Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

After wipe and reinstall still having problems Open Candy and possible

Started by stormrider22 , Oct 02 2015 07:23 PM

This topic is locked

#16
Essexboy

Posted 07 October 2015 - 07:59 AM

GeekU Moderator

Retired Staff
69,964 posts

Are you having problems with the start button and Cortana at windows start ?

couple of hidden files on the second report that caught my attention. I put those in red text. What do you think? If there's nothing to worry about, I promise that I'll stop bugging you.

I am here to be bugged

there are two that I am unsure of so I will get those to reveal themselves

Also I will give you a full network reset and see if that helps

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

#17
stormrider22

Posted 07 October 2015 - 05:32 PM

Member

Topic Starter
Member
26 posts

Thanks Essex!

Well, I see the errors in the event logs but when I open the task manager Cortana is there like bad weather and an uninvited guest - arrives sooner than expected and overstays her welcome. Anyway, my computer is really bogging down now but at least I was able to get on the internet this time. How long that will last, I don't know because I'd go to a static IP and could get on then it would change and there we go again. Those two programs are now visible as uninstallable in Programs and Features. I have no clue what they are. It's not like I'm miss daring do when it comes to the internet. For years I was an office manager so worn my share of the IT hats when needed, so I have a bit of a clue about security. On this one I wasn't thinking though and wasn't connected to the internet. I plug in do what I need to do and I'm out and unplugged. It's a habit now.

I'm thinking it might be something java related because my phone is freaking out too even though I have ESET and some other security. It's filling up the memory within seconds even though I'm not doing anything. I had an 32gb SD card in there but it wasn't writing to that, just filling up the phone memory so things started crashing. I regularly swap that SD card out. Since it wasn't writing to the card and since ESENT and Verizon said no virus or malware, I put the card in my laptop but it didn't open and didn't even acknowledge the removable drive. I removed it and said forget that. But it wasn't until 12 hours later that the laptop freaked out with the IP thing, so I'm not positive that the two are related. As you can see I've got my security pretty lined out with paid versions on the laptop (but any suggestions for improvement are appreciated). Webroot had received some fantastic reviews so I thought it would be great. But nothing ever jumped up and said anything. WinPatrol was the only thing that notified me of the startups trying to install themselves and I said no of course.

Anyway I can run the reset and anything else that failed through ipconfig, I'm pretty familiar with that command set and I had been flushing the DNS like a toilet. lol! Just let me know.

Here's the report. I haven't uninstalled those programs yet but would like to get rid of them ASAP if possible.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015

Ran by kathr (2015-10-07 17:45:50) Run:4

Running from C:\Users\kathr\Desktop

Loaded Profiles: kathr (Available Profiles: kathr)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => value removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => value removed successfully

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Unicast Address, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting Route, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting , failed.

Access is denied.

There's no user specified settings to be reset.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10240 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 200.1 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 17:51:01 ====

Thanks again!

Cheers,

Stormy

#18
stormrider22

Posted 07 October 2015 - 08:02 PM

Member

Topic Starter
Member
26 posts

Please tell me I'm reading this wrong. I found this and I haven't moved anything or attempted to share anything.

& p u b l i c k e y = p r i v a t e k e y e n c = "“ ¸Š… 1 °‹… x LastPassPrivateKey< _lppri.lps "“

X… ¨… "“

X… @Ž… "“ ÐŽ…

… "“ … „… y u b i k e y "“ … h… g o o g l e a u t h "“ ì… Ü‘… o u t o f b a n d "“ ¨’… 8“… ° s e c u r i t y q u e s t i o n "“ Ì“… d”… p "“

l o g i n . p h p & o u t o f b a n d s u p p o r t e d = 1 &wrfrom= & g r i d r e s p o n s e = & m u l t i f a c t o r r e s p o n s e = & s e s a m e o t p = & o t p = & f r o m = & e n c r y p t e d _ u s e r n a m e = & h p = 0 & h p = 1 & h a s h = x m l = 2 & u s e r n a m e = &version= t r a v e l p o r t t r a y t r a v e l p o r t _ l p . x m l l p W R N A M E D P I P E L O G I N _ A S O R E G I S T R Y l p W R P L U G I N L O G I N _ A S O R E G I S T R Y l p W R W E B S I T E L O G I N _ A S O R E G I S T R Y "“R ìÀ… T |Ã… w i n b i o C a n c e l S w i p e y o u r f i n g e r o n t h e f i n g e r p r i n t s e n s o r S w i p e f i n g e r v a l i d i t y p l u g i n l o g i n "“d HÆ… \ hÉ… R e p r o m p t T i m e "“ dÌ… ”Ì… ( "“

