Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Desktop Accessing my PC running Window_NT? but I'm Windows 7x64


  • Please log in to reply
26 replies to this topic

#1 Panda18

Panda18

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 July 2013 - 09:12 PM

 Hi --

 

 

This is from my personal PC; I use it at home or coffee shops; I've never (knowingly) been added to a network.  I've had many problems.  I not only restored Windows 7 but I've now REFORMATTED the thing twice (a 29 hour process - 1/2 gig) and then re-installed  Windows 7 Home Premium x64 using new disks I ordered from Toshiba and waited for them to arrive via snail mail.  The pc was reformatted on 7/5.  I've seen references to "Virtual Disks" "Remote Clients" and much more.  Before reformatting, I knew about the C: and  Q: drives but the E drive and X drives were a surprise.  Anyway, long story short.  Show Hidden results are below (again, this PC was just reformatted on 7/15) but I'm also including a list of "User,Group or Built-in Security Principal" for a "CVH.exe *32 process.  Is this normal?  Before reformatting, there were only 12 users and I thought that was wrong.)

 

Name (RDN)      

Administrator

Administrators

ANONYMOUS LOGON

Authenticated Users

BATCH

CONSOLE LOGON

CREATOR GROUP

CREATOR OWNER

DIALUP

Distributed COM Users

Event Log Readers

Everyone

Guest

Guests

IIS_IUSRS

INTERACTIVE

IUSR

Jeffrey (a user account I created probably on 7/15)

L755 (the name of my computer)

LOCAL SERVICE

NETWORK

NETWORK SERVICE

OWNER RIGHTS

Performance Log Users

Performance Monitor Users

REMOTE INTERACTIVE LOGON

SERVICE

Sue (a user account I created)

SYSTEM

TERMINAL SERVER USER

This Organization Certificate

Users

 

===============================

 

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 07/20/2013 06:52:28 PM
Windows Version: Windows 7

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

 * C:\$RECYCLE.BIN
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-1000
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-1001
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-1002
 * C:\Boot
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\Common Files\Windows Live\.cache
 * C:\Program Files (x86)\InstallShield Installation Information
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\System Volume Information
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\Windows\DRM
 * C:\Users\All Users\Microsoft\Windows\DRM\Cache
 * C:\Users\All Users\Microsoft\WwanSvc
 * C:\Users\All Users\Microsoft\WwanSvc\Profiles
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\Jeffrey\AppData
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\7FZSVVSB
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\CYYYNUTI
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\MB79IY72
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\NECSJZV9
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\QLSSHB7T
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\SJA9R1RL
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\XDLIJ6C4
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\ZS5U5ICY
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071720130718
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05BPN92E
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HTM5MVV
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1EK4BSU
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUOVQ4S6
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CAN2N7IA
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GO97DBS1
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U7F8JC08
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V9RUM24E
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\L755\AppData
 * C:\Users\L755\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\L755\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\L755\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\6SCM6QS2
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\C2F34T6Q
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\D0RGQWRW
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\H75MRZ9B
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\RH4I0QGW
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\TEG9IAE1
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\V59WV3UU
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\Y6N3E9JJ
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache\0LYP5WIP
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071920130720
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072020130721
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\L755\Documents\Internet Tracking Cookies\Temporary

Internet Files\Low\Content.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\L755\Documents\Internet Tracking Cookies\Temporary

Internet Files\Low\Content.IE5\3UVCACHH
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\L755\Documents\Internet Tracking Cookies\Temporary

Internet Files\Low\Content.IE5\CWXMYYYA
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\L755\Documents\Internet Tracking Cookies\Temporary

Internet Files\Low\Content.IE5\EW8L2R0J
 * C:\Users\L755\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\L755\AppData\Local\Microsoft\Windows NT\DiskQuota
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0V601ZUC
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\13T8T6GZ
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6L0RZMK7
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\79M62444
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CCF7GGNA
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DFSHQFDY
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WV4HCVUO
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\X6SO2W5B
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache\QPY8VZV9
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\1TW2G6VD
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\CD332LBP
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\G5H8PDTX
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\0EYV82W7
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\1ZXX7EII
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\2VG4BZON
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\8J00TYDL
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\CO6CNG6L
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\K44T0KCO
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\LZJGHGOE
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\VUC22MYH
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Z8GFVLEN
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5\3KXYMAYW
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5\9WZWGZWU
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5\M9H5N2E2
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5\X2K4CAW0
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.MSO
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.Word
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\1FJ33VGZ
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\3UVCACHH
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\CWXMYYYA
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\EW8L2R0J
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Virtualized
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\Sue\AppData
 * C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\2UFMZ9CU
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\ES1YN2H7
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\O3H61TWT
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\Z1XT1VQS
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072020130721
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OGZ85VW
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\414J0ULF
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DEUA8EF
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQ6Y91WG
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29A9SA80
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A9BEMPPP
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BMM6CCGC
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EE1RCKSH
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JMES8J75
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LX2PI2L4
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PV4PL6J6
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U3GA6V6J
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\17NDAW27
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8ZGNXWLX
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\C8W0DZJL
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\QQL8EZIK
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache\QV97QDXP
 * C:\Users\Sue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Windows\debug\CompLogs
 * C:\Windows\debug\IALogs
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0
 * C:\Windows\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
 * C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010
 * C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\C173E5AD3336A8D3394AF65D2BB0CCE6
 * C:\Windows\Installer\$PatchCache$\Managed\C173E5AD3336A8D3394AF65D2BB0CCE6\10.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1
 * C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
 * C:\Windows\msdownld.tmp
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\winsxs\Temp\PendingDeletes

Finished scanning the C:\ drive. 291 hidden items found.

Scanning the Q:\ drive

Finished scanning the Q:\ drive. 0 hidden items found.

Program finished at: 07/20/2013 06:53:12 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 21 July 2013 - 07:47 AM

Hello Panda -

Please start with these scans > > Please run from the Admin Account.

You can post each log after the program ends if you wish -

 

:step1: Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

:step2: Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

:step3: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus How To Temporarily Disable Your Anti-virus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 

 

If you have any of these programs installed, please be sure to Update them prior to any scan

 

 

:step4: Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer after you post the log.

 

 

:step5: Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

:step6: Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

:step7: Scan your machine with ESET OnlineScan

This is best done with Internet Explorer, but instructions are left for other browsers -

1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2.Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

:step8: Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and Reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

No log is produced, but you may be told how much was cleaned from your Temp Files.

 

 

 

Thank You -

Spelling edit only -


Edited by noknojon, 21 July 2013 - 07:49 AM.


#3 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 12:16 AM

Thank-you. I'm trying to follow all of your directions in order but . . . I just ran Malwarebytes and need to reboot.  Sometimes after doing that, I lose "Administrator" privileges so I'm going to go ahead an post the text files for the first 4 steps. Hopefully, what you've had me do will ensure that I can log-in/run as an Administrator but I'm getting pretty good at regaining control . . . just give me a few minutes.

 

1.  At this point, I doubt that my PC is actually infected so I won't be surprised if the malware scans indicate no infection.

2.  My PC came with Windows Home Premium x64 and I used the Toshiba x64 disks when I reformatted/re-installed Windows 7 on I think it was 7/15   - BUT -

3.  I believe my pc is actually now running Windows x32.  Yes, it shows x64, but I found some image files and I believe they are used to "overlay" or "mask" what is actually going on.  Look, I'm not a geek but I've learned a few things lately.   I have a SysWow64 folder.  All of the x64 Windows Updates fail and I can't run Windows Defender or Mr. Fix It.

 

4.  Like several others who have posted here in bleeping as well as at least two others that posted in some forum I found for Time  Warner customers ---   My IP Address shows as 192.168.01; that is incorrect.    That was my old IP address.  I've switched out my router/modem twice. I also called Time Warner and verified that this 192. address is not my current ip address.  I believe this is a key factor and believe other people have this same ip address.  

