLCoinst.dll
2015-10-07 22:53 - 2015-10-07 22:53 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathr_HistoryPrediction.bin
2015-10-07 20:20 - 2015-10-07 20:20 - 00000000 ____D C:\ProgramData\OptiTex
2015-10-07 13:36 - 2015-10-08 17:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-07 13:35 - 2015-10-14 03:19 - 00000000 ____D C:\Temp
2015-10-07 13:35 - 2015-10-09 10:46 - 00000000 ____D C:\Users\kathr\Desktop\CardReader_Genesys_Win81_64_VER4307
2015-10-07 00:17 - 2015-10-17 09:19 - 00010394 _____ C:\HijackPatrol.log
2015-10-06 23:45 - 2015-10-06 23:45 - 00000000 ____D C:\NVIDIA
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\kathr\Desktop\LAN_QualcommAtheros_Win81_64_VER21021
2015-10-06 23:37 - 2015-10-06 23:37 - 02082460 _____ C:\Users\kathr\Desktop\IRST_Intel_Win81_64_VER12801016.zip
2015-10-06 23:36 - 2015-10-06 23:36 - 09993488 _____ C:\Users\kathr\Desktop\CardReader_Genesys_Win81_64_VER4307.zip
2015-10-06 23:35 - 2015-10-06 23:36 - 128469985 _____ C:\Users\kathr\Desktop\Audio_Realtek_Win81_64_VER6017304.zip
2015-10-06 21:17 - 2015-10-06 21:17 - 00000000 ____D C:\WINDOWS\WICCodecs
2015-10-06 18:53 - 2015-10-10 12:16 - 36438016 _____ C:\WINDOWS\system32\config\components.old
2015-10-06 14:14 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-10-06 13:46 - 2015-10-08 15:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-06 13:43 - 2015-10-08 17:48 - 00002830 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr
2015-10-06 11:27 - 2015-10-06 11:32 - 00830266 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-05 12:47 - 2015-10-05 12:47 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KATHRYNLAPTOP-Windows-10-Pro-(64-bit).dat
2015-10-05 12:47 - 2015-10-05 12:47 - 00000000 ____D C:\RegBackup
2015-10-05 11:56 - 2015-10-08 19:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-05 09:09 - 2015-10-05 09:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 08:58 - 2015-10-14 04:09 - 00000000 ____D C:\ProgramData\InstallMate
2015-10-05 08:58 - 2015-10-06 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-10-05 08:58 - 2015-10-05 09:00 - 00000000 ____D C:\Users\kathr\AppData\Roaming\WinPatrol
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-10-05 05:15 - 2015-10-07 16:32 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Adobe
2015-10-05 05:13 - 2015-10-08 17:48 - 00002872 _____ C:\WINDOWS\System32\Tasks\[email protected]
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\Users\kathr\AppData\Local\AntiLogger Free
2015-10-05 03:37 - 2015-10-05 03:37 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2015-10-05 03:37 - 2015-10-05 03:37 - 00000000 ____D C:\Users\kathr\Desktop\ProcessExplorer
2015-10-05 01:36 - 2015-10-05 01:37 - 74520472 _____ (Logitech, Inc.) C:\Users\kathr\Downloads\lws280.exe
2015-10-05 01:26 - 2015-10-12 10:41 - 00587682 _____ C:\Users\kathr\OneDrive\Documents\KATHRYNLAPTOP.arn
2015-10-05 00:19 - 2015-10-05 00:19 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2015-10-05 00:03 - 2015-10-05 00:03 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-10-04 23:48 - 2015-10-16 12:27 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Adobe
2015-10-04 23:48 - 2015-10-05 05:13 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-04 23:48 - 2015-10-04 23:48 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-10-04 23:44 - 2015-10-11 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-04 23:44 - 2015-10-05 00:19 - 00000000 ____D C:\Program Files\Adobe
2015-10-04 23:36 - 2015-10-14 07:06 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files
2015-10-04 23:34 - 2015-10-04 23:34 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-04 23:34 - 2015-10-04 23:34 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-04 23:29 - 2015-10-16 22:42 - 00000000 ____D C:\Users\kathr\AppData\Local\Adobe
2015-10-04 23:18 - 2015-10-05 01:10 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\kathr\Desktop\autoruns.exe
2015-10-04 23:02 - 2015-10-14 03:50 - 00000000 ____D C:\Program Files\Webroot
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-10-04 22:43 - 2015-10-04 22:43 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-10-04 22:43 - 2015-10-04 22:43 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-10-04 22:36 - 2015-10-16 03:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Adobe
2015-10-04 22:16 - 2015-10-12 11:11 - 00001325 _____ C:\Users\Public\Desktop\dMaintenance Home Edition.lnk
2015-10-04 21:05 - 2015-10-12 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-10-04 21:05 - 2015-10-12 10:24 - 00003518 _____ C:\WINDOWS\System32\Tasks\CryptoPrevent Update
2015-10-04 21:05 - 2015-10-04 21:05 - 00001289 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-10-04 20:10 - 2015-10-16 17:29 - 00021012 __RSH C:\ProgramData\ntuser.pol
2015-10-04 19:58 - 2015-10-12 10:26 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-10-04 19:34 - 2015-10-04 19:36 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\WPA Files
2015-10-04 19:34 - 2015-10-04 19:34 - 00000000 ____D C:\SymCache
2015-10-04 19:31 - 2015-10-04 19:31 - 163577856 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl
2015-10-04 19:31 - 2015-10-04 19:31 - 07345250 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.cab
2015-10-04 18:51 - 2015-10-04 18:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-04 14:37 - 2015-10-04 14:37 - 191889408 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl
2015-10-04 14:37 - 2015-10-04 14:37 - 04993712 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.cab
2015-10-04 14:31 - 2015-10-04 14:31 - 220200960 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl
2015-10-04 14:31 - 2015-10-04 14:31 - 03730738 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.cab
2015-10-04 14:20 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-10-04 14:20 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-10-04 00:23 - 2015-10-16 19:49 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-10-04 00:23 - 2015-10-06 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-04 00:16 - 2015-10-16 19:39 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-10-04 00:05 - 2015-10-04 00:05 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Blacksmith3D
2015-10-03 23:06 - 2015-10-03 23:06 - 00002826 _____ C:\Users\kathr\Desktop\AHB_magnaheart_dress_02 - Shortcut.lnk
2015-10-03 21:35 - 2015-10-03 21:35 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Security
2015-10-03 21:00 - 2015-10-03 21:00 - 00058675 _____ C:\Users\kathr\OneDrive\Documents\registryleaks.txt
2015-10-03 20:43 - 2015-10-11 02:23 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\DAZ 3D
2015-10-03 20:30 - 2015-10-03 20:30 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2015-10-03 20:26 - 2015-10-16 15:20 - 00007641 _____ C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
2015-10-03 20:26 - 2015-10-04 22:16 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-10-03 20:26 - 2015-10-04 21:05 - 00000000 ____D C:\ProgramData\Foolish IT
2015-10-03 18:45 - 2015-10-04 18:28 - 00000000 ____D C:\AdwCleaner
2015-10-03 18:34 - 2015-10-03 18:34 - 00000000 ____D C:\WINDOWS\SMSS-PFRO20f5.tmp
2015-10-03 17:45 - 2015-10-14 09:21 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-03 17:10 - 2015-10-17 08:58 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AB9CB54-4CE0-4F7C-A83A-83EBCF8FAC11}
2015-10-03 15:40 - 2015-10-16 19:38 - 02933076 _____ C:\WINDOWS\PFRO.log
2015-10-03 15:38 - 2015-10-16 17:16 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-03 15:38 - 2015-10-03 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 15:37 - 2015-10-08 19:15 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 15:37 - 2015-10-08 19:15 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 15:37 - 2015-10-08 17:48 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 15:37 - 2015-10-08 17:48 - 00003272 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-03 15:32 - 2015-10-03 15:32 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-10-03 15:18 - 2015-10-17 09:42 - 02196992 _____ (Farbar) C:\Users\kathr\Desktop\FRST64.exe
2015-10-03 15:10 - 2015-10-03 15:10 - 00001704 _____ C:\Users\Public\Desktop\Scrivener.lnk
2015-10-03 15:10 - 2015-10-03 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-10-03 14:48 - 2015-10-07 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-07 17:37 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-10-03 14:47 - 2015-10-03 15:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-03 14:39 - 2015-10-03 14:41 - 00001176 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit).lnk
2015-10-03 14:38 - 2015-10-15 12:43 - 00000000 ____D C:\Program Files\DAZ 3D
2015-10-03 14:38 - 2015-10-03 14:38 - 00000969 _____ C:\Users\kathr\Desktop\Carrara 8.5 Pro (64-bit).lnk
2015-10-03 09:32 - 2015-10-03 09:31 - 00117242 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151003-093132.zip
2015-10-02 21:35 - 2015-10-02 21:35 - 00000000 ____D C:\Users\kathr\AppData\Local\CEF
2015-10-02 18:55 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-02 18:49 - 2015-10-02 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Scrivener
2015-10-02 18:35 - 2015-10-05 04:33 - 00000000 ____D C:\ProgramData\Adobe
2015-10-02 18:35 - 2015-10-04 14:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 18:34 - 2015-10-04 23:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 18:31 - 2015-10-03 15:10 - 00000000 ____D C:\Program Files (x86)\Scrivener
2015-10-02 18:29 - 2015-10-15 13:02 - 00000000 ____D C:\ProgramData\DAZ 3D
2015-10-02 18:00 - 2015-10-02 18:00 - 00000000 ____D C:\Users\kathr\AppData\Local\Logitech® Webcam Software
2015-10-02 17:58 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\LogiShrd
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Leadertech
2015-10-02 17:57 - 2015-10-07 00:01 - 00010152 _____ C:\WINDOWS\LDPINST.LOG