D o y o u w a n t t o c o n t i n u e ? Y o u a r e m o v i n g s i t e s t o a s h a r e d f o l d e r . T h i s w i l l p o t e n t i a l l y m a k e t h e m a v a i l a b l e t o o t h e r s .

A r e y o u s u r e y o u w o u l d l i k e t o c o n t i n u e ? "“A ¬õ… 6 ´÷… ` _ l t . c a c & u n = & n = & u = h t t p : / / s n "“ €ù… Øù… H . . . * i e t m p \ "“ Hú… û… ` & u s e g e t = 1 & j s o n p = _ _ j s o n p 1 _ _ ? m e s s a g e = " , " v e r s i o n " : " 1 . 0 " , " s u p p o r t e d C o n n e c t i o n T y p e s " : [ " c a l l b a c k - p o l l i n g " ] , " i d " : " 1 " } ] [ { " c h a n n e l " : " / m e t a / h a n d s h a k e A d v a n c e d p o l l s e r v e r "“C Üû… @ ôý… H s h o w . p h p a j a x = 1 & e x t j s = 1 & d e l e t e = 1 & a i d = ) ( A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h i s s i t e ? A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h i s s e c u r e n o t e ? A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h i s g e n e r a t e d p a s s w o r d ? A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h i s b o o k m a r k ? "“O † O Œ† p a d d a p p . p h p x m l = 1 & c m d = d e l e t e & a p p a i d = A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h i s a p p l i c a t i o n ? A r e y o u s u r e y o u w o u l d l i k e t o d e l e t e t h e s e l e c t e d a p p l i c a t i o n s ? "“ († ð† h "“ Œ† Ì† "“ H† † † "“ Àvˆ ø† "“ 0† `† "“ ˜† à† 0 "“? € † E x† ˜ h t t p : / / g r o u p "“ ü

† Ô

†

Now this part really worries me:

h t t p : / / p r o d u c t s . w e b r o o t . c o m / d i s p 0 2 0 1 . p h p ? o c = 2 0 4 & p c = 6 4 1 5 0 & m j v = 8 & c o n t e x t = 8 F O R M G E T F I L E P O S T F O R M P O S T * / * H T T P / 1 . 1 M o z i l l a / 4 . 0 ( c o m p a t i b l e ; M S I E 7 . 0 ; W i n 3 2 ; L a s t P a s s ) "“ XŠ xŠ 8 S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ I n t e r n e t S e t t i n g s U s e r A g e n t "“ èŠ ÀŠ

(Š X I n t e r n e t C l o s e H a n d l e m _ o p e n I n t e r n e t C l o s e H a n d l e m _ c o n n e c t I n t e r n e t C l o s e H a n d l e m _ r e q u e s t "“ ”Š ôŠ x L A S T P A S S W I N I N E T E R R O R