 

5. Again, not a geek but got really annoyed when a 2nd tech support person informed me that my computer wasn't infected.  It appears that a remote desktop is accessing my pc and running Windows_NT on it.  Java 6, Update 25 seems important to them and I'm assuming has something to do with the x32 bit but again, I have no idea what I'm talking about.

 

6  There appear to be other devices attached to my PC at times.  A "Virtual Disk", a "projector" and USB drives.  I've also noticed a Bluetooth program often shows up in Task Manager.  I've never seen in running, it's always stopped, but I've never used any kind of Bluetooth device with this PC.  When I copied "User" files over to a dvd, I noticed several music files and also something that looked like a fight  "something  vs something". Can someone be using the backside of my pc to allow others to illegally download music and video files?

 

7.  I contacted Time Warner and asked them to "beef up" the firewall settings on my modem/router . . . guess what username/password is used to access the online "control panel?" 

 

Okay, results of first 4 steps will be back within a few minutes with results of the others.  Thank-you so much for your assistance.  Telling the remote tech that my pc doesn't "feel" right didn't earn me any brownie points.

 

========

 

Security Check Results:

----------------------------------

 

 Results of screen317's Security Check version 0.99.70 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
=============================

 

 

2.  MiniToolBox Results:

---------------------------------------------------

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by L755 (administrator) on 22-07-2013 at 21:34:03
Running from "C:\Users\L755\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : L755-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : san.rr.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : san.rr.com
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 04-7D-7B-68-F9-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e573:9ad2:e7d2:1e8e%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, July 22, 2013 9:03:55 PM
   Lease Expires . . . . . . . . . . : Monday, July 22, 2013 10:33:54 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 335838587
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-76-35-B1-9C-B7-0D-99-CC-B8
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 9C-B7-0D-99-CC-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.san.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : san.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F4419263-F1EF-4480-A117-6E414F786D69}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3045:34ea:3f57:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3045:34ea:3f57:fffc%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4010:801::1009
   74.125.239.101
   74.125.239.102
   74.125.239.103
   74.125.239.104
   74.125.239.105
   74.125.239.110
   74.125.239.96
   74.125.239.97
   74.125.239.98
   74.125.239.99
   74.125.239.100

Pinging google.com [74.125.239.39] with 32 bytes of data:
Reply from 74.125.239.39: bytes=32 time=24ms TTL=53
Reply from 74.125.239.39: bytes=32 time=23ms TTL=53

Ping statistics for 74.125.239.39:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=69ms TTL=48
Reply from 206.190.36.45: bytes=32 time=70ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 70ms, Average = 69ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...04 7d 7b 68 f9 20 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
 11...9c b7 0d 99 cc b8 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    276
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:5ef5:79fd:3045:34ea:3f57:fffc/128
                                    On-link
 13    276 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3045:34ea:3f57:fffc/128
                                    On-link
 13    276 fe80::e573:9ad2:e7d2:1e8e/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2013 09:26:58 PM) (Source: Application Hang) (User: )
Description: The program GrantPerms.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01ce875ca80d2ec4

Termination Time: 0

Application Path: C:\Users\L755\Documents\GrantPerms\GrantPerms\GrantPerms.exe

Report Id:

Error: (07/22/2013 06:49:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Zone Alarm Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary kl1.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Zone Alarm Firewall Driver.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary kl1.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

System Error:
The system cannot find the file specified.
.

Error: (07/22/2013 03:02:52 PM) (Source: ESENT) (User: )
Description: taskhost (5848) An attempt to open the file "C:\Users\L755\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/22/2013 02:41:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000029fa9
Faulting process id: 0xb60
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

System errors:
=============
Error: (07/22/2013 06:52:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.155.536.0).

Error: (07/22/2013 06:52:15 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.155.536.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.2.0223.00

 Source Path: 4.2.0223.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/22/2013 06:52:09 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070003

 Error description: The system cannot find the path specified.

 Reason: %%892

Error: (07/22/2013 06:52:07 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

 New Engine Version:

 Previous Engine Version: 2.1.9700.0

 Engine Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Error Code: %NT AUTHORITY601

 Error description: %NT AUTHORITY602

Error: (07/22/2013 06:52:07 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 106.0.0.0

 Update Source: %NT AUTHORITY15

 Update Stage: 4.2.0223.00

 Source Path: 4.2.0223.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (07/22/2013 06:48:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %25

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (07/22/2013 06:48:06 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (07/22/2013 04:00:42 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2013 02:22:51 PM) (Source: Service Control Manager) (User: )
Description: The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/22/2013 02:15:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.155.517.0).

Microsoft Office Sessions:
=========================
Error: (07/22/2013 09:26:58 PM) (Source: Application Hang)(User: )
Description: GrantPerms.exe3.3.8.1c3401ce875ca80d2ec40C:\Users\L755\Documents\GrantPerms\GrantPerms\GrantPerms.exe

Error: (07/22/2013 06:49:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Zone Alarm Firewall Driver.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary kl1.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 06:37:28 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Zone Alarm Firewall Driver.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary kl1.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 03:13:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Kaspersky Lab Driver.

System Error:
The system cannot find the file specified.

Error: (07/22/2013 03:02:52 PM) (Source: ESENT)(User: )
Description: taskhost5848C:\Users\L755\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/22/2013 02:41:10 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ole32.dll6.1.7601.175144ce7c92cc00000050000000000029fa9b6001ce87200cd82f7fC:\windows\Explorer.EXEC:\windows\system32\ole32.dll6bcaa55c-f317-11e2-b493-047d7b68f920

CodeIntegrity Errors:
===================================
  Date: 2013-07-20 20:20:12.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro_x64.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-20 20:20:10.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro_x64.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-20 20:20:08.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro_x64.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-20 20:19:38.162
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-20 20:19:32.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\CdRom0\HitmanPro.exe because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
CCleaner (Version: 3.22)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 8.51.2.51)
D3DX10 (Version: 15.4.2368.0902)
Google Chrome (Version: 12.0.742.100)
Google Update Helper (Version: 1.3.21.57)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2509)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Proactive System Password Recovery (Version: 6.51.267.1342)
Realtek USB 2.0 Reader Driver (Version: 1.0.0.15)
Realtek WLAN Driver (Version: 2.00.0013)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Hardware Setup (Version: 4.08.09.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
Toshiba Laptop Checkup (Version: 2.0.13.11)
TOSHIBA Media Controller (Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (Version: 1.0.7.5)
Toshiba Online Backup (Version: 2.0.0.31)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.2001)
TOSHIBA Service Station (Version: 2.2.12)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 4.08.09.00)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8139.86 MB
Available physical RAM: 5758.7 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 13767.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.7 MB

========================= Partitions: =====================================

1 Drive c: (TI106320W0D) (Fixed) (Total:580.03 GB) (Free:486.99 GB) NTFS

========================= Users: ========================================

User accounts for \\L755-PC

Administrator            Guest                    Jeffrey                 
L755                    

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

=============================

 

3. rKill Results

-------------------------------------------------

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/22/2013 09:35:46 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * WMPNetworkSvc [Missing Service]
 * WSearch [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/22/2013 09:36:03 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

 

 

=====================================

 

4.  Malwarebytes (updated software before running)

-----------------------------------------------------------

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
L755 :: L755-PC [administrator]

Protection: Disabled

7/22/2013 9:41:27 PM
mbam-log-2013-07-22 (21-41-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304741
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

more ina few minutes



#4 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 12:31 AM

5.  SUPERAntispyware   Results

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2013 at 10:28 PM

Application Version : 5.6.1020

Core Rules Database Version : 10629
Trace Rules Database Version: 8441

Scan type       : Quick Scan
Total Scan Time : 00:04:28

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 502
Memory threats detected   : 0
Registry items scanned    : 59665
Registry threats detected : 0
File items scanned        : 10403
File threats detected     : 5

Adware.Tracking Cookie
 C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\94TR1LMX.txt [ /liveperson.net ]
 C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\TUDQ8ZXI.txt [ /www.liveperson.com ]
 C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\6F3TMULQ.txt [ /liveperson.com ]
 C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\CD05JYW5.txt [ /liveperson.net ]
 C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\SSKAISOJ.txt [ /base.liveperson.net ]



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 23 July 2013 - 12:33 AM

Please check Programs and Features for Hitman Pro as it is shown in many errors

 

If you find it please remove it - Full removal directions can be given if you are not sure -



#6 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 01:07 AM

btw -  My PC is oddly quiet right now; it's rarely quiet.  The last time it's this quiet was when the remote tech was working on it.  Yesterday, when I was posting, I could bring up google, huffington post, search for "rain" - no problems but the screen kept flashing every time I brought up bleepingcomputer.com.  I've actually tried to post this issue before but, my browser kept closing and I kept losing my post and my password no longer worked.  No problems right now  . . . and very, very quiet.