2015-10-02 17:49 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-02 17:49 - 2015-10-07 00:01 - 00018015 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-02 17:43 - 2015-10-02 17:43 - 00000000 ____D C:\Users\kathr\Desktop\Heart's Ransom cover
2015-10-02 17:40 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\FastPictureViewer
2015-10-02 17:38 - 2015-10-06 21:30 - 00000000 ____D C:\Users\kathr\Desktop\3d n Art
2015-10-02 17:37 - 2015-10-17 09:42 - 00000000 ____D C:\Users\kathr\Desktop\computer
2015-10-02 16:06 - 2015-10-02 16:06 - 00000000 ____D C:\Users\kathr\AppData\Local\PeerDistRepub
2015-10-02 16:02 - 2015-10-14 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\Program Files\Reason
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Local\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\ProgramData\GlassWire
2015-10-02 15:37 - 2015-10-14 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-02 15:29 - 2015-10-03 17:19 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 15:13 - 2015-10-02 15:13 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Macromedia
2015-10-02 14:47 - 2015-10-02 14:47 - 00000000 ___HD C:\VTRoot
2015-10-02 12:48 - 2015-10-08 16:40 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-02 12:48 - 2015-10-08 13:56 - 00000000 ____D C:\Windows.old
2015-10-02 12:45 - 2015-10-02 12:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-02 12:44 - 2015-10-02 12:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-02 12:43 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Setup
2015-10-02 12:41 - 2015-10-02 12:41 - 00000000 ____D C:\WINDOWS\OCR
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-02 12:38 - 2015-10-01 02:57 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38 - 2015-10-01 02:57 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 12:37 - 2015-10-09 13:29 - 00002177 _____ C:\WINDOWS\DtcInstall.log
2015-10-02 12:36 - 2015-10-17 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 12:36 - 2015-10-16 19:44 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-02 12:36 - 2015-10-16 16:28 - 00000215 _____ C:\WINDOWS\win.ini
2015-10-02 12:36 - 2015-10-16 16:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 12:36 - 2015-10-14 03:18 - 00000000 ____D C:\WINDOWS\Help
2015-10-02 12:36 - 2015-10-14 02:51 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 12:36 - 2015-10-09 11:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-02 12:36 - 2015-10-09 11:37 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 12:36 - 2015-10-08 17:23 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 12:36 - 2015-10-08 16:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-02 12:36 - 2015-10-08 14:03 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-02 12:36 - 2015-10-06 21:52 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-02 12:36 - 2015-10-04 23:13 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-02 12:36 - 2015-10-03 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-02 12:36 - 2015-10-02 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\tracing
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\System
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SKB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\security
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Resources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\PLA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Performance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Branding
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\addins
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Comms
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-02 12:36 - 2015-10-02 12:34 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-02 12:36 - 2015-10-02 12:34 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-02 12:36 - 2015-10-02 12:34 - 00000219 ____N C:\WINDOWS\system.ini
2015-10-02 12:36 - 2015-10-02 11:06 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-02 12:36 - 2015-10-02 09:59 - 00000000 ____D C:\WINDOWS\CSC
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-02 12:36 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-02 12:28 - 2015-10-16 19:49 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 12:24 - 2015-10-16 19:49 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-02 12:24 - 2015-10-16 19:38 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 12:24 - 2015-10-14 02:05 - 00000000 __RHD C:\Users\Default
2015-10-02 12:24 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\servicing
2015-10-02 12:24 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-02 12:24 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-02 12:23 - 2015-10-04 15:07 - 00000000 ___HD C:\$SysReset
2015-10-02 11:09 - 2015-10-02 11:09 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-02 11:01 - 2015-10-02 11:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-02 11:01 - 2015-10-02 11:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-02 10:53 - 2015-10-15 13:02 - 00000000 ____D C:\Users\kathr\AppData\Roaming\DAZ 3D
2015-10-02 10:52 - 2015-10-03 14:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-10-02 10:52 - 2015-10-02 10:52 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2015-10-02 10:48 - 2015-10-16 16:12 - 00000000 ____D C:\Users\kathr\AppData\Roaming\vlc
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-02 10:48 - 2015-10-02 10:48 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-02 10:38 - 2015-07-05 05:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-02 10:34 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 10:33 - 2015-10-07 00:02 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 10:33 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Google
2015-10-02 10:25 - 2015-10-14 09:20 - 02544872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-10-02 10:21 - 2015-10-02 10:32 - 00000000 ____D C:\Users\kathr\AppData\Local\MicrosoftEdge
2015-10-02 10:16 - 2015-10-03 15:43 - 00002338 _____ C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-02 10:08 - 2015-10-02 10:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 10:07 - 2015-10-03 15:39 - 00000000 ____D C:\Users\kathr\AppData\Local\Comms
2015-10-02 10:06 - 2015-10-16 18:51 - 00000000 ____D C:\Users\kathr\AppData\Local\VirtualStore
2015-10-02 10:06 - 2015-10-03 14:52 - 00000000 ____D C:\Users\kathr\AppData\Local\Packages
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\TileDataLayer
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\Publishers
2015-10-02 10:05 - 2015-10-16 19:44 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 10:05 - 2015-10-02 10:05 - 00000020 ___SH C:\Users\kathr\ntuser.ini
2015-10-02 10:02 - 2015-10-02 10:02 - 00000000 __SHD C:\Recovery
2015-10-02 10:00 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 __RSD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 09:54 - 2015-10-17 08:57 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 09:53 - 2015-10-14 03:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-02 09:53 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOShared
2015-10-02 09:53 - 2015-07-10 00:37 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-02 09:51 - 2015-10-16 12:21 - 00023145 _____ C:\WINDOWS\setupact.log
2015-10-02 09:51 - 2015-10-02 09:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-02 09:50 - 2015-10-16 19:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 09:49 - 2015-10-12 10:56 - 00517808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-02 02:37 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\Presets-2015-09-09
2015-10-02 01:34 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\unzipped
2015-10-01 13:43 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\21966-01_ContentCatalogerEasy
2015-10-01 13:32 - 2015-10-01 13:32 - 00000776 _____ C:\Users\kathr\Desktop\Hexagon 2.lnk
2015-10-01 12:35 - 2015-10-05 00:26 - 00000000 ____D C:\Users\kathr\Desktop\renderosity
2015-10-01 08:35 - 2015-10-07 01:11 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Temp
2015-10-01 02:57 - 2015-10-01 02:57 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 02:20 - 2015-10-09 00:09 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Keep
2015-10-01 02:20 - 2015-10-02 21:56 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\_1 Writing
2015-10-01 02:20 - 2015-10-01 03:13 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Scriverner
2015-10-01 02:11 - 2015-10-05 00:01 - 00002126 _____ C:\Users\kathr\Desktop\DAZ Install Manager.lnk
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\d956d726f5b732d32501
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\c9112f9ef026831bf709
2015-10-01 01:46 - 2015-10-04 23:36 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (2)
2015-10-01 01:46 - 2015-10-03 17:20 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (1)
2015-10-01 01:06 - 2015-10-07 17:37 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\LastPass
2015-10-01 00:20 - 2015-10-11 16:41 - 00000000 ____D C:\Users\kathr\OneDrive
2015-10-01 00:17 - 2015-10-01 00:17 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-09-30 23:26 - 2015-10-02 23:58 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00452240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00019976 _____ (ASUS) C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys
2015-09-30 21:54 - 2015-09-30 23:13 - 00000000 ____D C:\ESD
2015-09-30 21:45 - 2015-10-17 09:43 - 00000000 ____D C:\FRST
2015-09-17 23:31 - 2015-10-02 00:23 - 00000000 ____D C:\Users\kathr\Desktop\Settings-2015-09-09
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 03:07 - 2012-08-06 11:17 - 00017280 _____ ( ) C:\WINDOWS\system32\Drivers\kbfiltr.sys
2015-10-06 23:42 - 2013-07-18 13:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
 