% s

G e t L a s t E r r o r = E R R O R = E R R O R = % s

% s "“ lŠ DŠ I n t e r n e t C o n n e c t / I n t e r n e t C r a c k U r l I n t e r n e t O p e n I n t e r n e t C h e c k C o n n e c t i o n I n t e r n e t A t t e m p t C o n n e c t C o n n e c t U n i n i t f a i l e d C o n n e c t u r l i s i n v a l i d "“ DŠ ¤Š P I n t e r n e t R e a d F i l e R e s p o n s e i n v a l i d m _ r e q u e s t R e s p o n s e i n v a l i d m _ c o n n e c t R e s p o n s e i n v a l i d m _ o p e n "“ <Š ´Š h H t t p Q u e r y I n f o ( % u ) c o u l d n o t c o n v e r t t o l o n g H t t p Q u e r y I n f o ( % u ) Q u e r y R e s u l t L o n g i n v a l i d m _ r e q u e s t "“ 0Š pŠ P Q u e r y R e s u l t S t r i n g i n v a l i d m _ r e q u e s t "“ ¸Š øŠ 0 G e t O p t i o n H a n d l e i n v a l i d m _ o p e n G e t O p t i o n H a n d l e i n v a l i d m _ c o n n e c t G e t O p t i o n H a n d l e i n v a l i d m _ r e q u e s t G e t O p t i o n H a n d l e i n v a l i d t y p e I n t e r n e t Q u e r y O p t i o n ( ) o p t i o n = % d "“ XŠ €Š 0 G e t O p t i o n L o n g i n v a l i d o p t i o n "“ XŠ ¼Š 0 S e t O p t i o n L o n g i n v a l i d o p t i o n I n t e r n e t S e t O p t i o n ( ) o p t i o n = % d "“¦ Š § 0"Š ° Q u e r y R e s u l t L o n g ( H T T P _ Q U E R Y _ S T A T U S _ C O D E ) R e c e i v e d s t a t u s c o d e = % d P r o x y A u t h e n t i c a t i o n F a i l e d S e r v e r A u t h e n t i c a t i o n F a i l e d H a n d l i n g f o r E R R O R _ H T T P _ R E D I R E C T _ N E E D S _ C O N F I R M A T I O N n o t i m p l e m e n t e d h t t p s : h t t p : R e c e i v e d H t t p S e n d R e q u e s t l a s t e r r o r = % d r e s e n d o n c e = % d g e t = % d s e t = % d % s : % s m u l t i p a r t / f o r m - d a t a ; b o u n d a r y = - - M U L T I - P A R T S - F O R M - D A T A - B O U N D A R Y a p p l i c a t i o n / x - w w w - f o r m - u r l e n c o d e d H t t p A d d R e q u e s t H e a d e r s S e t - C o o k i e : % s = % s

I n t e r n e t S e t C o o k i e H t t p O p e n R e q u e s t G E T & u s e g e t = % s = % s h t t p : / / R e q u e s t m e t h o d i s i n v a l i d R e q u e s t m _ c o n n e c t i s i n v a l i d R e q u e s t m _ o p e n i s i n v a l i d urlmon.dll äÉêyùºÎŒ‚ ª K©"“ ˜'Š 'Š "“ À'Š ø'Š 0 ãÉêyùºÎŒ‚ ª K©"“ ˜'Š <(Š "“ Œ(Š d(Š ¤(Š "“ Œ(Š ô(Š )Š "“ \)Š Ì)Š €ò€€ l*O€ l*O€ l

#19
Essexboy

Posted 08 October 2015 - 07:27 AM

GeekU Moderator

Retired Staff
69,964 posts

Is that from webroot (it appears to be) as it looks like stock responses to certain scenarios that may be encountered

Use this tool to totally uninstall webroot http://www.webroot.c...=6&omn=1&osl=en

Do you need Java ? As I have not had it on my system for the last 3 years with no problems

#20
stormrider22

Posted 08 October 2015 - 02:32 PM

Member

Topic Starter
Member
26 posts

It's in a webroot file which also has a lot of lastpass files. That's why I got nervous those two shouldn't be hanging out together, people will start talking.

This morn when I got up I was able to log onto the net just fine. But this afternoon when I logged on GlassWire reported my DNS settings changed in mid-stream going from an IPv4 to an IPvb6 address. I was able to get on to the internet but wasn't able to go anywhere. Plus I forgot to install the latest Nvidia driver but It keeps saying that it's not compatible for my system when it was working fine before. Triple checked the code and everything. Oh I also uninstalled the two programs that we made visible. Plus Hitman Alert wasn't able to run a scan.

So I recopied your fixlist and this time ran it again with the network up and running.

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015

Ran by kathryn (2015-10-08 14:56:15) Run:5

Running from C:\Users\kathr\Desktop

Loaded Profiles: kathryn (Available Profiles: kathryn)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Createrestorepoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

RemoveProxy:

EmptyTemp:

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

HKU\S-1-5-21-4055827758-3256202687-3425098328-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36

Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:f4bc:a749:8ec5:844c

Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%4

Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%4

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2605:6000:1100:c039:550c:dc53:3ffd:2c36

Temporary IPv6 Address. . . . . . : 2605:6000:1100:c039:f4bc:a749:8ec5:844c

Link-local IPv6 Address . . . . . : fe80::550c:dc53:3ffd:2c36%4

IPv4 Address. . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.254.0

Default Gateway . . . . . . . . . : fe80::861b:5eff:fe28:cfb4%4

192.168.1.1

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Interface, OK!