 

I just remember something else that maybe I should share.  I get annoyed with who ever is running the "network" sometimes and "talk" to them using the c:\prompt.  (And, while that may make me somewhat certifiable, it does get results. They actually sent me a text message to my cell phone once, "The Wifi is on.")  Yesterday or the day before, a number of files and my desktop were updated -- but the Microsoft Office 2010 (trial version) and the Internet Explorer button were no where to be found -- so I brought up the c: prompt again and had a little "chat" with them about how leaving those two programs off "wasn't nice" and I wasn't happy. I also reminded them that when I'm not happy, I tend to go in and delete files or (a trick I just learned) change owners/permissions on a number of files so I can gain administrator access.   The next time I came back to my PC, when I clicked on Start, the Microsoft Office icon was there but still no IE.  HOWEVER, a new folder icon labeled "Internet Explorer" or "IE" was posted on my desktop and when I clicked on that, I was able to launch IE.  (I've uninstalled IE and reinstalled IE before . . . the "E" icon always shows up; not a folder but at least they "played nice" and gave them back to me.

 

 

HitmanPro? -- the remote tech guy downloaded that program but I honestly don't remember him using it.  And, he made a special point of deleting al of the tools in his toolbox.    Ok.  My "Search" feature is missing . . . again . . . so I'll do what I can to hunt it down and see if I can uninstall it -- but it's probably a "fake" HitmanPro.  I used to have Norton 360 Internet (paid/premium version) on this PC and, at first, didn't notice anything special about a folder called "Norton Installer" but, that application/process kept showing up in Task Manager.  Anyway, it appeared to me that it was a "fake" folder and not one that Norton created.  I think I remember seeing "search" as one of your downloads, if I can't locate the Hitman program/file location via task manager, I can download that (or another program) if you want. In the meantime, here are the Adware Cleaner Results.

 

 

Here are the Adware results:

==========================

 

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 22:36:37
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : L755 - L755-PC
# Boot Mode : Normal
# Running from : C:\Users\L755\Desktop\dadwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Jeffrey\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\L755\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\L755\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [843 octets] - [22/07/2013 22:36:37]

########## EOF - C:\AdwCleaner[R1].txt - [902 octets] ##########

 

 

back with more soon. . .



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 23 July 2013 - 02:30 AM

You are running Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

There will be some files that show as 32bit (or x86) as this is WOW (Windows on Windows) so you can run 32bit applications.

 

You mention "Remote Tech", where was this from -

 

Is this a company or school related (owned) computer, or your own purchased private only.

 

See if tour Search has been turned OFF -

Go to Control Panel > Programs > Programs and Features > Turn Windows Features on of off. Now tick the "Windows Search" box

 

 

Thanks -


Edited by noknojon, 23 July 2013 - 02:41 AM.


#8 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 02:49 AM

Ok - I still haven't been able to locate the HitmanPro files.  The result of the minitoolbox says :file \Device\CdRom0\HitmanPro_x64.exe.   What directory generally contains a "Device" folder?  Or, yes, please provide me with uninstall instructions but I still think it may have been moved to the virtual disk or something.

 

1.  EsetOnline.  I ran it (50 minutes?) - No threats found so no text document was generated.

2.  Running TFC but I'm afraid I'll have trouble logging back in, so posting what I have now. 

 

While I was looking for Hitman, I ran across a couple of files.  You didn't ask, but since the one references a Remote Desktop Connection and other one may be a "tutorial" for my benefit or for someone else?  (I've learned a lot during the past week or so, but I still haven't figured out how to add "suffixes" to command line prompts and once mentioned that although I'm incredibly frustrated with everything, it's been really frustrating because there's no way I can keep up with them.)  Anyway, at the very end of this readme.txt, it appears to list what someone did to update files. 

 

 

1.  Default.rdp - because it says "Remote Desktop  Connection

2.  And a Readme.txt file I found in Users-Sue-AppData-Local-VirtualStore-Windows that seems to be a tutorial/info on fciv.  (My name is Sue)

 

(Back in the day, I learned a few DOS commands. I found a post on bleeping for a "command line toolbox" and have been trying to use a few of them, but I'm afraid I don't remember how to add the -a or exactly how to type things like this fciv.exe c:\ -r -exc.exceptions.txt -sha1 -xml dbsha.xml     I have to admit I've learned a lot during this incredibly frustrating process.  The online remote support techs keep telling me everything is great; my pc is virus free . . . and then the one implied I was a paranoid idiot . . . which just made me mad.  So, I've been poking around on my own - opening files, changing things . . . learning . . . because I couldn't back up my "feeling" - couldn't explain/show anyone else that a remote desktop really was accessing my 3 PCs and 1 tablet.  In the past, when I didn't believe the remote tech guy when he said it was "all good," I just went out and bought another $300 PC.  I now believe I could go out and buy 14 pcs and they would all become infected but I can't prove it . . .  yet.  Also, it bothers me that other people have the same IP address that my com I'm really disturbed that several random posts mention they have the same IP address that I do.  I've opened a few files, deleted all the weird little characters and found that IP address in them.  Doesn't that when I ask google what's my IP address, it's returning with that number because my PC has been "tagged" with that ip address- not because that is my actual address?  And, doesn't that mean it's possible that the other people who share that same ip address are actually infected with the same program/remote desktop as I am?

 

 

1.What is fciv?

 

 

 

c:\Users\Jeffrey\My Documents

Filename:  Default.rdp  
Type:  Remote Desktop Connection

Default Properties
Opens With Remote Desktop Connection
Size: 0 bytes

Created Wednesday July 17

Security:
SYSTEM
Jeffrey (L755-PC\Jeffrey)
L755 (755\PC\L755
Administrators (L755-PC\Administrators)

Attributes HA
Owner:  L755-PC\Jeffrey
Computer:  L755-PC (this computer)

 

=====================

I foundthe COMP137 and COMP138 files in Users\Public\Temp while searching for HitmanPro  -- I've seen the amd64 reference before but have no idea what it means.

2 file folders
amd64 - fdbpinter (application); setup (application); setup (configuration settings); setup.iss (ISS file
x86 - (same file names as what is in amd64)
RUNCLNP (Windows Command)
tinstall (application)
tinstallwb (application
tinstallwb.exe (configuration settings
WBDJA44I (DLL file)
WBTOS451 (DLL file)

 

 

 

 

 

Microsoft ® File Checksum Integrity Verifier V2.05 README file
================================================================

1.What is File Checksum Integrity Verifier (FCIV)?
2.Features.
3.Syntax.
4.Database storage format.
5.Verification.
6.History.

1.What is fciv?
---------------
Fciv is a command line utility that computes and verifies hashes of files.

It computes a MD5 or SHA1 cryptographic hash of the content of the file.
If the file is modified, the hash is different.

With fciv, you can compute hashes of all your sensitive files.
When you suspect that your system has been compromised, you can run a verification to determine which files have been modified.
You can also schedule verifications regularily.