==================== Files in the root of some directories =======
 
2015-10-14 03:53 - 2015-10-14 03:53 - 0000036 _____ () C:\Users\kathr\AppData\Local\housecall.guid.cache
2015-10-08 15:52 - 2015-10-08 15:52 - 0000357 _____ () C:\Users\kathr\AppData\Local\LMIR0001.tmp_r.bat
2015-10-03 20:26 - 2015-10-16 15:20 - 0007641 _____ () C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
2015-10-14 05:59 - 2015-10-16 20:59 - 0000010 _____ () C:\Users\kathr\AppData\Local\sponge.last.runtime.cache
2015-10-09 07:28 - 2015-10-09 07:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\kathr\AppData\Local\Temp\dllnt_dump.dll
C:\Users\kathr\AppData\Local\Temp\HitmanPro.exe
C:\Users\kathr\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\kathr\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\kathr\AppData\Local\Temp\nvStInst.exe
C:\Users\kathr\AppData\Local\Temp\t4leirks.dll
C:\Users\kathr\AppData\Local\Temp\TmDbgLog.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-14 09:20
 
==================== End of FRST.txt ============================
 
 
 
 
 
And Additional:
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by kathryn (2015-10-17 09:44:21)
Running from C:\Users\kathr\Desktop
Windows 10 Pro (X64) (2015-10-02 15:02:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4055827758-3256202687-3425098328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4055827758-3256202687-3425098328-503 - Limited - Disabled)
Guest (S-1-5-21-4055827758-3256202687-3425098328-501 - Limited - Disabled)
kathryn (S-1-5-21-4055827758-3256202687-3425098328-1001 - Administrator - Enabled) => C:\Users\kathr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Maximum Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Maximum Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
dMaintenance Home Edition v3.1.0 (HKLM-x32\...\{8198FCBE-715F-4C8A-B22B-DA73C6F2788F}_is1) (Version:  - Foolish IT LLC)
FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION (HKLM-x32\...\{BCFE2AFB-6600-462A-B088-A44AD7B52E69}) (Version: 3.8.0.96 - Axel Rietschin Software Developments)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.31 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 3.0.57.207 - SurfRight B.V.)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.4229.1029 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.5.0.1261 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
04-10-2015 19:46:14 boot
04-10-2015 19:47:33 boot
04-10-2015 19:48:19 boot
04-10-2015 19:57:06 Removed GeekBuddy.
04-10-2015 20:00:52 Windows Modules Installer
06-10-2015 13:41:08 Removed FastPictureViewer Professional 1.9.348.0 (64-bit)
06-10-2015 14:14:10 Installed FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION
06-10-2015 14:22:31 Checkpoint by HitmanPro
06-10-2015 20:36:37 Restore Operation
06-10-2015 21:16:45 Installed FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION
06-10-2015 21:45:15 afterrest_c
06-10-2015 21:46:01 afterrestore_G
06-10-2015 21:47:03 afterrestore_E
07-10-2015 01:10:35 Restore Point Created by FRST
07-10-2015 07:02:20 Removed ph.
07-10-2015 07:03:13 Removed WPT Redistributables
07-10-2015 07:03:53 Removed WPTx64
07-10-2015 07:28:47 Removed bl.
07-10-2015 17:31:09 Restore Operation
07-10-2015 17:45:53 Restore Point Created by FRST
08-10-2015 14:45:21 Removed bl.
08-10-2015 14:46:19 Removed ph.
08-10-2015 14:56:19 Restore Point Created by FRST
09-10-2015 10:02:24 Windows Modules Installer
09-10-2015 11:45:26 Installed WD Quick View
12-10-2015 08:57:50 Restore Point Created by FRST
12-10-2015 09:06:09 Restore Point Created by FRST
12-10-2015 10:25:43 Removed WD Quick View
12-10-2015 10:26:08 Removed Bonjour
12-10-2015 10:29:39 Removed WD My Cloud
12-10-2015 10:30:49 Removed WD Quick View
14-10-2015 02:57:27 Configured Qualcomm Atheros Inc.® AR81Family Gigabit/Fast EtheK¡;
14-10-2015 03:10:10 Installed ATK Package
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-02 12:36 - 2015-10-16 18:33 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {242E0E14-F0F9-495E-93C5-5C05DD6AF25C} - System32\Tasks\Amazon Music Helper => C:\Users\kathr\AppData\Local\Amazon Music\Amazon Music Helper.exe
Task: {2EB45325-6A4E-469E-8808-4434449746EB} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {3739F324-5D7D-40CD-88CC-8CEDDE1BC848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {48240F87-4CEC-42FC-8F41-44369B6F8353} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {48682BDB-FA20-45B7-9B97-0017104153B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-09-10] (Microsoft Corporation)
Task: {90B7C6D4-F1C9-493E-A34C-126378FFB57C} - System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F} => pcalua.exe -a "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe"
Task: {984146FB-DD1B-41F6-9D98-8164EBCEFF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {9A2DED0E-9020-4378-BB78-9E9158D3BF2C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {9AF1BA23-9125-4D55-9D32-D8A1EA1A8271} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Task: {A2ADAE73-86BC-478A-96C0-870F7DFD4DF2} - System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1} => pcalua.exe -a C:\PROGRA~3\INSTAL~1\{6A206~1\Setup.exe -c /remove /q0
Task: {AFBB18D8-A18A-4F14-8243-0A23C41284E4} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {B6339BC1-406C-4290-B10D-CA5F364B6A1D} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-04-10] (Foolish IT LLC)
Task: {D7C152ED-DE48-40E8-A534-9F9107455BA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D94A2258-53DC-4D0C-A0C1-2537DFABF196} - System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathryn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {DC819740-0F92-41AB-8412-17CEA0630F2F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {F51BFBCD-C30F-425D-AA17-7C45BC376C07} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F607940A-806B-43DD-A7AF-9E87BD05E9A3} - System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 22:33 - 2015-07-09 22:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-16 16:18 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2015-10-16 19:42 - 2015-03-31 06:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2015-10-16 19:42 - 2015-03-31 06:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2015-10-16 19:42 - 2015-03-31 06:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2015-10-16 19:42 - 2015-03-31 06:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2015-10-16 19:42 - 2015-03-31 06:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2015-10-16 19:42 - 2015-03-31 06:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2015-10-16 18:47 - 2015-07-16 13:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2015-10-16 19:44 - 2015-07-16 13:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-10-16 19:44 - 2015-07-16 13:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-10-16 19:44 - 2015-07-16 13:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-10-16 19:44 - 2015-07-16 13:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 22:13 - 2015-07-09 22:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-16 16:18 - 2015-08-27 11:56 - 46393608 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2015-10-16 18:47 - 2015-07-16 13:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2015-10-16 17:05 - 2015-10-09 03:59 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-16 17:05 - 2015-10-09 03:59 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-10-07 09:18 - 2015-10-07 09:18 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-10-16 18:47 - 2015-07-16 13:31 - 00092792 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_57.dll
2015-10-16 18:47 - 2015-07-16 13:31 - 00024312 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc110-mt-1_57.dll
2015-10-16 18:47 - 2015-07-16 13:31 - 00032552 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc110-mt-1_57.dll
2015-10-16 18:47 - 2015-07-16 13:31 - 00049544 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_57.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kathr\Desktop\Heart's Ransom cover\Heart's Ransom\Talon and Gwen Renders\best\heartsransomcover1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [WFDPRINT-SCAN-In-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WFDPRINT-SPOOL-In-Active] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [CoreNet-Teredo-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CoreNet-DHCP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-FDRESPUB-WSD-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-LLMNR-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-FDPHOST-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [NETDIS-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [DeliveryOptimization-UDP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [DeliveryOptimization-TCP-In] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-WLANSvc-ASP-CP-In] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [WirelessDisplay-In-TCP] => (Block) %systemroot%\system32\WUDFHost.exe
FirewallRules: [{705B912A-AAAE-450F-9756-FEBB1895E337}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{92250240-41E1-4E74-8331-72F3FE4FC326}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{1DA48651-567B-4ADA-959E-B2DBAE4CE00F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2015 09:39:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 09:38:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 09:37:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 09:18:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 08:55:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2015 10:42:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2015 07:40:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/16/2015 06:43:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.71, time stamp: 0x5616f8a3
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x0000000000075121
Faulting process id: 0x6e4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (10/16/2015 06:43:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.71, time stamp: 0x5616f8a3
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc00000fd
Fault offset: 0x0000000000001c8f
Faulting process id: 0x6e4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (10/16/2015 06:43:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.71, time stamp: 0x5616f8a3
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000005
Fault offset: 0x000000000002ebf4
Faulting process id: 0x6e4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
 
System errors:
=============
Error: (10/17/2015 09:39:50 AM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/17/2015 09:38:13 AM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/17/2015 09:37:32 AM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/17/2015 09:18:33 AM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/17/2015 08:55:25 AM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/16/2015 10:42:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/16/2015 10:42:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/16/2015 10:42:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/16/2015 10:42:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/16/2015 10:42:47 PM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2015-10-12 03:54:58.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-11 21:03:58.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-11 01:46:51.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-10 11:28:42.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 17:49:57.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 15:50:00.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 13:31:51.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 10:49:07.548
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 07:27:35.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 02:45:00.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 8%
Total physical RAM: 32685.47 MB
Available physical RAM: 29771 MB
Total Virtual: 37549.47 MB
Available Virtual: 34344.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.49 GB) (Free:390.54 GB) NTFS
Drive e: (Seagate) (Fixed) (Total:443.11 GB) (Free:328.89 GB) NTFS
Drive g: (Seagate BK) (Fixed) (Total:488.28 GB) (Free:237.53 GB) NTFS
Drive h: (450) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 748798B0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
 
Well, I think that's enough information overload for now. ;) What do y'all think?
 
Thanks in advance!
 
Cheers,
Stormy
 
 

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Whilst I read the log I will put your mind at rest with these, they are windows default settings that winpatrol is  showing, anything different would be a cause for concern

 

You may be a little overloaded with security solutions :)

 

 

WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L

WP33 - File Type .BAT: [Windows Batch File]%1 %*

WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L

WP33 - File Type .CAT: [Security Catalog]C:\WINDOWS\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1

WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1

WP33 - File Type .COM: [MS-DOS Application]%1 %*

WP33 - File Type .CMD: [Windows Command Script]%1 %*

WP33 - File Type .DOC: [Microsoft Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u

WP33 - File Type .EML: [E-mail Message]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml %1

WP33 - File Type .EXE: [Application]%1 %*

WP33 - File Type .INF: [Setup Information]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .JS: [JavaScript File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .LOG: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*

WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /f %1

WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L

WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L

WP33 - File Type .PIF: [CryptoPreventFilterMod.CryptoPreventEXEC *%]C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC *%1 %*

WP33 - File Type .REG: [Registration Entries]regedit.exe %1

WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u

WP33 - File Type .SCR: [CryptoPreventFilterMod.CryptoPreventEXEC %1 /]C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC %1 /S %*

WP33 - File Type .TXT: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l

WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .VBE: [VBScript Encoded File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .XLS: [Microsoft Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /dde

 


  • 0

Advertisements


#26
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay whew! Thank you! Yeah, I'm a bit paranoid but it was last year that I almost got hit by a Crypto virus. I say almost because things were acting twitchy so I was using Wireshark to see what was going on. I literally saw it coming and was able to beat it before it locked down the old computer. I didn't have the backups then that I do now. I almost lost all of my novels and research. Come to find out, it was my father who downloaded the initial virus through a bad Flash player upgrade. He lives next door and shares my wireless. But this time he's in the hospital right now so I know it's not anything he's doing right now. What he might have done while I was traveling a little while ago remains unknown, but I really don't want to go there. lol!


  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get at .. Firstly we will remove all sources of conflict and for a period run you with just MSEssentials and windows firewall as security

We will keep winpatrol and cryptoprevent as they are in no way conflicting.

This is not as bad as it seems because that will give you good protection whilst we play around :)

Now when we remove trend and hitman they may mess up your network so I will give the FRST network fix to run once you have uninstalled them

Uninstall Trend using the method detailed here http://esupport.tren...rt/1037161.aspx

Then Uninstall both Hitman programmes using control panel > programmes and features

Once you have done that then reset the network


CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

Now run a fresh FRST scan so that I can confirm that they have been totally cleared
  • 0

#28
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okey dokey here's the fix log. 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by kathryn (2015-10-17 15:03:12) Run:9
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathryn (Available Profiles: kathryn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:8055:5aae:ec5a:1c31
   Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%6
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%6
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36
   Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:8055:5aae:ec5a:1c31
   Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%6
   IPv4 Address. . . . . . . . . . . : 192.168.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%6
                                       192.168.1.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 4.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:05:47 ====
 
And I don't think I have any virus protection software rolling right now. It says it can't verify the signature on a Windows Defender file and it keeps yelling at me to activate antivirus software.
 
I got to take some things to my dad in the hospital so I'll be back in a bit.

Edited by stormrider22, 17 October 2015 - 02:13 PM.

  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what error it is reporting ?

Also is the behaviour of the system any better ?

Meanwhile a stop gap AV that is light and free, if you like it, it will need registering, if not it is very easy to uninstall

DOWNLOAD AND INSTALL ANTIVIRUS

Download Avast - direct link Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the following from the middle column as you will not need them :
avasttools.JPG
SecureLine
Cleanup


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

If I could then have an update on the system and a fresh FRST scan
  • 0

#30
stormrider22

stormrider22

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Okay now when I click on the notice to start antivirus it just takes me to the security center. When I click on Turn On it throws me to System32 like it wants me to find the file for it. So I installed Avast. When I entered my email I think I accidentally signed up for a free trial of their paid services. Doesn't matter to me. I had bad luck with Avast last year but it's been awhile so I don't mind trying them again and I don't mind paying for it if it's good stuff. I just don't want it to interfere with anything here.