Resetting , failed.

Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

That looks more normal but if my DNS or IP keeps changing on a whim, I'll have to dig deeper. Fingers crossed, running okay thus far. At least I can navigate the internet now. Webroot is paid for, I supposed I could remove it and see if I can get my money back. Then I'll have to find another antivirus. I think I'm still inside the window for refund.

I have been trying to drop java for a very, very long time. Unfortunately, my business is publishing and I'm constantly using createspace.com's and Amazon's various previewers (both online and offline). I can get around some of that but Createspace especially I can't and I have to have that stuff to publish. That program requires Java so I'm stuck. :smashcomp:

If not for that I'd be waving goodbye to Java as we speak. I'm tempted to see if I can some how run it in a virtual or sandboxed environment.

Keep your fingers crossed that its all working now. :spoton:

#21
Essexboy

Posted 08 October 2015 - 03:13 PM

GeekU Moderator

Retired Staff
69,964 posts

IPV6 is the new protocol so there are some teething problems with it... I do not know if you have switched yet but last I heard the UK was going over next year

This is my ISP

Your DNS server (possibly run by your ISP) appears to have no access to the IPv6 Internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites

You can test yours here http://test-ipv6.com/
You look to be IPV6 enabled but it all depends on your ISP

There were problems with windows 10 and Nvidia drivers although I was under the impression that they had cured that

There are several free antivirus programmes if you wish to save a few bob

But, for general use and not going to dodgy sites then defender will in most cases suffice

#22
Essexboy

Posted 12 October 2015 - 08:21 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#23
Essexboy

Posted 17 October 2015 - 03:08 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#24
stormrider22

Posted 17 October 2015 - 08:47 AM

Member

Topic Starter
Member
26 posts

Okay I'm back. Sorry about that but something went really wonky and I couldn't get online at all. Once I fixed that, I lost the keyboard and it didn't want to install the driver. I was using the onscreen for that. You'd think I'd be good to go after all that because I had my anti-virus and anti-malware the way I wanted it. I was running Webroot as I said before as my antivirus and boosted it with HitmanPro/Alert which uses HitmanPro to scan I have CryptoPrevent set up and was using it on the standard level. The higher protection levels prevent installation of regular software most of the time so I kept it on the set it and forget it level. I was running Glasswire in conjunction with Windows Firewall but I'm still not happy with my firewall settings and think that could be part of the problem. Last but not least I run WinPatrol so I can spot adverse changes hopefully before they get implemented and it's thanks to WinPatrol that the old laptop is still kicking.

But I was still getting mystery problems. For example, HitmanPro Alert would run it's first scan and not find anything but after that it wouldn't run again. I found some suspicious registry entries so uninstalled it and am using the trial version of Trend Micro. I did a little research online and found out it's a good possibility that those suspicious entries came from Webroot and they got worse after I uninstalled. That's when everything went crazy and I couldn't get online and lost my keyboard drivers. After fixing that, I was doing a bit more research on some mystery files to make sure they weren't bad when Chrome suddenly stopped working. That was last night. I reinstalled but I couldn't get it to work no matter what. That's when I looked at my WinPatrol logs and didn't like what I saw. I ran Emsisoft's Emergency Kit which had helped me get back online last time and it found a Trojan. Oh I also have been running Herd Protect as a second opinion software and it found some suspicious stuff too. I saved a bunch of logs so let me see if I can post some to get everyone up to speed here.

I was also using FARBAR to help me fix stuff but it wouldn't complete the fix - it would run and fix some things then quit.

This is the WinPatrol Hijack log I ran on the 12th when I lost internet and then had to reinstall the keyboard driver.