2.Features:
-----------
- Hash algorithm: MD5 , SHA1 or both ( default MD5).
- Display to screen or store hash and filename in a xml file.
- Can recursively browse a directory ( ex fciv.exe c:\ -r ).
- Exception list to specify files or directories that should not be computed.
- Database listing.
- hashes and signature verifications.
- store filename with or without full path.

3.Syntax:
---------
Usage:  fciv.exe [Commands] <Options>

Commands: ( Default -add )

        -add    <file | dir> : Compute hash and send to output (default screen).

                dir options:
                -r       : recursive.
                -type    : ex: -type *.exe.
                -exc file: list of directories that should not be computed.
                -wp      : Without full path name. ( Default store full path)
                -bp      : base path. The base path is removed from the path name of each entry

        -list            : List entries in the database.

        -v               : Verify hashes.
                         : Option: -bp basepath.

        -? -h -help      : Extended Help.

Options:
        -md5 | -sha1 | -both    : Specify hashtype, default md5.
        -xml db                 : Specify database format and name.

To display the MD5 hash of a file, type fciv.exe filename

Compute hashes:
        fciv.exe c:\mydir\myfile.dll
        fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml
        fciv.exe c:\mydir -type *.exe
        fciv.exe c:\mydir -wp -both -xml db.xml

List hashes stored in database:
        fciv.exe -list -sha1 -xml db.xml

Verifications:
        fciv.exe -v -sha1 -xml db.xml
        fciv.exe -v -bp c:\mydir -sha1 -xml db.xml
       
4.Database storage format:
--------------------------
xml file.

The hash is stored in base 64.
<?xml version="1.0" encoding="utf-8"?>
<FCIV>
 <FILE_ENTRY>
  <name> </name>
  <MD5> </MD5>
  <SHA1> </SHA1>
 </FILE_ENTRY>
</FCIV> 

5.Verification:
---------------
You can build a hash database of your sensitive files and verify them regularily or when you suspect that your system
has been compromised.

It checks each entry stored in the db and verify that the checksum was not modified.

6. History:
-----------
Fciv 1.2 : Added event log.
Fciv 1.21: Fixed bad keyset error on some computers.
Fciv 1.22: Added -type option. Support up to 10 masks. *.exe *.dll ...
Fciv 2.0:  xml as unique storage. Added -both option.
Fciv 2.01: Exit with error code to allow detections of problem in a script.
Fciv 2.02: Improved perfs. When both alg are specified, it's now done in one pass.
Fciv 2.03: Added -wp and -bp options. Fciv now stores full path or relatives paths.
Fciv 2.04: Removed several options to simplify it.
Fciv 2.05: Added success message if the verification did not detect any errors.

 



#9 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 03:01 AM

Here's the last of what you requested - except for Hitman. The TFC didn't automatically generate a text file so I highlighted and copied . . . and discovered my keyboard had been disabled again. Anyway, I managed to save the info anyway by cutting ^ paste-ing random words.  I'm done for the evening but will check for updates from you several times tomorrow

 

Thanks again for your help!!!

 

=======================

8.  Temp File Cleaner Results:

-----------------------------------------

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: Administrator
->Temp folder emptied: 84362 bytes
->Temporary Internet Files folder emptied: 99617 bytes
 
User: Administrator.L755-PC
->Temp folder emptied: 9542151 bytes
->Temporary Internet Files folder emptied: 29217117 bytes
->Flash cache emptied: 1309 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jeffrey
->Temp folder emptied: 9653417 bytes
->Temporary Internet Files folder emptied: 76805 bytes
->Flash cache emptied: 56466 bytes
 
User: L755
->Temp folder emptied: 32293223 bytes
->Temporary Internet Files folder emptied: 129615731 bytes
->Google Chrome cache emptied: 6132445 bytes
->Flash cache emptied: 410 bytes
 
User: Public
 
User: Sue
->Temp folder emptied: 193071489 bytes
->Temporary Internet Files folder emptied: 83896174 bytes
->Google Chrome cache emptied: 79266026 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197501584 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36506 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42288898 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 386656 bytes
Process complete!
 
Total Files Cleaned = 776.00 mb



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 23 July 2013 - 03:42 AM

We may be able to find these "Ghost Files" if you do this -

 

Download  Autoruns
Extract and launch autoruns.exe
Allow the scan to fully finish
Now click on FILE-SAVE - Filename:Autoruns.txt - Save as :Text
Copy and Paste the contents of text here

 

 

Thanks -



#11 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 04:08 AM

OK.  Just found two more posts which also had "192.168.__" in them.  Is that normal or not?

======================

 

Oops -  I ran autoruns but not as an Admin the first time and I also didn't check all of the options - so I'm attaching results of both for you. Ok, figured out how save as .txt files  Large files, so 2nd run is highlighted in blue

 

=================

 

Autoruns - not as admin

-------------------------------

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "7/13/2009 9:49 PM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "7/19/2013 5:05 AM"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "1/25/2013 12:57 AM"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "2/3/2011 8:32 PM"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe" "4/26/2011 10:29 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "11/3/2011 3:21 PM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 4:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "11/3/2011 3:21 PM"
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/13/2009 4:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "7/22/2013 9:05 PM"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\bleepingantispy\superantispyware.exe" "5/14/2013 6:08 PM"
+ "swg" "" "" "File not found: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "1/25/2013 12:57 AM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sasctxmn64.dll" "5/23/2013 1:00 PM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "1/25/2013 12:57 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamext.dll" "2/28/2013 1:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "1/25/2013 12:57 AM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sasctxmn64.dll" "5/23/2013 1:00 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "8/31/2011 12:21 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "7/18/2013 2:24 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamext.dll" "2/28/2013 1:39 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "7/18/2013 7:27 PM"
+ "Google Toolbar Helper" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ""
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (64)" "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\x64\toshibamediacontrollerie.dll" "7/11/2011 8:53 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "3/28/2011 9:12 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "7/23/2013 12:53 AM"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (32)" "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll" "7/11/2011 8:55 PM"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "3/28/2011 8:32 PM"
"Task Scheduler" "" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "8/22/2012 8:38 AM"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "1/25/2013 12:56 AM"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "1/25/2013 12:56 AM"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "5/13/2011 3:21 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 1:36 PM"
+ "\Norton Internet Security\Norton Error Analyzer" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe" ""
+ "\SUPERAntiSpyware Scheduled Task 309d6427-7e3b-4584-80c2-e9a13c228ca6" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\bleepingantispy\sastask.exe" "5/23/2013 1:21 PM"
+ "\SUPERAntiSpyware Scheduled Task a1b7fdce-f580-41ec-bdc8-0bfbe93e985a" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\bleepingantispy\sastask.exe" "5/23/2013 1:21 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/18/2013 2:43 PM"
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sascore64.exe" "5/23/2013 1:12 PM"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe" "1/4/2012 7:15 AM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamscheduler.exe" "2/28/2013 1:38 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamservice.exe" "2/28/2013 1:38 PM"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "1/25/2013 12:55 AM"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe" "1/25/2013 12:56 AM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "1/9/2010 9:16 PM"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe" "8/11/2009 7:00 PM"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.13.11\ccsvchst.exe" "8/24/2009 1:36 PM"
+ "PSPRSERV" "PSPRSERV" "ElcomSoft Co. Ltd." "c:\program files (x86)\elcomsoft password recovery\proactive system password recovery\psprserv64.exe" "5/19/2009 5:51 AM"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe" "9/30/2011 7:21 AM"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe" "9/30/2011 7:19 AM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/26/2013 10:51 PM"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "3/28/2011 9:11 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/18/2013 2:43 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 4:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 10:30 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 5:04 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 4:19 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 5:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 11:36 AM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 9:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 2:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 12:27 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/13/2009 3:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 4:14 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 6:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 6:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 6:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 6:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 6:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 5:11 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 4:19 PM"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys" "7/7/2011 12:02 AM"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "12/31/2008 9:29 AM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 3:52 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 1:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/20/2010 11:32 AM"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "5/20/2011 9:52 AM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 5:46 PM"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "8/31/2011 12:53 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 2:47 PM"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys" "10/15/2010 1:28 AM"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys" "9/26/2010 11:36 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 3:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 5:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 5:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 3:13 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "2/28/2013 1:33 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 6:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 6:25 PM"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys" "10/19/2010 4:33 PM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 2:11 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 1:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 1:45 PM"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys" "1/16/2011 7:09 PM"
+ "QIOMem" "Generic IO & Memory Access" "TOSHIBA" "c:\windows\system32\drivers\qiomem.sys" "6/14/2009 10:58 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 4:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 6:18 PM"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys" "12/1/2010 12:46 AM"
+ "RSUSBVSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsuvstor.sys" "11/28/2010 11:31 PM"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192ce.sys" "1/4/2011 9:50 AM"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sasdifsv64.sys" "7/21/2011 4:03 PM"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\bleepingantispy\saskutil64.sys" "7/12/2011 2:00 PM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 6:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 11:28 AM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 2:56 PM"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys" "10/15/2008 5:53 PM"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys" "10/15/2008 5:57 PM"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys" "10/15/2008 5:52 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 4:03 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "2/3/2011 7:59 PM"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys" "7/30/2009 1:39 AM"
+ "tos_sps64" "tos_sps64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys" "6/23/2009 10:31 PM"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys" "7/13/2009 7:19 PM"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys" "6/19/2009 3:05 AM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 4:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 6:18 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "7/19/2013 5:06 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 6:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "7/23/2013 12:53 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/13/2009 6:06 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 4:59 AM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 9:53 PM"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll" "4/23/2009 2:11 AM"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll" "4/23/2009 2:11 AM"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll" "6/28/2011 1:36 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 9:53 PM"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "Image Effects" "TimeStam Dynamic Link Library" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll" "2/8/2011 3:56 AM"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax" "2/9/2006 1:34 AM"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax" "3/15/2005 8:46 AM"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "5/13/2011 3:39 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "7/13/2009 9:53 PM"
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll" "6/28/2011 1:37 AM"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "3/28/2011 9:12 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "7/23/2013 12:53 AM"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll" "8/31/2011 12:20 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "11/2/2011 11:19 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 8:31 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 8:31 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "11/2/2011 11:19 PM"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 9:10 PM"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "3/28/2011 9:10 PM"
 