 

My system is still booting slow but I never had the chance to finish the ready boot instructions you posted. Windows Office stopped working a couple days ago. A big thing for me is my DAZ 3d program now takes forever to render. I use Iray which is by Nvidia. It uses the GPU and taps into the CPU if necessary. Well the past two days it's been redlining the CPU and it takes 2 hours to get to 5% on a scene that used to take 20 min. And it's doing it with every scene I've tried thus far, not just one. Normally if I scene becomes too cumbersome, I'll split the elements and render them separately, unfortunately that doesn't help either. So this is quite odd for this program and my system.

 

Okay here are the new logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by kathryn (administrator) on KATHRYNLAPTOP (17-10-2015 18:46:13)
Running from C:\Users\kathr\Desktop
Loaded Profiles: kathryn (Available Profiles: kathryn)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-10-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-17] (AVAST Software)
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: "C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\setup.exe" <====== ATTENTION
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\Run: [HijackThis startup scan] => C:\Users\kathr\Downloads\HijackThis.exe [388608 2015-10-16] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-17] (AVAST Software)
AlternateShell: 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6e290f83-55f8-4f72-918b-7194d9a47859}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-17] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-17] (AVAST Software)
Handler: AutorunsDisabled - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: AutorunsDisabled - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-10-08] (Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-10-03] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2015-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-10-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-17] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://kathrynloch.deviantart.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com" 
CHR NewTab: Default -> "chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-10-05]
CHR Extension: (Theme Creator) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-10-05]
CHR Extension: (Google Docs) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-02]
CHR Extension: (YouTube) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Assassin's Creed 4 Black Flag [FVD]) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpadpijpfghpinpafnpjlipafpahkahk [2015-10-05]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-10-05]
CHR Extension: (Google Search) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-10-05]
CHR Extension: (Adobe Acrobat) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-10-05]
CHR Extension: (Gmail Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-05]
CHR Extension: (App for Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkanjjdncmgmmmeceedfmncfejmbjef [2015-10-05]
CHR Extension: (Readium) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Save to Google Drive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-10-05]
CHR Extension: (Avast Online Security) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-05]
CHR Extension: (Dropbox) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-10-05]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2015-10-05]
CHR Extension: (Booktrack Studio) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog [2015-10-05]
CHR Extension: (Google Hangouts) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-05]
CHR Extension: (Blogger) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2015-10-05]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-10-05]
CHR Extension: (Google Maps) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-10-05]
CHR Extension: (Mint) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2015-10-05]
CHR Extension: (Google Play Books) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-10-05]
CHR Extension: (OneDrive) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-10-05]
CHR Extension: (KDSPY) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocoibgfbhcplhnfdjldohepoeboiloo [2015-10-05]
CHR Extension: (Outlook.com) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-10-05]
CHR Extension: (Gmail) - C:\Users\kathr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-10-17] (AVAST Software)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8902144 2015-10-07] (SecureMix LLC)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-10-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-17] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454528 2015-10-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-17] (AVAST Software)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-10-16] ()
S3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2015-10-14] ( )
S4 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-01] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-16] ()
S4 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S4 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
U2 TMAgent; no ImagePath
S4 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-17 18:09 - 2015-10-17 18:09 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathryn_HistoryPrediction.bin
2015-10-17 18:04 - 2015-10-17 18:04 - 00002027 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-10-17 18:04 - 2015-10-17 18:04 - 00001967 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-10-17 18:04 - 2015-10-17 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-17 18:04 - 2015-10-17 18:03 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-10-17 18:03 - 2015-10-17 18:03 - 00454528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-10-17 18:03 - 2015-10-17 17:55 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-17 17:56 - 2015-10-17 18:04 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-17 17:56 - 2015-10-17 17:56 - 00000000 ____D C:\Users\kathr\AppData\Roaming\AVAST Software
2015-10-17 17:55 - 2015-10-17 17:55 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-17 17:55 - 2015-10-17 17:55 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-17 17:55 - 2015-10-17 17:55 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-17 17:42 - 2015-10-17 17:42 - 05683632 _____ (AVAST Software) C:\Users\kathr\Desktop\avast_free_antivirus_setup_online.exe
2015-10-17 17:42 - 2015-10-17 17:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-17 10:09 - 2015-10-17 10:09 - 00000000 ____D C:\Program Files\Elantech
2015-10-17 09:44 - 2015-10-17 09:44 - 00038079 _____ C:\Users\kathr\Desktop\Addition.txt
2015-10-17 09:43 - 2015-10-17 18:46 - 00043925 _____ C:\Users\kathr\Desktop\FRST.txt
2015-10-16 19:42 - 2015-10-17 09:42 - 00000000 ____D C:\Users\kathr\Desktop\FRST-OlderVersion
2015-10-16 19:37 - 2015-10-16 19:37 - 00000000 ____D C:\Users\kathr\Downloads\backups
2015-10-16 18:51 - 2015-10-16 18:51 - 00007013 _____ C:\Users\kathr\Downloads\hijackthis.log
2015-10-16 18:50 - 2015-10-16 18:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\HiJackThis.exe
2015-10-16 18:46 - 2015-10-16 18:47 - 169374816 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TTi_10.0_HE_64bit.exe
2015-10-16 18:46 - 2015-10-16 18:46 - 06630392 _____ (Trend Micro Inc.) C:\Users\kathr\Downloads\TrendMicro_MAX_8.0_US-en_Downloader.exe
2015-10-16 18:38 - 2015-10-16 18:38 - 00000370 _____ C:\Users\kathr\OneDrive\Documents\Viruses.csv
2015-10-16 18:33 - 2015-10-16 18:33 - 00004448 _____ C:\Users\kathr\Desktop\rouguekiller.txt
2015-10-16 18:24 - 2015-10-16 18:43 - 00000000 ____D C:\Users\kathr\AppData\Local\CrashDumps
2015-10-16 18:24 - 2015-10-16 18:33 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-16 18:24 - 2015-10-16 18:24 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-16 17:04 - 2015-10-16 17:15 - 00929872 _____ (Google Inc.) C:\Users\kathr\Downloads\ChromeSetup.exe
2015-10-16 16:46 - 2015-10-16 16:46 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-16 16:18 - 2015-10-17 15:02 - 00000000 ____D C:\Program Files\Trend Micro
2015-10-16 15:24 - 2015-10-16 16:17 - 00003130 _____ C:\Users\kathr\Desktop\gore.txt
2015-10-16 15:21 - 2015-10-16 15:21 - 00001974 _____ C:\Users\kathr\Desktop\GlassWire.lnk
2015-10-16 15:21 - 2015-10-16 15:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire
2015-10-16 15:21 - 2015-10-16 15:21 - 00000000 ____D C:\Program Files (x86)\GlassWire
2015-10-16 15:21 - 2015-05-28 23:30 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2015-10-16 15:21 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2015-10-16 12:33 - 2015-10-16 12:33 - 09325066 _____ C:\Users\kathr\OneDrive\Documents\SoundofMadnessChorus.wav
2015-10-16 12:33 - 2015-10-16 12:33 - 00291036 _____ C:\Users\kathr\OneDrive\Documents\SoundofMadnessChorus.pkf
2015-10-15 13:34 - 2015-10-15 13:34 - 00002672 _____ C:\Users\kathr\Desktop\Kilt02.jpg - Shortcut.lnk
2015-10-15 13:00 - 2015-10-15 13:00 - 00000000 ____D C:\Users\kathr\AppData\Roaming\WTablet
2015-10-15 12:43 - 2015-10-15 12:43 - 00000000 ____D C:\Users\Public\Pixologic
2015-10-15 12:32 - 2015-10-15 13:44 - 00001267 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit) Public Build +Beta+.lnk
2015-10-15 10:54 - 2015-10-15 10:54 - 00002789 _____ C:\Users\kathr\Desktop\Google Hangouts.lnk
2015-10-14 09:20 - 2015-10-14 09:20 - 00447576 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-10-14 07:59 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr\temp
2015-10-14 07:59 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr\AppData\Roaming\TeamViewer
2015-10-14 07:54 - 2015-10-14 07:55 - 04079264 _____ (SurfRight B.V.) C:\Users\kathr\Desktop\hmpalert3.exe
2015-10-14 07:53 - 2015-10-14 07:53 - 00722448 _____ (Threatstar B.V.) C:\Users\kathr\Desktop\hmpalert64-test.exe
2015-10-14 07:21 - 2015-10-16 18:39 - 00005196 _____ C:\Users\kathr\Desktop\quarantine.txt
2015-10-14 07:20 - 2015-10-16 18:24 - 18832456 _____ C:\Users\kathr\Desktop\RogueKiller.exe
2015-10-14 07:20 - 2015-10-16 18:23 - 00002806 _____ C:\Users\kathr\Desktop\Rkill.txt
2015-10-14 07:19 - 2015-10-14 07:20 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\kathr\Desktop\rkill.exe
2015-10-14 06:42 - 2015-10-17 09:32 - 00000000 ____D C:\EEK
2015-10-14 06:42 - 2015-10-16 18:20 - 00000784 _____ C:\Users\kathr\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-14 06:41 - 2015-10-14 06:42 - 168430496 _____ C:\Users\kathr\Desktop\EmsisoftEmergencyKit.exe
2015-10-14 06:26 - 2015-10-14 06:26 - 00002148 _____ C:\Users\kathr\Desktop\VirusTotal Uploader 2.2.lnk
2015-10-14 06:26 - 2015-10-14 06:26 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-10-14 06:26 - 2015-10-14 06:26 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2015-10-14 06:25 - 2015-10-14 06:25 - 00142744 _____ C:\Users\kathr\Desktop\vtuploader2.2.exe
2015-10-14 05:59 - 2015-10-16 20:59 - 00000010 _____ C:\Users\kathr\AppData\Local\sponge.last.runtime.cache
2015-10-14 05:14 - 2015-10-14 05:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-14 04:53 - 2015-10-15 19:18 - 00000000 ____D C:\Program Files\TabletPlugins