WinPatrol [FREE Edition] installed, running WinPatrol v33.1.2015.0 - WinPatrol Explorer v33.1.2015.0

Scan saved at 7:30:56 AM, on 10/12/2015

Platform: Windows 8.1

Windows x64 Version 6.3 Build 9600 2

Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384

MSIE: Internet Explorer (11.00.10240.16384)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES (X86)\HITMANPRO.ALE

C:\PROGRAM FILES\Webroot\WRSA.exe

C:\Users\kathr\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe

C:\PROGRAM FILES (X86)\GLASSWIRE\GLASSWIRE.EXE

C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROL.EXE

C:\PROGRAM FILES (X86)\ZEMANA ANTILOGGER FREE\ANTILOGGER FREE.EXE

C:\PROGRAM FILES (X86)\Adobe\ACROBAT DC\Acrobat\acrotray.exe

C:\PROGRAM FILES (X86)\GLASSWIRE\GWIdlMon.exe

C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\OOBE\PDApp\IPC\ADOBEIPCBROKER.EXE

C:\PROGRAM FILES\Adobe\ADOBE INDESIGN CC 2015\RESOURCES\CEP\CEPHTMLENGINE\CEPHTMLENGINE.EXE

C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CCLIBRARY\CCLIBRARY.EXE

C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CCLIBRARY\libs\node.exe

C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ADS\ADOBE DESKTOP SERVICE.EXE

C:\PROGRAM FILES (X86)\Adobe\ADOBE CREATIVE CLOUD\CoreSync\CoreSync.exe

C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll

O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll

O2 - BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll

O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll

O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll

O2 - BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll

O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0]C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

O4 - HKCU\..\Run: [OneDrive]C:\Users\kathr\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background

O4 - HKCU\..\Run: [GlassWire]C:\Program Files (x86)\GlassWire\GlassWire.exe -hide

O4 - HKCU\..\Run: [WinPatrol [FREE Edition]]C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot

O4 - HKU\..\Run: [WRSVC]C:\Program Files\Webroot\WRSA.exe -ul

O4 - HKU\..\Run: [ZALFree]C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe /MINIMIZED

O4 - HKU\..\Run: [FPVCodecPackTrialInfo]C:\Windows\WICCodecs\{A6D092A4-081A-4F0E-9356-DA167E87D922}\FPVCodecPackTrialInfo.exe

O4 - HKU\..\Run: [WD Quick View]C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

O4 - HKU\..\Run: [Acrobat Assistant 8.0]C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

O4 - Global Startup: Install LastPass IE RunOnce.lnk=C:\Program Files (x86)\Common Files\lpuninstall.exe

O4 - Global Startup: Install Webroot FF RunOnce.lnk=C:\Program Files (x86)\Common Files\wruninstall.exe

O4 - Global Startup: Install Webroot IE RunOnce.lnk=C:\Program Files (x86)\Common Files\wruninstall.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Users\kathr\AppData\LocalLow\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\kathr\AppData\LocalLow\LastPass\context.html?cmd=fillforms

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105

O11 - Options group: [Se&nd to OneNote] Se&nd to OneNote - {47833539-D0C5-4125-9FA8-0819E2EAAC93}

O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE

O23 - Service: Bonjour Service - Apple Inc. - C:\PROGRAM FILES (X86)\Bonjour\MDNSRESPONDER.EXE

O23 - Service: GlassWire Control Service - SecureMix LLC - C:\PROGRAM FILES (X86)\GLASSWIRE\GWCtlSrv.exe

O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE

O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE

O23 - Service: HitmanPro Scheduler - SurfRight B.V. - C:\PROGRAM FILES\HITMANPRO\hmpsched.exe

O23 - Service: HitmanPro.Alert service - - C:\PROGRAM FILES (X86)\HITMANPRO.ALE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\NVVSVC.EXE

O23 - Service: NVIDIA Stereoscopic 3D Driver Service - NVIDIA Corporation - C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\3D VISION\NVSCPAPISVR.EXE

O23 - Service: WD Drive Manager - Western Digital Technologies, Inc. - C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD DRIVE MANAGER\WDDRIVESERVICE.EXE

O23 - Service: WRSVC - Webroot - C:\PROGRAM FILES\Webroot\WRSA.exe

O23 - Service: Wacom Professional Service - Wacom Technology, Corp. - C:\PROGRAM FILES\Tablet\Wacom\WTABLETSERVICEPRO.EXE

--- Additional WinPatrol Info ---

Default Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384

MSIE: Internet Explorer (11.00.10240.16384)