==========================

autoruns - run as admin with all options selected

---------------------------------------------

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "7/13/2009 9:49 PM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup" "" "" "" "7/19/2013 5:06 AM"
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" "" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" "" "7/19/2013 5:06 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" "" "7/19/2013 5:06 AM"
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" "" "7/18/2013 6:24 AM"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" "" "7/18/2013 4:31 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" "" "7/13/2009 9:53 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" "" "7/19/2013 5:06 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" "" "7/19/2013 5:06 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram" "" "" "" "7/17/2013 5:11 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "7/19/2013 5:05 AM"
+ "TCrdMain" "TOSHIBA Flash Cards Main Module" "(Verified) TOSHIBA CORPORATION" "c:\program files\toshiba\flashcards\tcrdmain.exe" "4/26/2011 10:29 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "7/19/2013 5:05 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "7/23/2013 12:53 AM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "7/22/2013 6:46 PM"
"C:\Users\L755\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "7/22/2013 6:46 PM"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" "" "7/18/2013 4:31 PM"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" "" "" "" "7/18/2013 4:31 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" "" "7/18/2013 1:47 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "11/3/2011 3:21 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" "" "7/19/2013 5:06 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "11/3/2011 3:21 PM"
+ "Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "7/22/2013 9:05 PM"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\superantispyware.exe" "5/14/2013 6:08 PM"
+ "swg" "" "" "File not found: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "7/22/2013 9:05 PM"
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "7/13/2009 9:53 PM"
"HKCU\SOFTWARE\Classes\Protocols\Handler" "" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "7/13/2009 9:53 PM"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "7/18/2013 9:55 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" "" "7/18/2013 7:27 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" "" "7/23/2013 1:54 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "7/18/2013 7:27 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "7/23/2013 1:54 AM"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" "" "" "" "7/23/2013 12:54 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "7/19/2013 5:05 AM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "7/23/2013 12:53 AM"
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" "" "7/22/2013 9:05 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "7/18/2013 7:27 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" "" "7/23/2013 1:54 AM"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sasctxmn64.dll" "5/23/2013 1:00 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamext.dll" "2/28/2013 1:39 PM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sasctxmn64.dll" "5/23/2013 1:00 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\PropertySheetHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "7/13/2009 9:53 PM"
"HKCU\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "7/18/2013 2:24 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamext.dll" "2/28/2013 1:39 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKCU\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" "7/18/2013 2:24 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" "" "7/18/2013 2:24 PM"
"HKCU\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" "" "7/18/2013 2:24 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "7/23/2013 12:54 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "7/18/2013 7:27 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "7/23/2013 1:54 AM"
"HKCU\Software\Microsoft\Ctf\LangBarAddin" "" "" "" "7/18/2013 6:24 AM"
"HKLM\Software\Microsoft\Ctf\LangBarAddin" "" "" "" "7/13/2009 9:49 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "7/18/2013 7:27 PM"
+ "Google Toolbar Helper" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll" ""
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (64)" "(Verified) TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\toshiba media controller plug-in\x64\toshibamediacontrollerie.dll" "7/11/2011 8:53 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "7/23/2013 1:54 AM"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in (32)" "(Verified) TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll" "7/11/2011 8:55 PM"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" "" "7/22/2013 9:06 PM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "7/19/2013 5:05 AM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" "" "7/19/2013 5:05 AM"
"HKCU\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "7/22/2013 9:06 PM"
"HKLM\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "7/19/2013 5:05 AM"
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "7/22/2013 10:36 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" "" "7/19/2013 5:05 AM"
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "7/22/2013 9:06 PM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "7/19/2013 5:05 AM"
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "7/22/2013 10:36 PM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "7/19/2013 5:05 AM"
"Task Scheduler" "" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "(Verified) Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "8/22/2012 8:38 AM"
+ "\GoogleUpdateTaskMachineCore" "" "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" ""
+ "\GoogleUpdateTaskMachineUA" "" "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" ""
+ "\Norton Internet Security\Norton Error Analyzer" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe" ""
+ "\Norton Internet Security\Norton Error Processor" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe" ""
+ "\Norton WSC Integration" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe" ""
+ "\SUPERAntiSpyware Scheduled Task 309d6427-7e3b-4584-80c2-e9a13c228ca6" "SUPERAntiSpyware Task Dispatcher" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sastask.exe" "5/23/2013 1:21 PM"
+ "\SUPERAntiSpyware Scheduled Task a1b7fdce-f580-41ec-bdc8-0bfbe93e985a" "SUPERAntiSpyware Task Dispatcher" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sastask.exe" "5/23/2013 1:21 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/18/2013 2:43 PM"
+ "!SASCORE" "SUPERAntiSpyware Core Service" "(Verified) SUPERAntiSpyware.com" "c:\program files\bleepingantispy\sascore64.exe" "5/23/2013 1:12 PM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "(Verified) Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamscheduler.exe" "2/28/2013 1:38 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "(Verified) Malwarebytes Corporation" "c:\program files (x86)\bleepingmalwarebytes\mbamservice.exe" "2/28/2013 1:38 PM"
+ "PCCUJobMgr" "Job Manager service for common client services" "(Verified) Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.13.11\ccsvchst.exe" "8/24/2009 1:36 PM"
+ "PSPRSERV" "PSPRSERV" "(Verified) ElcomSoft" "c:\program files (x86)\elcomsoft password recovery\proactive system password recovery\psprserv64.exe" "5/19/2009 5:51 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "7/18/2013 2:43 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "2/28/2013 1:33 PM"
+ "SASDIFSV" "SASDIFSV64.SYS" "(Verified) Support.com" "c:\program files\bleepingantispy\sasdifsv64.sys" "7/21/2011 4:03 PM"
+ "SASKUTIL" "SASKUTIL64.SYS" "(Verified) Support.com" "c:\program files\bleepingantispy\saskutil64.sys" "7/12/2011 2:00 PM"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "7/18/2013 4:31 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "7/19/2013 5:06 AM"
"HKCU\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "7/23/2013 12:53 AM"
"HKCU\Software\Classes\Filter" "" "" "" "7/23/2013 1:52 AM"
"HKLM\Software\Classes\Filter" "" "" "" "7/23/2013 12:35 AM"
"HKCU\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" ""
"HKCU\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" ""
"HKCU\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" ""
"HKCU\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 9:53 PM"
+ "SFVCaptureFilter" "SmartFaceVCapt" "(Not verified) TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll" "6/28/2011 1:36 AM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "7/13/2009 9:53 PM"
+ "Image Effects" "TimeStam Dynamic Link Library" "(Verified) TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll" "2/8/2011 3:56 AM"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "(Not verified) TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax" "2/9/2006 1:34 AM"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "(Not verified) TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax" "3/15/2005 8:46 AM"
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" "" ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" "" ""
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Control\Session Manager\Execute" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension" "" "" "" "7/18/2013 2:43 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" "" "7/19/2013 5:06 AM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" "" "7/23/2013 12:53 AM"
"HKLM\Software\Microsoft\Command Processor\Autorun" "" "" "" "7/23/2013 12:53 AM"
"HKLM\Software\Wow6432Node\Microsoft\Command Processor\Autorun" "" "" "" "7/23/2013 12:53 AM"
"HKCU\Software\Microsoft\Command Processor\Autorun" "" "" "" "7/23/2013 12:54 AM"
"HKCU\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" "" ""
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" "" "7/13/2009 9:53 PM"
"HKLM\Software\Classes\.exe" "" "" "" "7/23/2013 12:35 AM"
"HKCU\Software\Classes\.exe" "" "" "" "7/23/2013 1:52 AM"
"HKLM\Software\Classes\.cmd" "" "" "" "7/23/2013 12:35 AM"
"HKCU\Software\Classes\.cmd" "" "" "" "7/23/2013 1:52 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" "" "7/13/2009 9:53 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" "" "7/13/2009 9:53 PM"
"HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SYSTEM\Setup\CmdLine" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "7/13/2009 9:53 PM"
+ "SmartFaceVCP" "SmartFaceVCP" "(Not verified) TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll" "6/28/2011 1:37 AM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" "" "7/13/2009 9:53 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" "" "7/13/2009 9:53 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System" "" "" "" "7/19/2013 5:06 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart" "" "" "" "7/19/2013 5:06 AM"
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" "" ""
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" "" "7/18/2013 9:55 AM"
"HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath" "" "" "" "7/23/2013 12:53 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" "" "7/13/2009 9:53 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "11/2/2011 11:19 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" "" "7/13/2009 9:53 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "11/2/2011 11:19 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "7/23/2013 12:54 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" "" "7/23/2013 12:53 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" "" "7/22/2013 10:32 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "7/22/2013 10:32 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "7/22/2013 10:32 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "7/13/2009 9:49 PM"
"C:\Users\L755\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" ""
 