2015-10-14 04:53 - 2015-10-15 19:18 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2015-10-14 04:53 - 2015-10-14 04:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-10-14 04:53 - 2015-04-28 12:08 - 00103192 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2015-10-14 04:53 - 2015-04-28 12:08 - 00015128 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2015-10-14 04:52 - 2015-10-14 04:53 - 00000000 ____D C:\Program Files\Tablet
2015-10-14 04:52 - 2015-08-21 13:33 - 02090176 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 02064576 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 02057920 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01928896 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01674944 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01672384 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01664704 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01545408 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2015-10-14 04:51 - 2015-10-14 04:52 - 82016736 _____ C:\Users\kathr\Desktop\WacomTablet_6.3.14-1.exe
2015-10-14 04:43 - 2015-10-14 04:43 - 00000000 ____D C:\Users\kathr\AppData\Roaming\NVIDIA
2015-10-14 04:09 - 2015-10-14 04:09 - 00003268 _____ C:\WINDOWS\System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1}
2015-10-14 03:55 - 2015-10-17 15:02 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Trend Micro
2015-10-14 03:54 - 2015-10-17 14:11 - 00000000 ____D C:\ProgramData\Trend Micro
2015-10-14 03:53 - 2015-10-17 15:02 - 00000000 ____D C:\ProgramData\TMDP_Log
2015-10-14 03:53 - 2015-10-16 16:28 - 00000000 ____D C:\ProgramData\TMDP_Setup
2015-10-14 03:53 - 2015-10-14 03:53 - 00000036 _____ C:\Users\kathr\AppData\Local\housecall.guid.cache
2015-10-14 03:23 - 2015-10-14 03:23 - 21871440 _____ (SecureMix LLC) C:\Users\kathr\Desktop\GlassWireSetup.exe
2015-10-14 03:19 - 2015-10-17 18:07 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-14 03:19 - 2015-10-14 03:19 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-10-14 03:19 - 2015-10-02 21:28 - 00102520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-10-14 03:18 - 2015-10-14 03:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-14 03:18 - 2015-10-02 23:58 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-14 03:18 - 2015-10-02 23:58 - 00105264 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 02982704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 02554488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00938800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-14 03:18 - 2015-10-02 21:38 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-14 03:18 - 2015-10-01 04:30 - 05284082 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-14 03:17 - 2015-10-14 03:17 - 02873112 _____ (Reason Company Software Inc.) C:\Users\kathr\Desktop\herdProtectScan_Setup.exe
2015-10-14 03:17 - 2015-10-14 03:17 - 00001162 _____ C:\Users\Public\Desktop\herdProtect.lnk
2015-10-14 03:17 - 2015-10-06 13:45 - 11210056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-10-14 03:17 - 2015-10-02 23:58 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 22342264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 18387064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 18354984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 16548768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 15837152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 15803800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 14841232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 13525200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 12868120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 12038368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 03534888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 03121144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 02313336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01994360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00689968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00414000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00388048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00376112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00369272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00339064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-10-14 03:17 - 2015-10-02 23:58 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-10-14 03:17 - 2015-10-02 23:58 - 00034392 _____ C:\WINDOWS\system32\nvinfo.pb
2015-10-14 03:15 - 2015-10-17 14:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Trend Micro
2015-10-14 03:13 - 2015-10-14 03:13 - 169370152 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2015-10-14 03:12 - 2015-10-14 03:12 - 06924136 _____ (Trend Micro Inc.) C:\Users\kathr\Desktop\TrendMicro_MAX_10.0_US-en_Downloader.exe
2015-10-14 03:11 - 2015-10-14 03:15 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql.exe
2015-10-14 03:10 - 2015-10-14 03:10 - 00003646 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2015-10-14 03:10 - 2015-10-14 03:10 - 00002874 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2015-10-14 03:10 - 2015-10-14 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-14 03:10 - 2015-10-14 03:10 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-14 03:08 - 2015-10-14 03:08 - 00000000 ____D C:\Users\kathr\Desktop\ATKPackage_Win10_64_VER100039
2015-10-14 03:07 - 2015-10-14 03:07 - 00000000 ____D C:\Users\kathr\Desktop\KBFilter_Win81_64_VER1005
2015-10-14 03:06 - 2015-10-14 03:06 - 00160580 _____ C:\Users\kathr\Desktop\KBFilter_Win81_64_VER1005.zip
2015-10-14 03:05 - 2015-10-14 03:05 - 12379704 _____ C:\Users\kathr\Desktop\ATKPackage_Win10_64_VER100039.zip
2015-10-14 01:51 - 2015-10-14 01:51 - 00003266 _____ C:\WINDOWS\System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F}
2015-10-12 11:13 - 2015-10-12 11:14 - 757922649 _____ C:\Users\kathr\OneDrive\Documents\Historical.zip
2015-10-12 11:12 - 2015-10-12 11:12 - 15543068 _____ C:\Users\kathr\OneDrive\Documents\Last of the desktop.zip
2015-10-12 10:15 - 2015-10-08 23:42 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql (2).exe
2015-10-12 10:13 - 2015-10-09 00:00 - 304224616 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.98-notebook-win10-64bit-international-whql (2).exe
2015-10-12 10:13 - 2015-10-08 23:44 - 304583336 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.82-notebook-win10-64bit-international-whql (2).exe
2015-10-12 07:45 - 2015-10-12 07:45 - 04296704 _____ C:\Users\kathr\OneDrive\Documents\demon_laird.indd
2015-10-12 07:45 - 2015-10-12 07:45 - 00011486 _____ C:\2HijackPatrol.log
2015-10-12 06:51 - 2015-10-12 06:52 - 03723264 _____ C:\Users\kathr\OneDrive\Documents\mist warrior.indd
2015-10-11 16:12 - 2015-10-12 10:19 - 00003014 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 16:11 - 2015-10-11 16:11 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-10-11 16:11 - 2015-10-11 16:11 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-10-11 16:11 - 2015-10-11 16:11 - 00002091 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-10-11 06:08 - 2015-10-11 05:56 - 69420720 _____ C:\Users\kathr\OneDrive\Documents\1011150555.mp4
2015-10-11 06:08 - 2015-10-11 05:55 - 40000723 _____ C:\Users\kathr\OneDrive\Documents\1011150553.mp4
2015-10-11 06:08 - 2015-10-11 05:52 - 05270801 _____ C:\Users\kathr\OneDrive\Documents\1011150551.mp4
2015-10-11 06:08 - 2015-10-11 05:51 - 304524280 _____ C:\Users\kathr\OneDrive\Documents\1011150548.mp4
2015-10-11 06:08 - 2015-10-11 05:47 - 39634706 _____ C:\Users\kathr\OneDrive\Documents\1011150543.mp4
2015-10-11 06:08 - 2015-10-11 05:37 - 10247585 _____ C:\Users\kathr\OneDrive\Documents\1011150537.mp4
2015-10-11 06:08 - 2015-10-11 05:36 - 322664427 _____ C:\Users\kathr\OneDrive\Documents\1011150533.mp4
2015-10-11 06:08 - 2015-10-11 04:25 - 174367577 _____ C:\Users\kathr\OneDrive\Documents\1011150423.mp4
2015-10-11 06:08 - 2015-10-11 04:22 - 519388367 _____ C:\Users\kathr\OneDrive\Documents\1011150417.mp4
2015-10-11 03:08 - 2015-10-11 03:08 - 00150348 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030815.zip
2015-10-11 03:06 - 2015-10-11 03:06 - 00145074 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030603.zip
2015-10-11 03:04 - 2015-10-11 03:04 - 00129868 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030437.zip
2015-10-11 03:00 - 2015-10-11 03:00 - 00120877 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151011-030036.zip
2015-10-10 19:32 - 2015-10-10 19:23 - 00132745 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151010-192329.zip
2015-10-09 13:27 - 2015-04-28 12:08 - 00014104 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2015-10-09 13:27 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2015-10-09 13:27 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2015-10-09 13:26 - 2015-10-09 12:10 - 82016736 _____ C:\Users\kathr\Desktop\WacomTablet_6.3.14-1 (2015_09_27 15_29_22 UTC).exe
2015-10-09 11:51 - 2015-10-09 11:51 - 00000000 ____D C:\ProgramData\Apple
2015-10-09 11:49 - 2015-10-09 11:51 - 00000000 ____D C:\Users\kathr\AppData\Local\Western Digital
2015-10-09 11:45 - 2015-10-09 11:45 - 00004398 _____ C:\WINDOWS\DPINST.LOG
2015-10-09 11:44 - 2015-10-09 11:49 - 71601392 _____ C:\Users\kathr\Desktop\mc_windows_setup.exe
2015-10-09 11:44 - 2015-10-09 11:44 - 04341113 _____ C:\Users\kathr\Desktop\WD_Quick_View_Setup_for_Windows.zip
2015-10-09 11:44 - 2015-10-09 11:44 - 00000000 ____D C:\Users\kathr\Desktop\WD_Quick_View_Setup_for_Windows
2015-10-09 11:43 - 2015-10-09 11:50 - 63831744 _____ C:\Users\kathr\Desktop\WDMyCloud_win.exe
2015-10-09 07:28 - 2015-10-12 10:19 - 00002406 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2015-10-09 07:28 - 2015-10-09 07:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-09 07:27 - 2015-10-12 10:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-09 07:27 - 2015-10-09 07:27 - 00000000 ____D C:\Program Files\Realtek
2015-10-09 05:47 - 2015-10-15 20:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-09 04:31 - 2015-10-09 04:31 - 00000259 _____ C:\AmazonMusic.log
2015-10-09 04:11 - 2015-10-09 04:11 - 00000000 ____D C:\Users\kathr\Desktop\Audio_Realtek_Win81_64_VER6017304
2015-10-09 04:10 - 2015-10-12 10:19 - 00002516 _____ C:\WINDOWS\System32\Tasks\Amazon Music Helper
2015-10-09 04:10 - 2015-10-09 04:10 - 41261584 _____ (Amazon) C:\Users\kathr\Desktop\Amazon_Music_with_Prime_Music_PC_Download.exe
2015-10-08 23:40 - 2015-10-12 10:42 - 303687256 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\358.50-notebook-win10-64bit-international-whql (1).exe
2015-10-08 23:40 - 2015-10-08 23:44 - 304583336 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.82-notebook-win10-64bit-international-whql.exe
2015-10-08 23:38 - 2015-10-09 00:00 - 304224616 _____ (NVIDIA Corporation) C:\Users\kathr\Desktop\355.98-notebook-win10-64bit-international-whql.exe
2015-10-08 19:14 - 2015-10-08 19:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-08 17:56 - 2015-10-08 17:58 - 02520048 _____ C:\Users\kathr\OneDrive\Documents\KATHRYNLAPTOP2.arn
2015-10-08 17:19 - 2015-10-08 17:48 - 00002834 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathryn
2015-10-08 17:08 - 2015-10-14 02:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-10-08 16:40 - 2015-10-08 16:40 - 00000000 ____D C:\$WINDOWS.~BT
2015-10-08 16:13 - 2015-10-08 16:13 - 00000029 _____ C:\Users\kathr\OneDrive\Documents\windows10pro.txt
2015-10-08 16:09 - 2015-10-08 16:09 - 00000000 ___HD C:\$Windows.~WS