7 IE Cookies in Folder: C:\Users\kathr\AppData\Local\Microsoft\Windows\INetCookies\

WP00 - HKLM\CS1: BootExecute = autocheck autochk *

WP00 - HKLM\CCS: BootExecute = autocheck autochk *

WP00 - HKLM\CS2: BootExecute = autocheck autochk *

WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\SysWOW64\drivers\wVFueZUR.sys

WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://

WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineUA.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never

WP31 - Scheduled Tasks: [GoogleUpdateTaskMachineCore.job]C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Never

WP31 - Scheduled Tasks: [CreateExplorerShellUnelevatedTask.job]C:\Windows\explorer.exe Never

WP16 - ActiveX: {25336920-03F9-11CF-8FD0-00AA00686F13} [HTML Document] C:\Windows\System32\mshtml.dll 11.00.10240.16384

WP16 - ActiveX: {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML DOM Document] C:\Windows\System32\msxml3.dll 8.110.10240.16384

WP16 - ActiveX: {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Web Browser] C:\Windows\System32\ieframe.dll 11.00.10240.16384

WP16 - ActiveX: {05589fa1-c356-11ce-bf01-00aa0055595a} [ActiveMovieControl Object] C:\Windows\System32\wmpdxm.dll 12.0.10240.16384

WP16 - ActiveX: {F8CF7A98-2C45-4c8d-9151-2D716989DDAB} [Microsoft Visio Document] C:\PROGRAM FILES\MICROSOFT OFFICE\root\Office16\INTERCEPTOR.DLL 16.0.4229.1029

WP16 - ActiveX: {52A2AAAE-085D-4187-97EA-8C30DB990436} [HHCtrl Object] C:\Windows\System32\hhctrl.ocx 10.0.10240.16384

WP16 - ActiveX: {54CE37E0-9834-41ae-9896-4DAB69DC022B} [Microsoft RDP Client Control (redistributable) - version 5a] C:\Windows\System32\mstscax.dll 10.0.10240.16384

WP16 - ActiveX: {8BD21D50-EC42-11CE-9E0D-00AA006002F3} [Microsoft Forms 2.0 OptionButton] C:\PROGRAM FILES\MICROSOFT OFFICE\root\VFS\System\FM20.DLL 16.0.4229.1029

WP16 - ActiveX: {D27CDB70-AE6D-11cf-96B8-444553540000} [Macromedia Flash Factory Object] C:\Windows\System32\Macromed\Flash\Flash.ocx 19,0,0,185

WP32 - Hidden File: C:\BOOTNXT

WP32 - Hidden File: C:\hiberfil.sys

WP32 - Hidden File: C:\pagefile.sys

WP32 - Hidden File: C:\swapfile.sys

WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_1UNNEjC84e2lnn4

WP32 - Hidden File: C:\Users\kathr\AppData\Local\Temp\etilqs_PlKMzTaXvpkXnQi

WP33 - File Type .AVI: [Video Clip]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L

WP33 - File Type .BAT: [Windows Batch File]%1 %*

WP33 - File Type .CAB: [Cabinet File]C:\WINDOWS\Explorer.exe /idlist,%I,%L

WP33 - File Type .CAT: [Security Catalog]C:\WINDOWS\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1

WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1

WP33 - File Type .COM: [MS-DOS Application]%1 %*

WP33 - File Type .CMD: [Windows Command Script]%1 %*

WP33 - File Type .DOC: [Microsoft Word 97 - 2003 Document]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u

WP33 - File Type .EML: [E-mail Message]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml %1

WP33 - File Type .EXE: [Application]%1 %*

WP33 - File Type .INF: [Setup Information]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .JS: [JavaScript File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .LOG: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*

WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE /f %1

WP33 - File Type .MID: [MIDI Sequence]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /Open %L

WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L

WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*

WP33 - File Type .REG: [Registration Entries]regedit.exe %1

WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE /n %1 /o %u

WP33 - File Type .SCR: [Screen saver]%1 /S

WP33 - File Type .TXT: [Text Document]C:\WINDOWS\SysWow64\NOTEPAD.EXE %1

WP33 - File Type .URL: [Windows host process (Rundll32)]C:\Windows\System32\rundll32.exe C:\Windows\System32\ieframe.dll,OpenURL %l

WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .VBE: [VBScript Encoded File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*

WP33 - File Type .XLS: [Microsoft Excel 97-2003 Worksheet]C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE /dde