 

 



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 23 July 2013 - 04:46 AM

For a start - Reopen Autoruns and UNTICK these 6 items. It will not delete them but it will cancel them for now.

These are all Orphaned files and are not required to operate - I can review the rest later -

 

rdpclip" "" "" "File not found: rdpclip"
 

Internet Explorer" "" "" "File not found: C:\windows\system32\ie4uinit.exe"
 

swg" "" "" "File not found: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 

"Google Toolbar Helper" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll"
 

\Norton Internet Security\Norton Error Analyzer" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe"
 

\Norton WSC Integration" "" "" "File not found: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe"



#13 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 04:47 AM

It's 2:30am here . . . really need at least some sleep . . . but    (still wondering about the ip addresses being the same?)

 

1.. You were right; Windows Search was turned off; Thanks, it's back on now.

2.  No.This is my personal computer which I use at home or in coffee shops.  It's never been connected to a network (that I know of) -- I'm older (and can remember when computers came with 2 floppy drives).  I'm usually pretty careful about where I download items from -- usually zdnet or cnet (after reading reviews).

3.  Remote Tech - refers to Norton Online Support. I also have a paid subscription to SUPERAntispyware and possibly even Advanced System Care -- I prefer their uninstaller and didn't realize that it's actually a standalone product. 

4.  Anyway . . . back to what I said about needing sleep . . . since you were trying to find Hitman, I decided to download Show Hidden . . . here are the results:    btw, You're helping me so I'm the only one who gets to say "THANK-YOU"  !!!!!

 

 

 

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 07/23/2013 02:34:44 AM
Windows Version: Windows 7