2015-10-08 16:07 - 2015-10-08 16:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-08 16:04 - 2015-10-08 16:04 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-10-08 16:04 - 2015-10-08 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-10-08 16:00 - 2015-10-08 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-08 16:00 - 2015-10-08 16:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-08 15:52 - 2015-10-08 15:52 - 00000357 _____ C:\Users\kathr\AppData\Local\LMIR0001.tmp_r.bat
2015-10-08 15:42 - 2015-10-08 15:54 - 00000000 ____D C:\Users\kathr\AppData\Local\LogMeIn Rescue Applet
2015-10-08 15:09 - 2015-10-08 15:09 - 00024288 _____ C:\WINDOWS\system32\WacDriverDLCoinst.dll
2015-10-07 22:53 - 2015-10-07 22:53 - 00016148 _____ C:\WINDOWS\system32\KATHRYNLAPTOP_kathr_HistoryPrediction.bin
2015-10-07 20:20 - 2015-10-07 20:20 - 00000000 ____D C:\ProgramData\OptiTex
2015-10-07 13:36 - 2015-10-08 17:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-07 13:35 - 2015-10-14 03:19 - 00000000 ____D C:\Temp
2015-10-07 13:35 - 2015-10-09 10:46 - 00000000 ____D C:\Users\kathr\Desktop\CardReader_Genesys_Win81_64_VER4307
2015-10-07 00:17 - 2015-10-17 09:19 - 00010394 _____ C:\HijackPatrol.log
2015-10-06 23:45 - 2015-10-06 23:45 - 00000000 ____D C:\NVIDIA
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\kathr\Desktop\LAN_QualcommAtheros_Win81_64_VER21021
2015-10-06 23:37 - 2015-10-06 23:37 - 02082460 _____ C:\Users\kathr\Desktop\IRST_Intel_Win81_64_VER12801016.zip
2015-10-06 23:36 - 2015-10-06 23:36 - 09993488 _____ C:\Users\kathr\Desktop\CardReader_Genesys_Win81_64_VER4307.zip
2015-10-06 23:35 - 2015-10-06 23:36 - 128469985 _____ C:\Users\kathr\Desktop\Audio_Realtek_Win81_64_VER6017304.zip
2015-10-06 21:17 - 2015-10-06 21:17 - 00000000 ____D C:\WINDOWS\WICCodecs
2015-10-06 18:53 - 2015-10-10 12:16 - 36438016 _____ C:\WINDOWS\system32\config\components.old
2015-10-06 14:14 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
2015-10-06 13:46 - 2015-10-08 15:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-06 13:43 - 2015-10-08 17:48 - 00002830 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr
2015-10-06 11:27 - 2015-10-06 11:32 - 00830266 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-05 12:47 - 2015-10-05 12:47 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-KATHRYNLAPTOP-Windows-10-Pro-(64-bit).dat
2015-10-05 12:47 - 2015-10-05 12:47 - 00000000 ____D C:\RegBackup
2015-10-05 11:56 - 2015-10-08 19:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-05 09:09 - 2015-10-05 09:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 08:58 - 2015-10-14 04:09 - 00000000 ____D C:\ProgramData\InstallMate
2015-10-05 08:58 - 2015-10-06 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-10-05 08:58 - 2015-10-05 09:00 - 00000000 ____D C:\Users\kathr\AppData\Roaming\WinPatrol
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-10-05 05:15 - 2015-10-07 16:32 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Adobe
2015-10-05 05:13 - 2015-10-08 17:48 - 00002872 _____ C:\WINDOWS\System32\Tasks\[email protected]
2015-10-05 04:24 - 2015-10-05 04:24 - 00000000 ____D C:\Users\kathr\AppData\Local\AntiLogger Free
2015-10-05 03:37 - 2015-10-05 03:37 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2015-10-05 03:37 - 2015-10-05 03:37 - 00000000 ____D C:\Users\kathr\Desktop\ProcessExplorer
2015-10-05 01:36 - 2015-10-05 01:37 - 74520472 _____ (Logitech, Inc.) C:\Users\kathr\Downloads\lws280.exe
2015-10-05 01:26 - 2015-10-12 10:41 - 00587682 _____ C:\Users\kathr\OneDrive\Documents\KATHRYNLAPTOP.arn
2015-10-05 00:19 - 2015-10-05 00:19 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2015-10-05 00:03 - 2015-10-05 00:03 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
2015-10-04 23:48 - 2015-10-16 12:27 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Adobe
2015-10-04 23:48 - 2015-10-05 05:13 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-04 23:48 - 2015-10-04 23:48 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-10-04 23:44 - 2015-10-11 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-04 23:44 - 2015-10-05 00:19 - 00000000 ____D C:\Program Files\Adobe
2015-10-04 23:36 - 2015-10-14 07:06 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files
2015-10-04 23:34 - 2015-10-04 23:34 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-10-04 23:34 - 2015-10-04 23:34 - 00001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-10-04 23:29 - 2015-10-17 14:11 - 00000000 ____D C:\Users\kathr\AppData\Local\Adobe
2015-10-04 23:18 - 2015-10-05 01:10 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\kathr\Desktop\autoruns.exe
2015-10-04 23:02 - 2015-10-14 03:50 - 00000000 ____D C:\Program Files\Webroot
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-10-04 22:43 - 2015-10-04 22:43 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-10-04 22:43 - 2015-10-04 22:43 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-10-04 22:43 - 2015-10-04 22:43 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-10-04 22:36 - 2015-10-16 03:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Adobe
2015-10-04 22:16 - 2015-10-12 11:11 - 00001325 _____ C:\Users\Public\Desktop\dMaintenance Home Edition.lnk
2015-10-04 21:05 - 2015-10-12 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-10-04 21:05 - 2015-10-12 10:24 - 00003518 _____ C:\WINDOWS\System32\Tasks\CryptoPrevent Update
2015-10-04 21:05 - 2015-10-04 21:05 - 00001289 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-10-04 20:10 - 2015-10-17 18:07 - 00021012 __RSH C:\ProgramData\ntuser.pol
2015-10-04 19:58 - 2015-10-12 10:26 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-10-04 19:34 - 2015-10-04 19:36 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\WPA Files
2015-10-04 19:34 - 2015-10-04 19:34 - 00000000 ____D C:\SymCache
2015-10-04 19:31 - 2015-10-04 19:31 - 163577856 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.etl
2015-10-04 19:31 - 2015-10-04 19:31 - 07345250 _____ C:\WINDOWS\system32\boot_BASE+CSWITCH_1.cab
2015-10-04 18:51 - 2015-10-04 18:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-04 14:37 - 2015-10-04 14:37 - 191889408 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.etl
2015-10-04 14:37 - 2015-10-04 14:37 - 04993712 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_2.cab
2015-10-04 14:31 - 2015-10-04 14:31 - 220200960 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.etl
2015-10-04 14:31 - 2015-10-04 14:31 - 03730738 _____ C:\WINDOWS\system32\bootPrep_BASE+CSWITCH_1.cab
2015-10-04 14:20 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-10-04 14:20 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-10-04 00:23 - 2015-10-16 19:49 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-10-04 00:23 - 2015-10-06 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-04 00:16 - 2015-10-17 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-10-04 00:05 - 2015-10-04 00:05 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Blacksmith3D
2015-10-03 23:06 - 2015-10-03 23:06 - 00002826 _____ C:\Users\kathr\Desktop\AHB_magnaheart_dress_02 - Shortcut.lnk
2015-10-03 21:35 - 2015-10-03 21:35 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Security
2015-10-03 21:00 - 2015-10-03 21:00 - 00058675 _____ C:\Users\kathr\OneDrive\Documents\registryleaks.txt
2015-10-03 20:43 - 2015-10-11 02:23 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\DAZ 3D
2015-10-03 20:30 - 2015-10-03 20:30 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2015-10-03 20:26 - 2015-10-16 15:20 - 00007641 _____ C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
2015-10-03 20:26 - 2015-10-04 22:16 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-10-03 20:26 - 2015-10-04 21:05 - 00000000 ____D C:\ProgramData\Foolish IT
2015-10-03 18:45 - 2015-10-04 18:28 - 00000000 ____D C:\AdwCleaner
2015-10-03 18:34 - 2015-10-03 18:34 - 00000000 ____D C:\WINDOWS\SMSS-PFRO20f5.tmp
2015-10-03 17:45 - 2015-10-14 09:21 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-03 17:10 - 2015-10-17 14:59 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0AB9CB54-4CE0-4F7C-A83A-83EBCF8FAC11}
2015-10-03 15:40 - 2015-10-17 18:07 - 03335920 _____ C:\WINDOWS\PFRO.log
2015-10-03 15:38 - 2015-10-16 17:16 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-03 15:38 - 2015-10-03 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 15:37 - 2015-10-08 19:15 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 15:37 - 2015-10-08 19:15 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 15:37 - 2015-10-08 17:48 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-03 15:37 - 2015-10-08 17:48 - 00003272 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-03 15:32 - 2015-10-03 15:32 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-10-03 15:18 - 2015-10-17 09:42 - 02196992 _____ (Farbar) C:\Users\kathr\Desktop\FRST64.exe
2015-10-03 15:10 - 2015-10-03 15:10 - 00001704 _____ C:\Users\Public\Desktop\Scrivener.lnk
2015-10-03 15:10 - 2015-10-03 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-10-03 14:48 - 2015-10-07 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-07 17:37 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-03 14:48 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-10-03 14:47 - 2015-10-03 15:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-03 14:39 - 2015-10-03 14:41 - 00001176 _____ C:\Users\kathr\Desktop\DAZ Studio 4.8 (64-bit).lnk
2015-10-03 14:38 - 2015-10-15 12:43 - 00000000 ____D C:\Program Files\DAZ 3D
2015-10-03 14:38 - 2015-10-03 14:38 - 00000969 _____ C:\Users\kathr\Desktop\Carrara 8.5 Pro (64-bit).lnk
2015-10-03 09:32 - 2015-10-03 09:31 - 00117242 _____ C:\Users\kathr\Desktop\DAZStudio_error_report_151003-093132.zip
2015-10-02 21:35 - 2015-10-02 21:35 - 00000000 ____D C:\Users\kathr\AppData\Local\CEF
2015-10-02 18:55 - 2015-10-03 17:20 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-02 18:49 - 2015-10-02 18:49 - 00000000 ____D C:\Users\kathr\AppData\Local\Scrivener
2015-10-02 18:35 - 2015-10-05 04:33 - 00000000 ____D C:\ProgramData\Adobe
2015-10-02 18:35 - 2015-10-04 14:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 18:34 - 2015-10-04 23:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-02 18:31 - 2015-10-03 15:10 - 00000000 ____D C:\Program Files (x86)\Scrivener
2015-10-02 18:29 - 2015-10-15 13:02 - 00000000 ____D C:\ProgramData\DAZ 3D
2015-10-02 18:00 - 2015-10-02 18:00 - 00000000 ____D C:\Users\kathr\AppData\Local\Logitech® Webcam Software
2015-10-02 17:58 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\LogiShrd
2015-10-02 17:58 - 2015-10-02 17:58 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Leadertech
2015-10-02 17:57 - 2015-10-07 00:01 - 00010152 _____ C:\WINDOWS\LDPINST.LOG
2015-10-02 17:49 - 2015-10-07 17:37 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-02 17:49 - 2015-10-07 00:01 - 00018015 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-02 17:43 - 2015-10-02 17:43 - 00000000 ____D C:\Users\kathr\Desktop\Heart's Ransom cover
2015-10-02 17:40 - 2015-10-07 17:37 - 00000000 ____D C:\ProgramData\FastPictureViewer
2015-10-02 17:38 - 2015-10-06 21:30 - 00000000 ____D C:\Users\kathr\Desktop\3d n Art
2015-10-02 17:37 - 2015-10-17 09:42 - 00000000 ____D C:\Users\kathr\Desktop\computer
2015-10-02 16:06 - 2015-10-02 16:06 - 00000000 ____D C:\Users\kathr\AppData\Local\PeerDistRepub
2015-10-02 16:02 - 2015-10-14 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2015-10-02 16:02 - 2015-10-02 16:02 - 00000000 ____D C:\Program Files\Reason