Memory currently in use: 28%

Physical Memory Free: 2,097,151 KB

Paging File Free: 4,194,303 KB

Virtual Memory Free: 1,974,640 KB

End of file

Now here's the current WinPatrol Hijack Log

WinPatrol [FREE Edition] installed, running WinPatrol v33.1.2015.0 - WinPatrol Explorer v33.1.2015.0

Scan saved at 9:19:47 AM, on 10/17/2015

Platform: Windows 8.1

Windows x64 Version 6.3 Build 9600 2

Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384

MSIE: Internet Explorer (11.00.10240.16384)

Boot mode: Normal

Running processes:

C:\PROGRAM FILES (X86)\HITMANPRO.ALE

C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATKOSD2\ATKOSD2.exe

C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATK MEDIA\DMedia.exe

C:\PROGRAM FILES (X86)\GLASSWIRE\GWIdlMon.exe

C:\PROGRAM FILES\TREND MICRO\TMIDS\tower\PwmTower.exe

C:\PROGRAM FILES\TREND MICRO\AMSP\module\20013\CHROMEEXT\CHROMEEXTENSION\TMOPCHROMEMSGHOST32.EXE

C:\PROGRAM FILES\TREND MICRO\AMSP\module\20002\9.1.1035\9.1.1035\CHROME_EXTENSION2\host\CHROME_NATIVE_MSG_HOST.EXE

C:\PROGRAM FILES\TREND MICRO\Titanium\UIFRAMEWORK\Toolbar\CHROMEEXTENSION\NATIVEMESSAGEHOST\TOOLBARNATIVEMSGHOST.EXE

C:\PROGRAM FILES (X86)\Ruiware\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

O2 - BHO: Trend Micro Security Toolbar Helper - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll

O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll

O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll

O2 - BHO: Trend Micro Security Toolbar Helper - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll

O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll

O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll

O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll

O4 - HKLM\..\Run: [Trend Micro Client Framework]C:\Program Files\Trend Micro\UniClient\UiFrmwrk\UIWatchDog.exe

O4 - HKLM\..\Run: [Platinum]C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe 1

O4 - HKCU\..\Run: [HijackThis startup scan]C:\Users\kathr\Downloads\HijackThis.exe /startupscan

O11 - Options group: [] - {CCAC5586-44D7-4c43-B64A-F042461A97D2}

O23 - Service: Adobe Acrobat Update Service - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\PROGRAM FILES (X86)\COMMON FILES\Adobe\ADOBE DESKTOP COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE

O23 - Service: Trend Micro Solution Platform - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\AMSP\CORESERVICESHELL.EXE

O23 - Service: ASLDR Service - ASUSTek Computer Inc. - C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATK HOTKEY\AsLdrSrv.exe

O23 - Service: ATKGFNEX Service - ASUS - C:\PROGRAM FILES (X86)\ASUS\ATK PACKAGE\ATKGFNEX\GFNEXSrv.exe

O23 - Service: GlassWire Control Service - SecureMix LLC - C:\PROGRAM FILES (X86)\GLASSWIRE\GWCtlSrv.exe

O23 - Service: Google Update Service (gupdate) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE

O23 - Service: Google Update Service (gupdatem) - Google Inc. - C:\PROGRAM FILES (X86)\Google\Update\GOOGLEUPDATE.EXE

O23 - Service: HitmanPro.Alert service - - C:\PROGRAM FILES (X86)\HITMANPRO.ALE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\NVVSVC.EXE

O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\Titanium\plugin\Pt\PTSVCHOST.EXE

O23 - Service: Trend Micro Password Manager Central Control Service - Trend Micro Inc. - C:\PROGRAM FILES\TREND MICRO\TMIDS\PwmSvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service - NVIDIA Corporation - C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\3D VISION\NVSCPAPISVR.EXE

O23 - Service: Wacom Professional Service - Wacom Technology, Corp. - C:\PROGRAM FILES\Tablet\Wacom\WTABLETSERVICEPRO.EXE

--- Additional WinPatrol Info ---

Default Browser: Internet Explorer - Internet Explorer version 11.00.10240.16384

MSIE: Internet Explorer (11.00.10240.16384)

9 IE Cookies in Folder: C:\Users\kathr\AppData\Local\Microsoft\Windows\INetCookies\