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

 * C:\$RECYCLE.BIN
 * C:\$RECYCLE.BIN\S-1-5-18
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-1000
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-1001
 * C:\$RECYCLE.BIN\S-1-5-21-2983473353-2058535249-1636593342-500
 * C:\Boot
 * C:\Boot\BCD.LOG [File]
 * C:\Boot\BCD.LOG1 [File]
 * C:\Boot\BCD.LOG2 [File]
 * C:\Boot\BOOTSTAT.DAT [File]
 * C:\BOOTSECT.BAK [File]
 * C:\Config.Msi
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\CHS\img\app\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\CHS\img\menu\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\CHT\img\app\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\CHT\img\menu\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\CHT\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\KOR\img\app\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\KOR\img\menu\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\TOSHIBA\TOSHIBA Resolution+ Plug-in for Windows Media Player\Help\KOR\vssver2.scc [File]
 * C:\Intel\Program Files (x86)\Uninstall Information
 * C:\Program Files\Uninstall Information
 * C:\Program Files\Windows Mail\WinMail.exe [File]
 * C:\Program Files (x86)\Common Files\Windows Live\.cache
 * C:\Program Files (x86)\InstallShield Installation Information
 * C:\Program Files (x86)\Windows Mail\WinMail.exe [File]
 * C:\ProgramData
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q [File]
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock [File]
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\System Volume Information
 * C:\Users\Administrator\AppData\Local\IconCache.db [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\06KT85X3
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\FUB5AVLR
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\JLAI4Z4I
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\ZL2GE0DX
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722\container.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723\container.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{40a170a3-f255-11e2-abb4-047d7b68f920}.TM.blf [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{40a170a3-f255-11e2-abb4-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{40a170a3-f255-11e2-abb4-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-500\01c2caf6-2b01-4d8e-acca-bf46d30e8fdf [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-500\Preferred [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\container.dat [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Administrator\NTUSER.DAT [File]
 * C:\Users\Administrator\ntuser.dat.LOG1 [File]
 * C:\Users\Administrator\ntuser.dat.LOG2 [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator\Searches\Everywhere.search-ms [File]
 * C:\Users\Administrator\Searches\Indexed Locations.search-ms [File]
 * C:\Users\Administrator.L755-PC\AppData
 * C:\Users\Administrator.L755-PC\AppData\Local\IconCache.db [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache\8R4454C3
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache\9PG0BPK6
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache\FFF1TNJ4
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Feeds Cache\NUK2VOO3
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore\4RLAI6S4
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore\DV586NOZ
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore\JP7YLJEC
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Internet Explorer\DOMStore\NHGI48H8
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\AppCache\TXFAC8I1
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\AppCache\TXFAC8I1\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\History\Low\History.IE5\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{ec4bce64-f2f0-11e2-ab45-047d7b68f920}.TM.blf [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{ec4bce64-f2f0-11e2-ab45-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{ec4bce64-f2f0-11e2-ab45-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator.L755-PC\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-500\Preferred [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\Cookies\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat [File]
 * C:\Users\Administrator.L755-PC\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Administrator.L755-PC\NTUSER.DAT [File]
 * C:\Users\Administrator.L755-PC\ntuser.dat.LOG1 [File]
 * C:\Users\Administrator.L755-PC\ntuser.dat.LOG2 [File]
 * C:\Users\Administrator.L755-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Administrator.L755-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator.L755-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator.L755-PC\Searches\Everywhere.search-ms [File]
 * C:\Users\Administrator.L755-PC\Searches\Indexed Locations.search-ms [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q [File]
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock [File]
 * C:\Users\All Users\Microsoft\Windows\DRM
 * C:\Users\All Users\Microsoft\Windows\DRM\Cache
 * C:\Users\All Users\Microsoft\WwanSvc
 * C:\Users\All Users\Microsoft\WwanSvc\Profiles
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\Default\NTUSER.DAT [File]
 * C:\Users\Default\NTUSER.DAT.LOG [File]
 * C:\Users\Default\NTUSER.DAT.LOG1 [File]
 * C:\Users\Default\NTUSER.DAT.LOG2 [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Jeffrey\AppData
 * C:\Users\Jeffrey\AppData\Local\IconCache.db [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\7FZSVVSB
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\CYYYNUTI
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\MB79IY72
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\NECSJZV9
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\QLSSHB7T
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\SJA9R1RL
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\XDLIJ6C4
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Feeds Cache\ZS5U5ICY
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071720130718
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\Low
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat{1f99d4fa-eda8-11e2-8f80-c542183293aa}.TM.blf [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat{1f99d4fa-eda8-11e2-8f80-c542183293aa}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\UsrClass.dat{1f99d4fa-eda8-11e2-8f80-c542183293aa}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Jeffrey\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1000\d8107edd-8383-47bd-af36-6df42ce1979f [File]
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1000\Preferred [File]
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\Jeffrey\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Jeffrey\Documents\Default.rdp [File]
 * C:\Users\Jeffrey\ntuser.dat [File]
 * C:\Users\Jeffrey\ntuser.dat.LOG1 [File]
 * C:\Users\Jeffrey\ntuser.dat.LOG2 [File]
 * C:\Users\Jeffrey\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Jeffrey\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Jeffrey\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Jeffrey\ntuser.ini [File]
 * C:\Users\Jeffrey\Searches\Everywhere.search-ms [File]
 * C:\Users\Jeffrey\Searches\Indexed Locations.search-ms [File]
 * C:\Users\L755\AppData
 * C:\Users\L755\AppData\Local\IconCache.db [File]
 * C:\Users\L755\AppData\Local\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\Users\L755\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D [File]
 * C:\Users\L755\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\L755\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\L755\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\6SCM6QS2
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\C2F34T6Q
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\D0RGQWRW
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\H75MRZ9B
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\RH4I0QGW
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\TEG9IAE1
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\V59WV3UU
 * C:\Users\L755\AppData\Local\Microsoft\Feeds Cache\Y6N3E9JJ
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore\2SV6MXJW
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore\3AJL3A5A
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore\4US98YQL
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Internet Explorer\DOMStore\EJHDISKV
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache\0LYP5WIP
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache\0LYP5WIP\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071920130720
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071920130720\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072120130722
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072120130722\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072320130724
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072320130724\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\History\Low\History.IE5\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DX2M039
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L06W9UA5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC6STGV9
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCMRCQ0E
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1LH04XFG
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8TB94KKB
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\container.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GHLKEES0
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZD72DRWC
 * C:\Users\L755\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860783-f313-11e2-b493-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860783-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860783-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{3bbcf4bb-efad-11e2-917a-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{3bbcf4bb-efad-11e2-917a-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{3bbcf4bb-efad-11e2-917a-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{b0e8915f-efca-11e2-988c-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{b0e8915f-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{b0e8915f-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{cd255f36-f339-11e2-860c-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{cd255f36-f339-11e2-860c-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{cd255f36-f339-11e2-860c-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{ec617ae6-f01f-11e2-8b73-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{ec617ae6-f01f-11e2-8b73-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{ec617ae6-f01f-11e2-8b73-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca9f-f2e1-11e2-83a4-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca9f-f2e1-11e2-83a4-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca9f-f2e1-11e2-83a4-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\L755\AppData\Local\Microsoft\Windows NT\DiskQuota
 * C:\Users\L755\AppData\Local\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0V601ZUC
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\13T8T6GZ
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6L0RZMK7
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\79M62444
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CCF7GGNA
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DFSHQFDY
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WV4HCVUO
 * C:\Users\L755\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\X6SO2W5B
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\0\0b91cd5983ad43598e32f6ba25417d3f_CNT.BIN [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\0\EventStateTable [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693423.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693424.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693425.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693426.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693427.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693428.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693429.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693430.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693431.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693432.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693433.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693434.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693435.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693436.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\0000095672_000000000000000693437.jpg [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f26^2f000^2f000^2f000^2f041\179.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f32^2f000^2f000^2f000^2f041\704.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f37^2f000^2f000^2f000^2f041\773.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f3^2f000^2f000^2f000^2f041\753.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f77^2f000^2f000^2f000^2f041\508.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f99^2f000^2f000^2f000^2f041\644.gif [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\OfficeStarter\3\default.manifest [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache\QPY8VZV9
 * C:\Users\L755\AppData\LocalLow\Microsoft\Windows\AppCache\QPY8VZV9\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\1TW2G6VD
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\CD332LBP
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\G5H8PDTX
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\0EYV82W7
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\1ZXX7EII
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\2VG4BZON
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\8J00TYDL
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\CO6CNG6L
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\K44T0KCO
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\LZJGHGOE
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\VUC22MYH
 * C:\Users\L755\AppData\Roaming\Microsoft\Internet Explorer\UserData\Z8GFVLEN
 * C:\Users\L755\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1001\698578be-fa2f-412b-9d91-528baf635787 [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1001\Preferred [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Templates\~$Normal.dotm [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\IETldCache\Low\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE\container.dat [File]
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\L755\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\container.dat [File]
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.IE5\container.dat [File]
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.MSO
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Content.Word
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\1FJ33VGZ
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\container.dat [File]
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\CWXMYYYA
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Low\Content.IE5\EW8L2R0J
 * C:\Users\L755\Documents\Internet Tracking Cookies\Temporary Internet Files\Virtualized
 * C:\Users\L755\Documents\~$Sue.docx [File]
 * C:\Users\L755\ntuser.dat.LOG1 [File]
 * C:\Users\L755\ntuser.dat.LOG2 [File]
 * C:\Users\L755\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\L755\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{2d87b2a0-f2e0-11e2-bb38-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\ntuser.dat{2d87b2a0-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{2d87b2a0-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{2e86084d-f313-11e2-b493-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\ntuser.dat{2e86084d-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{2e86084d-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{b0e8915b-efca-11e2-988c-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\ntuser.dat{b0e8915b-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{b0e8915b-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{e4eba557-f01a-11e2-ae0a-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\ntuser.dat{e4eba557-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{e4eba557-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{f1b91139-f310-11e2-aaff-047d7b68f920}.TM.blf [File]
 * C:\Users\L755\ntuser.dat{f1b91139-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\L755\ntuser.dat{f1b91139-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\L755\ntuser.ini [File]
 * C:\Users\L755\Searches\Everywhere.search-ms [File]
 * C:\Users\L755\Searches\Indexed Locations.search-ms [File]
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\Sue\AppData\Local\IconCache.db [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\2UFMZ9CU
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\ES1YN2H7
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\O3H61TWT
 * C:\Users\Sue\AppData\Local\Microsoft\Feeds Cache\Z1XT1VQS
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013071520130722\container.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013072220130723\container.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\History\Low\History.IE5\container.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860765-f313-11e2-b493-047d7b68f920}.TM.blf [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860765-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{2e860765-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{5295ed1f-f149-11e2-abb5-047d7b68f920}.TM.blf [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{5295ed1f-f149-11e2-abb5-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{5295ed1f-f149-11e2-abb5-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca91-f2e1-11e2-83a4-047d7b68f920}.TM.blf [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca91-f2e1-11e2-83a4-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\UsrClass.dat{edc1ca91-f2e1-11e2-83a4-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\17NDAW27
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8ZGNXWLX
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\C8W0DZJL
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat [File]
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\QQL8EZIK
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache\QV97QDXP
 * C:\Users\Sue\AppData\LocalLow\Microsoft\Windows\AppCache\QV97QDXP\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1002\dbe05c3c-a207-47fd-ae5d-48da4ab0eaa5 [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Protect\S-1-5-21-2983473353-2058535249-1636593342-1002\Preferred [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat [File]
 * C:\Users\Sue\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Sue\ntuser.dat [File]
 * C:\Users\Sue\ntuser.dat.LOG1 [File]
 * C:\Users\Sue\ntuser.dat.LOG2 [File]
 * C:\Users\Sue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Sue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\ntuser.dat{2d87b2a4-f2e0-11e2-bb38-047d7b68f920}.TM.blf [File]
 * C:\Users\Sue\ntuser.dat{2d87b2a4-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\ntuser.dat{2d87b2a4-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\ntuser.dat{f1b9113d-f310-11e2-aaff-047d7b68f920}.TM.blf [File]
 * C:\Users\Sue\ntuser.dat{f1b9113d-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Sue\ntuser.dat{f1b9113d-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Sue\Searches\Everywhere.search-ms [File]
 * C:\Users\Sue\Searches\Indexed Locations.search-ms [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_32\index1e7.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_32\index1e8.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_64\index1f4.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_64\index1f5.dat [File]
 * C:\Windows\assembly\PublisherPolicy.tme [File]
 * C:\Windows\assembly\pubpol7.dat [File]
 * C:\Windows\AxInstSV
 * C:\Windows\debug\CompLogs
 * C:\Windows\debug\IALogs
 * C:\Windows\Fonts\fms_metadata.xml [File]
 * C:\Windows\Fonts\StaticCache.dat [File]
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE
 * C:\Windows\Installer\$PatchCache$\Managed\076CFAAAB965F2A4284B2449E5D03EFE\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0
 * C:\Windows\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B
 * C:\Windows\Installer\$PatchCache$\Managed\4A4869755DDD3AC4E98AB77E9D95D34B\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032
 * C:\Windows\Installer\$PatchCache$\Managed\4E42866C3BBC1584BBF38EFC6D539032\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D
 * C:\Windows\Installer\$PatchCache$\Managed\52744B0D6663D294EB6F85A741DBB99D\15.4.2862
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440
 * C:\Windows\Installer\$PatchCache$\Managed\60EA627A3AAA1D34783E075F0113F440\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8
 * C:\Windows\Installer\$PatchCache$\Managed\6116D6C8427B0184F8D20D746E7B6DE8\15.4.5722
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4
 * C:\Windows\Installer\$PatchCache$\Managed\7B292C385A83B0447A137070E0186AF4\15.4.3508
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694
 * C:\Windows\Installer\$PatchCache$\Managed\88119C0AF88C68E4396EDCC7A9626694\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03
 * C:\Windows\Installer\$PatchCache$\Managed\A57765D93F393A44082948E08362ED03\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84
 * C:\Windows\Installer\$PatchCache$\Managed\C7BCDCEDCC85568419FA26F77989EF84\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6
 * C:\Windows\Installer\$PatchCache$\Managed\CF454FAAAC2892F4BA13A60149587EE6\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98
 * C:\Windows\Installer\$PatchCache$\Managed\CFD2C1F142D260E3CB8B271543DA9F98\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1
 * C:\Windows\Installer\$PatchCache$\Managed\D04BB691875110D32B98EBCF771AA1E1\10.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295
 * C:\Windows\Installer\$PatchCache$\Managed\E08F45ADC1622A148A5545A941F4F295\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276
 * C:\Windows\Installer\$PatchCache$\Managed\EEDB8CDDCACDD4042875E3D8B4874276\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2d87b294-f2e0-11e2-bb38-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2d87b294-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2d87b294-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2e860841-f313-11e2-b493-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2e860841-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{2e860841-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{8e70971e-f1c9-11e2-a459-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{8e70971e-f1c9-11e2-a459-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{8e70971e-f1c9-11e2-a459-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b0e89155-efca-11e2-988c-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b0e89155-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b0e89155-efca-11e2-988c-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{d4b0e3f7-f06d-11e2-93b5-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{d4b0e3f7-f06d-11e2-93b5-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{d4b0e3f7-f06d-11e2-93b5-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{e4eba54b-f01a-11e2-ae0a-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{e4eba54b-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{e4eba54b-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f1b9112d-f310-11e2-aaff-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f1b9112d-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f1b9112d-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2d87b298-f2e0-11e2-bb38-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2d87b298-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2d87b298-f2e0-11e2-bb38-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2e860845-f313-11e2-b493-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2e860845-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2e860845-f313-11e2-b493-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{8e70971a-f1c9-11e2-a459-806e6f6e6963}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{8e70971a-f1c9-11e2-a459-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{8e70971a-f1c9-11e2-a459-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b0e89151-efca-11e2-988c-806e6f6e6963}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b0e89151-efca-11e2-988c-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b0e89151-efca-11e2-988c-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{d4b0e3f2-f06d-11e2-93b5-806e6f6e6963}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{d4b0e3f2-f06d-11e2-93b5-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{d4b0e3f2-f06d-11e2-93b5-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{e4eba54f-f01a-11e2-ae0a-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{e4eba54f-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{e4eba54f-f01a-11e2-ae0a-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f1b91131-f310-11e2-aaff-047d7b68f920}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f1b91131-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f1b91131-f310-11e2-aaff-047d7b68f920}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\Tasks\SA.DAT [File]
 * C:\Windows\WindowsShell.Manifest [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-baseapinamespace_31bf3856ad364e35_6.1.7601.17514_none_a4272f399040a523\api-ms-win-core-ums-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-d..evelapisets-windows_31bf3856ad364e35_7.1.7601.16492_none_e249fd3fed68cb81\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-com_31bf3856ad364e35_7.1.7601.16492_none_5b1161f912e23f6d\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\Temp\PendingDeletes
 * C:\Windows\winsxs\x86_microsoft-windows-d..evelapisets-windows_31bf3856ad364e35_7.1.7601.16492_none_862b61bc350b5a4b\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-com_31bf3856ad364e35_7.1.7601.16492_none_fef2c6755a84ce37\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-security-base-l1-1-0.dll [File]