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\Users\kathr\AppData\Local\GlassWire
2015-10-02 15:50 - 2015-10-02 15:50 - 00000000 ____D C:\ProgramData\GlassWire
2015-10-02 15:37 - 2015-10-14 09:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-02 15:29 - 2015-10-03 17:19 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 15:13 - 2015-10-02 15:13 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Macromedia
2015-10-02 14:47 - 2015-10-02 14:47 - 00000000 ___HD C:\VTRoot
2015-10-02 12:48 - 2015-10-08 16:40 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-02 12:48 - 2015-10-08 13:56 - 00000000 ____D C:\Windows.old
2015-10-02 12:45 - 2015-10-02 12:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-02 12:44 - 2015-10-02 12:44 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-02 12:43 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\Setup
2015-10-02 12:41 - 2015-10-02 12:41 - 00000000 ____D C:\WINDOWS\OCR
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-02 12:40 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-02 12:38 - 2015-10-01 02:57 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38 - 2015-10-01 02:57 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 12:37 - 2015-10-09 13:29 - 00002177 _____ C:\WINDOWS\DtcInstall.log
2015-10-02 12:36 - 2015-10-17 18:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-02 12:36 - 2015-10-17 17:35 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 12:36 - 2015-10-17 14:10 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-02 12:36 - 2015-10-16 16:28 - 00000215 _____ C:\WINDOWS\win.ini
2015-10-02 12:36 - 2015-10-14 03:18 - 00000000 ____D C:\WINDOWS\Help
2015-10-02 12:36 - 2015-10-14 02:51 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 12:36 - 2015-10-09 11:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-02 12:36 - 2015-10-09 11:37 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 12:36 - 2015-10-08 17:23 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-02 12:36 - 2015-10-08 16:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-02 12:36 - 2015-10-08 14:03 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 12:36 - 2015-10-07 17:37 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-02 12:36 - 2015-10-06 21:52 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-02 12:36 - 2015-10-04 23:13 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-02 12:36 - 2015-10-03 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 12:36 - 2015-10-03 18:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-02 12:36 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-02 12:36 - 2015-10-02 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-02 12:36 - 2015-10-02 12:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-02 12:36 - 2015-10-02 12:40 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:37 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Web
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\tracing
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\System
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Speech
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SKB
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\security
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\schemas
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Resources
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\PLA
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Performance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\Branding
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\addins
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\ProgramData\Comms
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-02 12:36 - 2015-10-02 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-02 12:36 - 2015-10-02 12:34 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-02 12:36 - 2015-10-02 12:34 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-02 12:36 - 2015-10-02 12:34 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-02 12:36 - 2015-10-02 12:34 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-02 12:36 - 2015-10-02 12:34 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-02 12:36 - 2015-10-02 12:34 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-02 12:36 - 2015-10-02 12:34 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-02 12:36 - 2015-10-02 12:34 - 00000219 ____N C:\WINDOWS\system.ini
2015-10-02 12:36 - 2015-10-02 11:06 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-02 12:36 - 2015-10-02 10:06 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-02 12:36 - 2015-10-02 10:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-02 12:36 - 2015-10-02 09:59 - 00000000 ____D C:\WINDOWS\CSC
2015-10-02 12:36 - 2015-10-02 09:57 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-02 12:36 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-02 12:28 - 2015-10-17 18:13 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 12:24 - 2015-10-17 18:06 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 12:24 - 2015-10-16 19:49 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-02 12:24 - 2015-10-14 02:05 - 00000000 __RHD C:\Users\Default
2015-10-02 12:24 - 2015-10-03 17:21 - 00000000 ____D C:\WINDOWS\servicing
2015-10-02 12:24 - 2015-10-02 12:36 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-02 12:24 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-02 12:23 - 2015-10-04 15:07 - 00000000 ___HD C:\$SysReset
2015-10-02 11:09 - 2015-10-02 11:09 - 00000000 ____D C:\ProgramData\Shared Space
2015-10-02 11:01 - 2015-10-02 11:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-10-02 11:01 - 2015-10-02 11:01 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-02 10:53 - 2015-10-15 13:02 - 00000000 ____D C:\Users\kathr\AppData\Roaming\DAZ 3D
2015-10-02 10:52 - 2015-10-03 14:39 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2015-10-02 10:52 - 2015-10-02 10:52 - 00000000 ____D C:\Program Files (x86)\DAZ 3D
2015-10-02 10:48 - 2015-10-16 16:12 - 00000000 ____D C:\Users\kathr\AppData\Roaming\vlc
2015-10-02 10:48 - 2015-10-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-02 10:48 - 2015-10-02 10:48 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-02 10:48 - 2015-10-02 10:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-02 10:38 - 2015-07-05 05:08 - 00300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-02 10:34 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-02 10:33 - 2015-10-07 00:02 - 00000000 ____D C:\Program Files (x86)\Opera
2015-10-02 10:33 - 2015-10-03 17:10 - 00000000 ____D C:\Users\kathr\AppData\Local\Google
2015-10-02 10:25 - 2015-10-14 09:20 - 02544872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-10-02 10:21 - 2015-10-02 10:32 - 00000000 ____D C:\Users\kathr\AppData\Local\MicrosoftEdge
2015-10-02 10:16 - 2015-10-03 15:43 - 00002338 _____ C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-02 10:08 - 2015-10-02 10:08 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-02 10:07 - 2015-10-03 15:39 - 00000000 ____D C:\Users\kathr\AppData\Local\Comms
2015-10-02 10:06 - 2015-10-16 18:51 - 00000000 ____D C:\Users\kathr\AppData\Local\VirtualStore
2015-10-02 10:06 - 2015-10-03 14:52 - 00000000 ____D C:\Users\kathr\AppData\Local\Packages
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\TileDataLayer
2015-10-02 10:06 - 2015-10-02 10:06 - 00000000 ____D C:\Users\kathr\AppData\Local\Publishers
2015-10-02 10:05 - 2015-10-17 18:12 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-02 10:05 - 2015-10-02 10:05 - 00000020 ___SH C:\Users\kathr\ntuser.ini
2015-10-02 10:02 - 2015-10-02 10:02 - 00000000 __SHD C:\Recovery
2015-10-02 10:00 - 2015-10-14 07:59 - 00000000 ____D C:\Users\kathr
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 __RSD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-02 10:00 - 2015-10-03 17:21 - 00000000 ___RD C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 10:00 - 2015-10-02 12:36 - 00000000 ____D C:\Users\kathr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-02 09:54 - 2015-10-17 18:07 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 09:53 - 2015-10-14 03:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-02 09:53 - 2015-10-02 09:53 - 00000000 ____D C:\ProgramData\USOShared
2015-10-02 09:53 - 2015-07-10 00:37 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-02 09:51 - 2015-10-16 12:21 - 00023145 _____ C:\WINDOWS\setupact.log
2015-10-02 09:51 - 2015-10-02 09:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-02 09:50 - 2015-10-17 18:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-02 09:49 - 2015-10-12 10:56 - 00517808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-02 02:37 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\Presets-2015-09-09
2015-10-02 01:34 - 2015-10-02 17:39 - 00000000 ____D C:\Users\kathr\Desktop\unzipped
2015-10-01 13:43 - 2015-10-03 17:21 - 00000000 ____D C:\Users\kathr\Desktop\21966-01_ContentCatalogerEasy
2015-10-01 13:32 - 2015-10-01 13:32 - 00000776 _____ C:\Users\kathr\Desktop\Hexagon 2.lnk
2015-10-01 12:35 - 2015-10-05 00:26 - 00000000 ____D C:\Users\kathr\Desktop\renderosity
2015-10-01 08:35 - 2015-10-07 01:11 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\Temp
2015-10-01 02:57 - 2015-10-01 02:57 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 02:57 - 2015-10-01 02:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 02:57 - 2015-10-01 02:57 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 02:57 - 2015-10-01 02:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 02:20 - 2015-10-09 00:09 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Keep
2015-10-01 02:20 - 2015-10-02 21:56 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\_1 Writing
2015-10-01 02:20 - 2015-10-01 03:13 - 00000000 ____D C:\Users\kathr\OneDrive\Documents\Scriverner
2015-10-01 02:11 - 2015-10-05 00:01 - 00002126 _____ C:\Users\kathr\Desktop\DAZ Install Manager.lnk
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\d956d726f5b732d32501
2015-10-01 01:58 - 2015-10-01 01:58 - 00000000 _____ C:\c9112f9ef026831bf709
2015-10-01 01:46 - 2015-10-04 23:36 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (2)
2015-10-01 01:46 - 2015-10-03 17:20 - 00000000 ___RD C:\Users\kathr\Creative Cloud Files (1)
2015-10-01 01:06 - 2015-10-07 17:37 - 00000000 ____D C:\Users\kathr\AppData\LocalLow\LastPass
2015-10-01 00:20 - 2015-10-11 16:41 - 00000000 ____D C:\Users\kathr\OneDrive
2015-10-01 00:17 - 2015-10-01 00:17 - 00193336 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2015-09-30 23:26 - 2015-10-02 23:58 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvir3dgenco64.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435354.dll
2015-09-30 23:26 - 2015-09-30 23:26 - 00452240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-09-30 23:26 - 2015-09-30 23:26 - 00019976 _____ (ASUS) C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys
2015-09-30 21:54 - 2015-09-30 23:13 - 00000000 ____D C:\ESD
2015-09-30 21:45 - 2015-10-17 18:46 - 00000000 ____D C:\FRST
2015-09-17 23:31 - 2015-10-02 00:23 - 00000000 ____D C:\Users\kathr\Desktop\Settings-2015-09-09
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-14 03:07 - 2012-08-06 11:17 - 00017280 _____ ( ) C:\WINDOWS\system32\Drivers\kbfiltr.sys
2015-10-06 23:42 - 2013-07-18 13:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\WINDOWS\system32\Drivers\L1C63x64.sys
 