Finished scanning the C:\ drive. 983 hidden items found.

Scanning the Q:\ drive

Finished scanning the Q:\ drive. 0 hidden items found.

Program finished at: 07/23/2013 02:35:04 AM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

 

O



#14 Panda18

Panda18
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 July 2013 - 04:52 AM

Sorry, having trouble understanding AutoRuns - will try again - after a few hours of sleep.  Good night.



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:43 PM

Posted 23 July 2013 - 06:51 AM

Autoruns has a tick on the Left side of most programs. You Remove that tick to disable the listed item

 

I'm older (and can remember when computers came with 2 floppy drives).  < Mine came with a Tape Drive and no Floppys

 

Uninstall Advanced System Care from iObit since this contains a rogue Registry Cleaner, and is regarded as an unwanted program. It has an Antivirus program that will not "play" with other Antivirus or Antimalware programs. It also contains its own internal Spy program to send information back to them. The program leaves remains after you remove it, so extra care is needed. First use their uninstaller and then Visit this site, or follow the links provided >> http://singularlabs.com/uninstallers/security-software/
Item #17 IObit > Info > Tool (Note: Cleans left-overs after a normal uninstall)

usually zdnet or cnet (after reading reviews). < CNET is about the last place I would go. They include Wrappers (trackers) with most downloads.
 

I do not think you have infections, just a few unwise installs that have now been generally cleaned up.

 

Please tell us of any "general problems" that you still have -

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users