==================== Files in the root of some directories =======
 
2015-10-14 03:53 - 2015-10-14 03:53 - 0000036 _____ () C:\Users\kathr\AppData\Local\housecall.guid.cache
2015-10-08 15:52 - 2015-10-08 15:52 - 0000357 _____ () C:\Users\kathr\AppData\Local\LMIR0001.tmp_r.bat
2015-10-03 20:26 - 2015-10-16 15:20 - 0007641 _____ () C:\Users\kathr\AppData\Local\Resmon.ResmonCfg
2015-10-14 05:59 - 2015-10-16 20:59 - 0000010 _____ () C:\Users\kathr\AppData\Local\sponge.last.runtime.cache
2015-10-09 07:28 - 2015-10-09 07:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-14 09:20
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by kathryn (2015-10-17 18:46:48)
Running from C:\Users\kathr\Desktop
Windows 10 Pro (X64) (2015-10-02 15:02:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4055827758-3256202687-3425098328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4055827758-3256202687-3425098328-503 - Limited - Disabled)
Guest (S-1-5-21-4055827758-3256202687-3425098328-501 - Limited - Disabled)
kathryn (S-1-5-21-4055827758-3256202687-3425098328-1001 - Administrator - Enabled) => C:\Users\kathr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.1.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
dMaintenance Home Edition v3.1.0 (HKLM-x32\...\{8198FCBE-715F-4C8A-B22B-DA73C6F2788F}_is1) (Version:  - Foolish IT LLC)
ELAN Touchpad 11.5.19.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.19.2 - ELAN Microelectronic Corp.)
FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION (HKLM-x32\...\{BCFE2AFB-6600-462A-B088-A44AD7B52E69}) (Version: 3.8.0.96 - Axel Rietschin Software Developments)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.31 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.4229.1029 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4229.1029 - Microsoft Corporation) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Scrivener (HKLM-x32\...\Scrivener 1860) (Version: 1860 - Literature and Latte)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-86B29D68EB0B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
04-10-2015 19:46:14 boot
04-10-2015 19:47:33 boot
04-10-2015 19:48:19 boot
04-10-2015 19:57:06 Removed GeekBuddy.
04-10-2015 20:00:52 Windows Modules Installer
06-10-2015 13:41:08 Removed FastPictureViewer Professional 1.9.348.0 (64-bit)
06-10-2015 14:14:10 Installed FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION
06-10-2015 14:22:31 Checkpoint by HitmanPro
06-10-2015 20:36:37 Restore Operation
06-10-2015 21:16:45 Installed FastPictureViewer Codec Pack 3.8.0.96 TRIAL EDITION
06-10-2015 21:45:15 afterrest_c
06-10-2015 21:46:01 afterrestore_G
06-10-2015 21:47:03 afterrestore_E
07-10-2015 01:10:35 Restore Point Created by FRST
07-10-2015 07:02:20 Removed ph.
07-10-2015 07:03:13 Removed WPT Redistributables
07-10-2015 07:03:53 Removed WPTx64
07-10-2015 07:28:47 Removed bl.
07-10-2015 17:31:09 Restore Operation
07-10-2015 17:45:53 Restore Point Created by FRST
08-10-2015 14:45:21 Removed bl.
08-10-2015 14:46:19 Removed ph.
08-10-2015 14:56:19 Restore Point Created by FRST
09-10-2015 10:02:24 Windows Modules Installer
09-10-2015 11:45:26 Installed WD Quick View
12-10-2015 08:57:50 Restore Point Created by FRST
12-10-2015 09:06:09 Restore Point Created by FRST
12-10-2015 10:25:43 Removed WD Quick View
12-10-2015 10:26:08 Removed Bonjour
12-10-2015 10:29:39 Removed WD My Cloud
12-10-2015 10:30:49 Removed WD Quick View
14-10-2015 02:57:27 Configured Qualcomm Atheros Inc.® AR81Family Gigabit/Fast EtheK¡;
14-10-2015 03:10:10 Installed ATK Package
17-10-2015 10:08:10 Windows Update
17-10-2015 15:03:28 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-02 12:36 - 2015-10-16 18:33 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AB17DF1-5B8E-44C6-96AE-AED613CA7331} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-17] (AVAST Software)
Task: {242E0E14-F0F9-495E-93C5-5C05DD6AF25C} - System32\Tasks\Amazon Music Helper => C:\Users\kathr\AppData\Local\Amazon Music\Amazon Music Helper.exe
Task: {2EB45325-6A4E-469E-8808-4434449746EB} - System32\Tasks\[email protected]tlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {3739F324-5D7D-40CD-88CC-8CEDDE1BC848} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {48240F87-4CEC-42FC-8F41-44369B6F8353} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {48682BDB-FA20-45B7-9B97-0017104153B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2015-09-10] (Microsoft Corporation)
Task: {90B7C6D4-F1C9-493E-A34C-126378FFB57C} - System32\Tasks\{FAE41C42-E035-4FFE-81B1-F4404DFD0C0F} => pcalua.exe -a "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe"
Task: {984146FB-DD1B-41F6-9D98-8164EBCEFF71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {9A2DED0E-9020-4378-BB78-9E9158D3BF2C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {9AF1BA23-9125-4D55-9D32-D8A1EA1A8271} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Task: {A2ADAE73-86BC-478A-96C0-870F7DFD4DF2} - System32\Tasks\{A45DFF4C-AC84-4E0C-A331-3CB2D33F75F1} => pcalua.exe -a C:\PROGRA~3\INSTAL~1\{6A206~1\Setup.exe -c /remove /q0
Task: {AFBB18D8-A18A-4F14-8243-0A23C41284E4} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {B6339BC1-406C-4290-B10D-CA5F364B6A1D} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-04-10] (Foolish IT LLC)
Task: {D7C152ED-DE48-40E8-A534-9F9107455BA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D94A2258-53DC-4D0C-A0C1-2537DFABF196} - System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathryn => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {DC819740-0F92-41AB-8412-17CEA0630F2F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-26] (Microsoft Corporation)
Task: {F51BFBCD-C30F-425D-AA17-7C45BC376C07} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {F607940A-806B-43DD-A7AF-9E87BD05E9A3} - System32\Tasks\AdobeAAMUpdater-1.0-KATHRYNLAPTOP-kathr => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-09 22:33 - 2015-07-09 22:33 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-14 03:18 - 2015-10-02 21:38 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-14 04:52 - 2015-08-21 13:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 02:57 - 2015-10-01 02:57 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-17 17:55 - 2015-10-17 17:55 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-17 17:55 - 2015-10-17 17:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-17 17:55 - 2015-10-17 17:55 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15101701\algo.dll
2015-10-07 09:18 - 2015-10-07 09:18 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-10-17 17:55 - 2015-10-17 17:55 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kathr\Desktop\Heart's Ransom cover\Heart's Ransom\Talon and Gwen Renders\best\heartsransomcover1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A0A4089E-C7AF-490C-89E4-D2AB9341E4C2}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6726C9C0-F095-479D-9C58-3B2C15CE537F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
Name: ELAN Input Device
Description: ELAN Input Device
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: ELAN
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2015 06:09:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 05:49:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 05:46:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 05:35:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 03:39:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 03:27:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 03:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.14.1, time stamp: 0x55d76d2d
Faulting module name: Wacom_Tablet.exe, version: 6.3.14.1, time stamp: 0x55d76d2d
Exception code: 0xc0000005
Fault offset: 0x00000000002b9389
Faulting process id: 0x12fc
Faulting application start time: 0xWacom_Tablet.exe0
Faulting application path: Wacom_Tablet.exe1
Faulting module path: Wacom_Tablet.exe2
Report Id: Wacom_Tablet.exe3
Faulting package full name: Wacom_Tablet.exe4
Faulting package-relative application ID: Wacom_Tablet.exe5
 
Error: (10/17/2015 03:13:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 03:07:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 03:02:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KATHRYNLAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:11:09 PM) (Source: DCOM) (EventID: 10016) (User: KATHRYNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}KATHRYNLAPTOPkathrynS-1-5-21-4055827758-3256202687-3425098328-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/17/2015 06:09:53 PM) (Source: DCOM) (EventID: 10001) (User: KATHRYNLAPTOP)
Description: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca2CortanaUIUnavailableUnavailable
 
Error: (10/17/2015 06:08:06 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (10/17/2015 06:06:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%997
 
Error: (10/17/2015 06:07:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:48:03 PM on ‎10/‎17/‎2015 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-12 03:54:58.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-11 21:03:58.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-11 01:46:51.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-10 11:28:42.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 17:49:57.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 15:50:00.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 13:31:51.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 10:49:07.548
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 07:27:35.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-09 02:45:00.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 6%
Total physical RAM: 32685.47 MB
Available physical RAM: 30469.59 MB
Total Virtual: 37549.47 MB
Available Virtual: 35348.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.49 GB) (Free:391.27 GB) NTFS
Drive e: (Seagate) (Fixed) (Total:443.11 GB) (Free:328.57 GB) NTFS
Drive g: (Seagate BK) (Fixed) (Total:488.28 GB) (Free:236.67 GB) NTFS
Drive h: (450) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
Drive i: () (Removable) (Total:29.72 GB) (Free:21.5 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 748798B0)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 29.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
I do have one question - why is it that even when I'm not connected to the internet every blasted service that is responsible for the network connection and internet communication continues to run? That really chews up my processor and my ram.
 
Thank you!

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP