Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant overclocking on Computer and frequent random sys shutdowns


  • This topic is locked This topic is locked
29 replies to this topic

#1 abeattie3

abeattie3

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 06 January 2016 - 12:34 AM

Here is the LINK to the original post in "A I I " and below are the FRST Scan and Addition Logs

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015

Ran by thedi (administrator) on DESKTOP-BCA0LPH (05-01-2016 21:23:33)
Running from C:\Users\thedi\Downloads
Loaded Profiles: thedi (Available Profiles: thedi)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Tempo Semiconductor Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6366.43091.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1712656 2015-12-16] (Tempo Semiconductor Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2015-12-16] (Hewlett-Packard )
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12783848 2015-12-25] (Zemana Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [876216 2015-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\MountPoints2: {7295c0a9-a47d-11e5-ba8a-806e6f6e6963} - "F:\Windows\DigitalDJ2_Install.exe" 
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\MountPoints2: {7c4f51b5-af8b-11e5-ba96-38b1dbe53ea4} - "E:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Lightning.lnk [2016-01-03]
ShortcutTarget: Desktop Lightning.lnk -> C:\Program Files (x86)\Desktop Lightning\Desktop Lightning.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 76.14.96.13 76.14.96.14 76.14.0.9
Tcpip\..\Interfaces\{07f41f3e-7003-4804-9893-5fc092d20d02}: [DhcpNameServer] 76.14.96.13 76.14.96.14 76.14.0.9
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-18] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-18] (Webroot)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-27] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-11] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-11] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-12-23] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> Logo Creator
CHR Profile: C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2015-12-16]
CHR Extension: (Google Drive) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (Keeper Web App) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb [2015-12-16]
CHR Extension: (Audiotool) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-12-16]
CHR Extension: (YouTube) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Zoho Books - Accounting App) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bofkljikicigiihfejbhanejhmbchdji [2015-12-16]
CHR Extension: (Animoto Video Maker) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cambaldalpopjjmpfogbpikpbhembepl [2015-12-16]
CHR Extension: (Google Search) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (WifiTransfer - Instant wireless file transfer) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmnhcblgohjilfjffdkfikgpakhgajc [2015-12-16]
CHR Extension: (Security Plus) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkcmflbdogcbjahoblehnlonjedkmoh [2015-12-16]
CHR Extension: (Adobe Acrobat) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-27]
CHR Extension: (VTchromizer) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-12-16]
CHR Extension: (AudioRecorder) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2015-12-16]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-12-16]
CHR Extension: (ButtonBass Dubstep Piano) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejnmbkpbdancllfaneekiijkgapeac [2015-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-17]
CHR Extension: (TeamGantt Project Management) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-12-16]
CHR Extension: (CloudConvert) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2015-12-16]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2016-01-04]
CHR Extension: (Roomstyler 3D planner) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2015-12-16]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2015-12-16]
CHR Extension: (Virtual Dice Rolling) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpfdffpbhljllhbidbgjcdgeioeoncb [2015-12-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-12-20]
CHR Extension: (TrackingTime 
 Time Tracker) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2015-12-16]
CHR Extension: (Pic Maker) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmgcbgahjfokkiniknnafmeoaolkfab [2015-12-16]
CHR Extension: (Wideo.co - Make videos online) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledkjpbciojmafidaknnhannhonfokce [2015-12-16]
CHR Extension: (Webcam Toy) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-12-16]
CHR Extension: (TwistedWave) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-12-16]
CHR Extension: (Boomerang for Gmail) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-01-05]
CHR Extension: (ButtonBass HipHop Cube) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkbdcmcdlbnbidfbijmpmholgmidkef [2015-12-16]
CHR Extension: (UberConference) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhhfpdlccblfofockeabmalggfhelcgj [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
CHR Extension: (Video Cutter) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2015-12-16]
CHR Extension: (Audio Converter) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2015-12-30]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-12-16]
CHR Extension: (Beautiful Audio Editor) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiblndpcefmebnkjnjfplijnelbcjmm [2015-12-16]
CHR Extension: (Gmail) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Audio Cutter) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-12-16]
CHR Extension: (YouiDraw Logo Creator) - C:\Users\thedi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmdikniemaokeigdgfkaihkldilkjmgi [2015-12-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-12-16] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350216 2015-12-16] (Tempo Semiconductor Inc.)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51712 2014-06-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12783848 2015-12-25] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [85704 2014-06-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-06-16] (Advanced Micro Devices, Inc.)
S3 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [230088 2014-06-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-22] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-12-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7551240 2015-09-22] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-09-22] (Realsil Semiconductor Corporation)
R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [561672 2015-12-16] (Tempo Semiconductor Inc.)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-12-18] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-18] (Webroot)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202144 2015-12-27] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2015-12-27] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-05 21:23 - 2016-01-05 21:23 - 00024001 _____ C:\Users\thedi\Downloads\FRST.txt
2016-01-05 21:23 - 2016-01-05 21:23 - 00000000 ____D C:\FRST
2016-01-05 21:22 - 2016-01-05 21:23 - 02370560 _____ (Farbar) C:\Users\thedi\Downloads\FRST64.exe
2016-01-05 12:03 - 2016-01-05 12:03 - 00008948 _____ C:\Users\thedi\Documents\cc_20160105_120348.reg
2016-01-05 00:24 - 2016-01-05 00:24 - 00001961 _____ C:\Users\thedi\Documents\9lab-log-2016-01-05 (00-22-42).txt
2016-01-04 20:30 - 2016-01-04 20:30 - 00007684 _____ C:\Users\thedi\Documents\cc_20160104_203017.reg
2016-01-04 06:09 - 2016-01-04 06:11 - 00083824 _____ C:\TDSSKiller.3.1.0.9_04.01.2016_06.09.32_log.txt
2016-01-04 06:09 - 2016-01-04 06:09 - 00000000 ____D C:\Users\thedi\Downloads\tdsskiller
2016-01-04 05:21 - 2016-01-04 05:21 - 00000000 ____H C:\Users\thedi\Documents\Default.rdp
2016-01-04 04:55 - 2016-01-04 05:06 - 00000000 ____D C:\Users\thedi\AppData\Local\LogMeIn Rescue Calling Card
2016-01-04 04:13 - 2016-01-04 05:04 - 00000000 ____D C:\Users\thedi\AppData\Local\LogMeIn Rescue Applet
2016-01-04 04:13 - 2016-01-04 04:13 - 01573792 _____ (LogMeIn, Inc.) C:\Users\thedi\Downloads\Support-LogMeInRescue.exe
2016-01-04 03:58 - 2016-01-04 03:58 - 04633146 _____ C:\Users\thedi\Downloads\tdsskiller.zip
2016-01-04 03:54 - 2016-01-04 03:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\thedi\Downloads\rkill (1).exe
2016-01-04 03:53 - 2016-01-04 03:54 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\thedi\Downloads\ListCWall.exe
2016-01-03 15:52 - 2016-01-03 15:52 - 08415501 _____ C:\Users\thedi\Downloads\IMG_04711-Recovered.psd
2016-01-03 15:50 - 2016-01-03 15:50 - 448384588 _____ C:\Users\thedi\Documents\sahar 1-4.pcapng
2016-01-03 15:50 - 2016-01-03 15:50 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Wireshark
2016-01-03 14:09 - 2016-01-03 14:09 - 00000000 ____D C:\ProgramData\Reprise
2016-01-03 14:08 - 2016-01-04 03:24 - 00000000 ____D C:\Users\thedi\AppData\Local\SketchList 3D v4
2016-01-03 14:08 - 2016-01-03 14:08 - 00001142 _____ C:\Users\Public\Desktop\SketchList 3D Pro v4.lnk
2016-01-03 14:08 - 2016-01-03 14:08 - 00000000 ____D C:\ProgramData\SketchList 3D v4
2016-01-03 14:08 - 2016-01-03 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchList 3D Pro v4
2016-01-03 14:08 - 2016-01-03 14:08 - 00000000 ____D C:\Program Files (x86)\SketchList 3D Pro v4
2016-01-03 14:08 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-01-03 14:08 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-01-03 14:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-01-03 14:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-01-03 12:58 - 2016-01-03 14:08 - 82644992 _____ C:\Users\thedi\Downloads\SketchList_3D_V4.msi
2016-01-03 12:03 - 2016-01-03 12:03 - 00005100 _____ C:\Users\thedi\Documents\cc_20160103_120302.reg
2016-01-03 12:02 - 2016-01-03 12:02 - 00048866 _____ C:\Users\thedi\Documents\cc_20160103_120235.reg
2016-01-03 11:52 - 2016-01-03 11:52 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-03 11:52 - 2016-01-03 11:52 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-03 11:52 - 2016-01-03 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-03 11:52 - 2016-01-03 11:52 - 00000000 ____D C:\Program Files\CCleaner
2016-01-03 11:41 - 2016-01-03 11:52 - 05565384 _____ (Piriform Ltd) C:\Users\thedi\Downloads\ccsetup512_slim.exe
2016-01-03 11:41 - 2016-01-03 11:41 - 00001220 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2016-01-03 11:41 - 2016-01-03 11:41 - 00000000 ____D C:\Users\thedi\AppData\Local\AntiLogger Free
2016-01-03 11:41 - 2016-01-03 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2016-01-03 11:41 - 2016-01-03 11:41 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2016-01-03 11:41 - 2016-01-03 11:41 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2016-01-03 11:41 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2016-01-03 11:40 - 2016-01-03 11:42 - 00696984 _____ (Sysinternals - www.sysinternals.com) C:\Users\thedi\Downloads\autoruns.exe
2016-01-03 11:37 - 2016-01-03 11:41 - 03719928 _____ (Zemana Ltd. ) C:\Users\thedi\Downloads\AntiLoggerFree_Setup.exe
2016-01-03 11:32 - 2016-01-03 11:32 - 00001834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-01-03 11:32 - 2016-01-03 11:32 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-01-03 11:32 - 2016-01-03 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-01-03 11:32 - 2016-01-03 11:32 - 00000000 ____D C:\Program Files\USBPcap
2016-01-03 11:32 - 2016-01-03 11:32 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-01-03 11:31 - 2016-01-03 11:32 - 00000000 ____D C:\Program Files\Wireshark
2016-01-03 11:30 - 2016-01-03 11:31 - 47333544 _____ (Wireshark development team) C:\Users\thedi\Downloads\Wireshark-win64-2.0.1.exe
2016-01-03 06:19 - 2016-01-03 06:19 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2016-01-03 06:16 - 2016-01-03 06:16 - 02409672 _____ C:\Users\thedi\Desktop\finishline-NEW1.psd
2016-01-03 05:45 - 2016-01-04 05:52 - 00003310 _____ C:\Users\thedi\Desktop\Rkill.txt
2016-01-03 05:19 - 2016-01-03 05:19 - 11199448 _____ (VS Revo Group ) C:\Users\thedi\Downloads\RevoUninProSetup.exe
2016-01-03 05:19 - 2016-01-03 05:19 - 00001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-01-03 05:19 - 2016-01-03 05:19 - 00000000 ____D C:\Users\thedi\AppData\Local\VS Revo Group
2016-01-03 05:19 - 2016-01-03 05:19 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-03 05:19 - 2016-01-03 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-03 05:19 - 2016-01-03 05:19 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-03 05:19 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-01-03 05:18 - 2016-01-03 05:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\thedi\Downloads\revosetup.exe
2016-01-03 05:18 - 2016-01-03 05:18 - 00001348 _____ C:\Users\thedi\Desktop\Revo Uninstaller.lnk
2016-01-03 05:18 - 2016-01-03 05:18 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-01-03 05:18 - 2016-01-03 05:18 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-01-03 05:04 - 2016-01-03 05:04 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Lightning.lnk
2016-01-03 05:04 - 2016-01-03 05:04 - 00001037 _____ C:\Users\Public\Desktop\Desktop Lightning.lnk
2016-01-03 05:04 - 2016-01-03 05:04 - 00000000 ____D C:\Users\thedi\AppData\Roaming\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1
2016-01-03 05:04 - 2016-01-03 05:04 - 00000000 ____D C:\Users\thedi\AppData\Roaming\com.desktoplightning.airapp
2016-01-03 05:04 - 2016-01-03 05:04 - 00000000 ____D C:\Program Files (x86)\Desktop Lightning
2016-01-03 04:49 - 2016-01-03 04:49 - 00000000 ___RD C:\Sandbox
2016-01-03 04:48 - 2016-01-03 04:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-01-03 04:48 - 2016-01-03 04:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-01-03 04:47 - 2016-01-03 04:48 - 18348472 _____ (Adobe Systems Inc.) C:\Users\thedi\Downloads\AdobeAIRInstaller.exe
2016-01-03 04:47 - 2016-01-03 04:47 - 00053970 _____ C:\Users\thedi\Downloads\DesktopLightning.air
2015-12-31 22:23 - 2015-12-31 22:23 - 00000000 ____D C:\Users\thedi\VirtualBox VMs
2015-12-31 21:52 - 2015-12-31 23:38 - 00000000 ____D C:\Users\thedi\.VirtualBox
2015-12-31 21:51 - 2015-12-31 21:51 - 00001156 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-12-31 21:51 - 2015-12-31 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-12-31 21:51 - 2015-12-31 21:51 - 00000000 ____D C:\Program Files\Oracle
2015-12-31 21:51 - 2015-12-18 17:08 - 00965440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2015-12-31 21:51 - 2015-12-18 17:08 - 00138904 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2015-12-31 18:37 - 2015-12-31 21:51 - 117163720 _____ (Oracle Corporation) C:\Users\thedi\Downloads\VirtualBox-5.0.12-104815-Win.exe
2015-12-31 07:49 - 2015-12-31 07:51 - 503579354 _____ C:\Users\thedi\Desktop\Desktop.7z
2015-12-31 01:06 - 2015-12-31 01:09 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Apple Computer
2015-12-31 01:06 - 2015-12-31 01:06 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\Users\thedi\AppData\Local\Apple Computer
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\Program Files\iTunes
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\Program Files\iPod
2015-12-31 01:06 - 2015-12-31 01:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-31 01:05 - 2015-12-31 01:05 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-31 01:05 - 2015-12-31 01:05 - 00000000 ____D C:\Users\thedi\AppData\Local\Apple
2015-12-31 01:05 - 2015-12-31 01:05 - 00000000 ____D C:\Program Files\Bonjour
2015-12-31 01:05 - 2015-12-31 01:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-31 01:05 - 2015-12-31 01:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-31 01:04 - 2015-12-31 01:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-31 00:56 - 2015-12-31 01:03 - 167583000 _____ (Apple Inc.) C:\Users\thedi\Downloads\iTunes6464Setup.exe
2015-12-30 17:05 - 2015-12-30 17:05 - 00059387 _____ C:\Users\thedi\Documents\Please review your Order Packet - bbeattie@finishlineipcom - Finish Line Invest.pdf
2015-12-30 17:04 - 2015-12-30 17:04 - 00646059 _____ C:\Users\thedi\Downloads\12966466 (1).PDF
2015-12-30 13:55 - 2015-12-30 13:57 - 26356440 _____ C:\Users\thedi\Downloads\logo-design.zip
2015-12-29 18:15 - 2015-12-28 12:10 - 00125158 _____ C:\Users\thedi\Desktop\crossing-finish-line-1451310.jpeg
2015-12-29 01:51 - 2015-12-29 02:43 - 00000000 ____D C:\Users\thedi\AppData\Roaming\VTExtra
2015-12-29 01:49 - 2016-01-05 21:14 - 00000000 ____D C:\Users\thedi\AppData\Local\LincolnCasino
2015-12-29 01:49 - 2015-12-29 01:51 - 00000000 ____D C:\Users\thedi\AppData\Local\VTShared
2015-12-28 20:19 - 2015-12-28 20:19 - 02691746 _____ C:\Users\thedi\Desktop\can-stock-photo_csp26995849.psd
2015-12-28 12:11 - 2015-12-28 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-28 12:10 - 2015-12-28 12:10 - 00125158 _____ C:\Users\thedi\Downloads\crossing-finish-line-1451310.jpeg
2015-12-28 07:07 - 2015-12-28 07:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-27 21:02 - 2015-12-27 21:02 - 00165520 _____ C:\Users\thedi\Desktop\can-stock-photo_csp26995849.svg
2015-12-27 20:59 - 2015-12-30 01:21 - 00000033 _____ C:\Users\thedi\AppData\Roaming\AdobeWLCMCache.dat
2015-12-27 20:38 - 2015-12-27 20:38 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
2015-12-27 20:38 - 2015-12-27 20:38 - 00000000 ____D C:\Users\thedi\Documents\Avery Templates for Adobe
2015-12-27 20:13 - 2015-12-27 20:13 - 00000000 ___RD C:\Users\thedi\3D Objects
2015-12-27 19:22 - 2015-12-27 19:22 - 11310105 _____ C:\Users\thedi\Downloads\documents-export-2014-11-14.zip
2015-12-27 17:55 - 2015-12-27 17:55 - 00007242 _____ C:\Users\thedi\Documents\9lab-log-2015-12-27 (17-14-35).txt
2015-12-27 17:14 - 2015-12-27 17:14 - 00000986 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\Users\thedi\AppData\Roaming\9-lab
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\ProgramData\9-lab
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\Program Files\9-lab
2015-12-27 17:13 - 2015-12-27 17:14 - 06034432 _____ C:\Users\thedi\Downloads\rmtool-setup-x64.exe
2015-12-27 17:02 - 2015-12-27 17:02 - 00002366 _____ C:\Users\Public\Desktop\Tweaking.com - Simple System Tweaker.lnk
2015-12-27 17:02 - 2015-12-27 17:02 - 00000000 ____D C:\RegBackup
2015-12-27 17:02 - 2015-12-27 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-27 17:02 - 2015-12-27 17:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-27 16:59 - 2015-12-27 17:01 - 00640680 _____ C:\TDSSKiller.3.1.0.9_27.12.2015_16.59.32_log.txt
2015-12-27 16:57 - 2015-12-27 16:58 - 00008576 _____ C:\TDSSKiller.3.1.0.9_27.12.2015_16.57.42_log.txt
2015-12-27 16:50 - 2016-01-05 20:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-27 16:50 - 2015-12-28 18:34 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 16:44 - 2016-01-03 06:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-27 16:44 - 2016-01-03 05:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-27 16:44 - 2015-12-27 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-27 16:43 - 2016-01-03 06:46 - 00000000 ____D C:\Users\thedi\Desktop\mbar
2015-12-27 16:43 - 2016-01-03 05:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-27 16:26 - 2016-01-05 21:22 - 00835270 _____ C:\WINDOWS\ZAM.krnl.trace
2015-12-27 16:26 - 2016-01-05 20:34 - 00000407 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2015-12-27 16:25 - 2015-12-28 12:11 - 00001152 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-27 16:25 - 2015-12-28 12:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-12-27 16:25 - 2015-12-27 16:25 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-12-27 16:25 - 2015-12-27 16:25 - 00202144 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-12-27 16:25 - 2015-12-27 16:25 - 00000000 ____D C:\Users\thedi\AppData\Local\Zemana
2015-12-27 16:22 - 2015-12-27 16:22 - 00002168 _____ C:\Users\thedi\Downloads\FSS.txt
2015-12-27 16:13 - 2015-12-27 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-27 16:12 - 2015-12-27 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-27 16:10 - 2015-12-27 16:10 - 01104472 _____ (Microsoft Corporation) C:\Users\thedi\Downloads\Setup.X86.en-US_HomeStudentRetail_1b6cd293-b9d6-4dbd-8ee1-db9509b1c9d8_TX_PR_.exe
2015-12-27 16:10 - 2015-12-27 16:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-27 14:55 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-27 14:55 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-27 14:55 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-27 14:55 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-27 14:55 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-27 14:55 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-27 14:55 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-27 14:55 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-27 14:55 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-27 14:55 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-27 14:55 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-27 14:55 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-27 14:55 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-27 14:55 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-27 14:55 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-27 14:55 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-27 14:55 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-27 14:55 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-27 14:55 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-27 14:55 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-27 14:55 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-27 14:55 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-27 14:55 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-27 14:55 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-27 14:55 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-27 14:55 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-27 14:55 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-27 14:55 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-27 14:55 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-27 14:55 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-27 14:55 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-27 14:55 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-27 14:55 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-27 14:55 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-27 14:55 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-27 14:55 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-27 14:55 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-27 14:55 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-27 14:55 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-27 14:55 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-27 14:55 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-27 14:55 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-27 14:55 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-27 14:55 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-27 14:55 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-27 14:55 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-27 14:55 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-27 14:55 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-27 14:55 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-27 14:55 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-27 14:55 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-27 14:55 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-27 14:55 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-27 14:55 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-27 14:55 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-27 14:55 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-27 14:55 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-27 14:55 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-27 14:55 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-27 14:55 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-27 14:55 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-27 14:55 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-27 14:55 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-27 14:55 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-27 14:55 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-27 14:55 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-27 14:55 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-27 14:55 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-27 14:55 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-27 14:55 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-27 14:55 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-27 14:55 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-27 13:35 - 2015-12-27 13:35 - 00291606 _____ C:\Users\thedi\Downloads\TCPView.zip
2015-12-27 13:35 - 2015-12-27 13:35 - 00000000 ____D C:\Users\thedi\Downloads\TCPView
2015-12-27 13:32 - 2015-12-27 17:01 - 03443632 _____ C:\Users\thedi\Downloads\tweaking.com_simple_system_tweaker_setup.exe
2015-12-27 12:56 - 2015-12-27 13:09 - 00733256 _____ (Adlice Software) C:\Users\thedi\Downloads\TaskSTRun.exe
2015-12-27 12:48 - 2015-12-27 12:48 - 00000000 ____D C:\Users\thedi\AppData\Local\ActiveSync
2015-12-27 12:46 - 2015-12-27 12:46 - 00000020 ___SH C:\Users\thedi\ntuser.ini
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-27 06:54 - 2015-12-27 06:54 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-27 06:51 - 2016-01-05 20:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-27 06:51 - 2015-12-27 06:51 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-27 06:46 - 2015-12-27 06:46 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-27 06:44 - 2015-12-27 06:47 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-27 06:43 - 2016-01-04 20:26 - 00000000 ____D C:\Users\thedi
2015-12-27 06:43 - 2015-12-27 06:43 - 00000000 _SHDL C:\Users\thedi\My Documents
2015-12-27 06:43 - 2015-12-27 06:43 - 00000000 _SHDL C:\Users\thedi\Documents\My Videos
2015-12-27 06:43 - 2015-12-27 06:43 - 00000000 _SHDL C:\Users\thedi\Documents\My Pictures
2015-12-27 06:43 - 2015-12-27 06:43 - 00000000 _SHDL C:\Users\thedi\Documents\My Music
2015-12-27 06:41 - 2016-01-04 05:32 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-27 06:41 - 2015-12-27 06:41 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-27 06:41 - 2015-12-27 06:41 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-27 06:41 - 2015-12-27 06:41 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-27 06:41 - 2015-12-27 06:41 - 00000000 ____D C:\Program Files\AMD
2015-12-27 06:41 - 2015-12-27 06:41 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-12-27 06:40 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-27 06:38 - 2015-12-27 16:58 - 00232664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-27 06:37 - 2016-01-03 12:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-27 06:34 - 2015-12-27 06:34 - 00000000 ____D C:\Windows.old
2015-12-27 06:33 - 2015-12-27 06:33 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-27 06:33 - 2015-12-27 06:33 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-27 06:33 - 2015-12-27 06:33 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-27 06:33 - 2015-12-27 06:33 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-27 06:33 - 2015-12-27 06:33 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-27 06:33 - 2015-12-27 06:33 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-27 06:33 - 2015-12-27 06:33 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-27 06:33 - 2015-12-27 06:33 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-27 06:33 - 2015-12-27 06:33 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-27 06:30 - 2015-12-27 06:30 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-27 06:28 - 2015-12-27 06:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-27 06:28 - 2015-12-27 06:28 - 00000000 ____D C:\Program Files\MSBuild
2015-12-27 06:28 - 2015-12-27 06:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-27 06:28 - 2015-12-27 06:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-27 06:28 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-27 06:28 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-27 06:28 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-27 06:27 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-27 06:27 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-27 06:27 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-27 06:15 - 2015-12-27 06:54 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-12-27 06:15 - 2015-12-27 06:54 - 00009528 _____ C:\WINDOWS\diagerr.xml
2015-12-27 04:38 - 2016-01-03 05:49 - 00000555 _____ C:\Users\thedi\Desktop\JRT.txt
2015-12-27 04:36 - 2015-12-27 04:36 - 00000000 ____D C:\Users\thedi\AppData\Local\CrashDumps
2015-12-27 04:08 - 2015-12-27 04:35 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-27 04:08 - 2015-12-27 04:08 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-27 04:04 - 2015-12-27 04:04 - 00024358 _____ C:\Users\thedi\Downloads\MTB.txt
2015-12-27 04:02 - 2015-12-27 04:08 - 20834888 _____ C:\Users\thedi\Downloads\RogueKiller.exe
2015-12-27 04:01 - 2015-12-27 16:25 - 05013792 _____ ( ) C:\Users\thedi\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-27 04:01 - 2015-12-27 04:02 - 00852798 _____ C:\Users\thedi\Downloads\SecurityCheck.exe
2015-12-27 04:00 - 2015-12-27 16:43 - 16563352 _____ (Malwarebytes Corp.) C:\Users\thedi\Downloads\mbar-1.09.3.1001.exe
2015-12-27 03:59 - 2016-01-03 05:45 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\thedi\Downloads\rkill.exe
2015-12-27 03:59 - 2015-12-27 16:57 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\thedi\Downloads\tdsskiller.exe
2015-12-27 03:58 - 2015-12-27 04:36 - 01599336 _____ (Malwarebytes) C:\Users\thedi\Downloads\JRT.exe
2015-12-24 16:35 - 2015-12-24 16:35 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-12-24 16:35 - 2015-12-24 16:35 - 00000000 ____D C:\Users\thedi\Documents\Adobe
2015-12-23 15:58 - 2015-12-23 15:58 - 00137613 _____ C:\Users\thedi\Desktop\MLSP-beginners-marketing-guide.pdf
2015-12-23 15:58 - 2015-12-23 15:58 - 00027604 _____ C:\Users\thedi\Desktop\MLSP-marketing-schedule.pdf
2015-12-23 14:22 - 2015-12-23 14:22 - 00000000 ____D C:\Users\thedi\Desktop\7-Zip
2015-12-23 14:18 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-23 14:18 - 2015-12-23 14:18 - 01365154 _____ (Igor Pavlov) C:\Users\thedi\Downloads\7z1512-x64.exe
2015-12-23 14:18 - 2015-12-23 14:18 - 00000000 ____D C:\Program Files\7-Zip
2015-12-23 13:17 - 2015-12-23 13:17 - 00000000 ____D C:\Users\thedi\AppData\Local\CEF
2015-12-23 12:39 - 2015-12-27 06:51 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-23 12:39 - 2015-12-23 12:39 - 00000000 ____D C:\Users\thedi\AppData\LocalLow\Adobe
2015-12-23 12:38 - 2015-12-24 13:21 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-12-23 12:38 - 2015-12-24 13:21 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-12-23 12:38 - 2015-12-23 12:38 - 00002098 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-12-23 12:29 - 2015-12-23 12:29 - 00646059 _____ C:\Users\thedi\Downloads\12966466.PDF
2015-12-23 12:06 - 2015-12-23 12:06 - 00000000 ___HD C:\OneDriveTemp
2015-12-21 06:08 - 2015-12-21 06:08 - 00000000 ____D C:\Users\thedi\AppData\Roaming\DigitalDJ17
2015-12-21 04:09 - 2015-12-27 06:51 - 00002704 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2015-12-21 04:09 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-21 04:09 - 2015-12-21 04:09 - 00002284 _____ C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-12-21 04:09 - 2015-12-21 04:09 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8610.lnk
2015-12-21 04:09 - 2015-12-21 04:09 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-12-21 04:09 - 2015-12-21 04:09 - 00000057 _____ C:\ProgramData\Ament.ini
2015-12-21 04:09 - 2015-12-21 04:09 - 00000000 ____D C:\Users\thedi\AppData\Roaming\HpUpdate
2015-12-21 04:09 - 2015-12-21 04:09 - 00000000 ____D C:\ProgramData\HP
2015-12-21 04:09 - 2015-12-21 04:09 - 00000000 ____D C:\Program Files\HP
2015-12-21 04:09 - 2015-12-21 04:09 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-21 04:09 - 2014-07-21 16:31 - 00763912 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPM7112.dll
2015-12-21 04:04 - 2015-12-21 04:09 - 00000000 ____D C:\Users\thedi\AppData\Local\HP
2015-12-21 03:05 - 2015-12-21 03:06 - 97375962 _____ C:\Users\thedi\Downloads\Sample1.wav
2015-12-20 09:59 - 2015-12-21 06:08 - 00000000 ____D C:\Users\thedi\AppData\Roaming\SongManager
2015-12-20 09:58 - 2015-12-27 06:47 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-12-20 09:58 - 2015-12-27 06:44 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-12-20 09:58 - 2015-12-20 09:58 - 00002175 _____ C:\Users\thedi\Desktop\MAGIX Digital DJ.lnk
2015-12-20 09:58 - 2015-12-20 09:58 - 00001218 _____ C:\Users\thedi\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2015-12-20 09:58 - 2015-12-20 09:58 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-12-20 09:58 - 2015-12-20 09:58 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2015-12-20 09:47 - 2015-12-20 09:47 - 00000000 ____D C:\Users\thedi\Desktop\VirtualDJ
2015-12-20 09:33 - 2015-12-20 09:38 - 1068686523 _____ C:\Users\thedi\Downloads\Backups-2015-12-20.zip
2015-12-20 09:09 - 2015-12-20 09:09 - 00000000 ____D C:\Identity
2015-12-19 10:30 - 2015-12-19 10:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-12-19 08:50 - 2016-01-05 18:16 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1936E1D0-2145-4576-8141-1369BDA7E0A6}
2015-12-19 08:50 - 2015-12-19 08:50 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Macromedia
2015-12-19 08:48 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Cat Casino
2015-12-19 08:48 - 2015-12-27 01:14 - 00000000 ____D C:\Program Files (x86)\Cool Cat Casino
2015-12-19 08:48 - 2015-12-19 08:48 - 00002014 _____ C:\Users\Public\Desktop\Cool Cat Casino.lnk
2015-12-19 08:47 - 2015-12-19 08:47 - 01432880 _____ (RealTimeGaming Software) C:\Users\thedi\Downloads\coolcatinstaller.exe
2015-12-19 02:34 - 2015-12-27 06:51 - 00002806 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-thedizzle33@live.com
2015-12-19 02:34 - 2015-12-19 02:34 - 00000000 ____D C:\Users\thedi\AppData\Local\AMD
2015-12-19 02:34 - 2015-12-19 02:34 - 00000000 ____D C:\Users\Public\Documents\Adobe
2015-12-19 02:32 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-19 02:32 - 2015-12-19 02:32 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2015-12-19 02:31 - 2016-01-03 06:19 - 00000000 ____D C:\Program Files\Adobe
2015-12-19 02:31 - 2015-12-27 20:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-19 02:31 - 2015-12-19 02:31 - 00000000 ____D C:\Program Files (x86)\My Company Name
2015-12-19 02:31 - 2012-06-22 03:01 - 00056336 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2015-12-19 02:31 - 2012-04-24 03:01 - 00011376 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2015-12-19 02:31 - 2012-04-24 03:01 - 00010864 _____ (Corel Corporation) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2015-12-19 02:24 - 2016-01-03 11:36 - 00000000 ___RD C:\Users\thedi\Creative Cloud Files
2015-12-19 02:24 - 2016-01-03 11:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-19 02:22 - 2015-12-19 02:22 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-12-19 02:22 - 2015-12-19 02:22 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-12-19 02:21 - 2016-01-03 04:49 - 00000000 ____D C:\ProgramData\Adobe
2015-12-19 02:20 - 2016-01-03 04:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-19 02:18 - 2016-01-05 12:27 - 00000000 ____D C:\Users\thedi\AppData\Local\Adobe
2015-12-18 22:45 - 2015-12-19 02:18 - 00689328 _____ (Adobe Systems Incorporated) C:\Users\thedi\Downloads\CreativeCloudSet-Up.exe
2015-12-18 22:08 - 2015-12-27 06:51 - 00002802 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForthedi
2015-12-18 22:08 - 2015-12-27 01:09 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForthedi.job
2015-12-18 17:08 - 2015-12-18 17:08 - 00194976 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2015-12-18 17:08 - 2015-12-18 17:08 - 00117768 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2015-12-18 05:55 - 2016-01-05 20:44 - 00000000 ____D C:\ProgramData\WRData
2015-12-18 05:55 - 2015-12-29 10:36 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-12-18 05:55 - 2015-12-29 10:36 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-12-18 05:55 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-12-18 05:55 - 2015-12-18 05:55 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-12-18 05:55 - 2015-12-18 05:55 - 00045104 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-12-18 05:55 - 2015-12-18 05:55 - 00000000 ____D C:\Users\thedi\AppData\LocalLow\LastPass
2015-12-18 05:55 - 2015-12-18 05:55 - 00000000 ____D C:\Users\thedi\AppData\Local\lptmp
2015-12-18 05:55 - 2015-12-18 05:55 - 00000000 ____D C:\Program Files\Webroot
2015-12-18 05:54 - 2015-12-18 05:54 - 00840768 _____ (Webroot) C:\Users\thedi\Downloads\wsabbs2.exe
2015-12-18 01:26 - 2015-12-18 01:26 - 00000000 ____D C:\Users\thedi\AppData\Roaming\iterate_GmbH
2015-12-17 18:45 - 2015-12-17 19:10 - 00006148 ____H C:\Users\thedi\.DS_Store
2015-12-17 18:45 - 2015-12-17 19:10 - 00000000 ____D C:\Users\thedi\MAC
2015-12-17 18:29 - 2015-12-17 18:29 - 00000000 __SHD C:\Users\thedi\wc
2015-12-17 18:29 - 2015-12-17 18:29 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Cyberduck
2015-12-17 18:28 - 2015-12-31 01:05 - 00000000 ____D C:\ProgramData\Apple
2015-12-17 05:18 - 2015-12-19 02:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-17 05:18 - 2015-12-17 05:18 - 00000000 ____D C:\SWSetup
2015-12-17 05:18 - 2015-12-17 05:18 - 00000000 ____D C:\Program Files\Broadcom
2015-12-17 05:17 - 2015-12-21 04:03 - 00000000 ____D C:\Users\thedi\Downloads\HP Downloads
2015-12-17 05:17 - 2015-12-18 22:08 - 00000000 ____D C:\Users\thedi\AppData\Local\Hewlett-Packard
2015-12-17 04:20 - 2015-12-17 04:20 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Hewlett-Packard
2015-12-17 04:12 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-17 04:12 - 2015-12-18 22:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-17 04:12 - 2015-12-17 04:12 - 00002311 _____ C:\Users\thedi\Desktop\HP Support Assistant.lnk
2015-12-17 04:12 - 2015-12-17 04:12 - 00000000 ____D C:\Users\thedi\AppData\Roaming\hpqLog
2015-12-17 04:12 - 2015-12-17 04:12 - 00000000 ____D C:\System.sav
2015-12-17 04:12 - 2015-12-17 04:12 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-12-17 03:56 - 2015-12-21 04:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-17 03:56 - 2015-12-18 22:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-17 02:43 - 2015-12-17 03:54 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\thedi\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-12-17 02:25 - 2015-12-17 02:25 - 00000000 ____D C:\Users\thedi\AppData\Local\ElevatedDiagnostics
2015-12-17 00:32 - 2015-12-27 04:02 - 00097280 ___SH C:\Users\thedi\Desktop\Thumbs.db
2015-12-16 23:50 - 2015-12-27 06:47 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-16 23:41 - 2016-01-05 20:46 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-16 23:41 - 2016-01-05 20:26 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-16 23:41 - 2015-12-27 06:51 - 00003440 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-16 23:41 - 2015-12-27 06:51 - 00003216 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-16 23:41 - 2015-12-27 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-16 23:41 - 2015-12-16 23:41 - 00002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 23:41 - 2015-12-16 23:41 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-16 23:39 - 2015-12-17 00:27 - 00000000 ____D C:\Users\thedi\AppData\Local\Google
2015-12-16 23:39 - 2015-12-08 19:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-16 23:38 - 2015-12-16 23:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-16 23:38 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-16 23:36 - 2015-12-16 23:36 - 02286848 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
2015-12-16 23:36 - 2015-12-16 23:36 - 00223024 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2015-12-16 23:36 - 2015-12-16 23:36 - 00208176 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
2015-12-16 23:36 - 2015-12-16 23:36 - 00101128 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwdi.dll
2015-12-16 23:36 - 2015-12-16 23:36 - 00058772 _____ C:\WINDOWS\system32\Drivers\BCM43142A0_001.001.011.0311.0328.hex
2015-12-16 23:35 - 2015-12-16 23:39 - 00927824 _____ (Google Inc.) C:\Users\thedi\Downloads\ChromeSetup.exe
2015-12-16 21:40 - 2015-12-16 21:41 - 00000000 ____D C:\Users\thedi\AppData\Local\MicrosoftEdge
2015-12-16 21:39 - 2015-12-16 21:39 - 00000000 ____D C:\Users\thedi\AppData\Local\NetworkTiles
2015-12-16 21:37 - 2015-12-27 13:13 - 00000000 ___RD C:\Users\thedi\OneDrive
2015-12-16 21:37 - 2015-12-27 12:50 - 00002420 _____ C:\Users\thedi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-16 21:37 - 2015-12-16 21:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-16 21:35 - 2015-12-27 14:48 - 00000000 ____D C:\Users\thedi\AppData\Local\Comms
2015-12-16 21:35 - 2015-12-16 21:35 - 00000000 ____D C:\Users\thedi\AppData\Local\Publishers
2015-12-16 21:34 - 2015-12-27 06:46 - 00000000 ____D C:\ProgramData\SoundResearch
2015-12-16 21:34 - 2015-12-27 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-12-16 21:34 - 2015-12-26 14:32 - 00000000 ____D C:\Users\thedi\AppData\Local\PackageStaging
2015-12-16 21:34 - 2015-12-16 21:34 - 06217784 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\stlang64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 03933496 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL
2015-12-16 21:34 - 2015-12-16 21:34 - 02458936 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 02242320 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\stapo64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 01907208 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-12-16 21:34 - 2015-12-16 21:34 - 01712656 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\sttray64.exe
2015-12-16 21:34 - 2015-12-16 21:34 - 01423128 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.DLL
2015-12-16 21:34 - 2015-12-16 21:34 - 00828872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00713960 ____N (Tempo Semiconductor Inc.) C:\WINDOWS\system32\stapi64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00661448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00561672 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\Drivers\stwrt64.sys
2015-12-16 21:34 - 2015-12-16 21:34 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00327632 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.DLL
2015-12-16 21:34 - 2015-12-16 21:34 - 00299192 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00299192 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.DLL
2015-12-16 21:34 - 2015-12-16 21:34 - 00265736 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\st646504.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00236184 _____ (Tempo Semiconductor Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00217832 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00093168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.DLL
2015-12-16 21:34 - 2015-12-16 21:34 - 00084008 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2015-12-16 21:34 - 2015-12-16 21:34 - 00050416 _____ (Hewlett-Packard ) C:\WINDOWS\system32\Beats64.exe
2015-12-16 21:34 - 2015-12-16 21:34 - 00000000 ____D C:\Program Files\IDT
2015-12-16 21:33 - 2016-01-03 12:03 - 00000000 ____D C:\Users\thedi\AppData\Local\Packages
2015-12-16 21:33 - 2016-01-03 04:49 - 00000000 ____D C:\Users\thedi\AppData\Roaming\Adobe
2015-12-16 21:33 - 2015-12-30 06:39 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-12-16 21:33 - 2015-12-27 12:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-16 21:33 - 2015-12-19 02:23 - 00000000 ____D C:\Users\thedi\AppData\Local\VirtualStore
2015-12-16 21:33 - 2015-12-16 21:33 - 10919784 _____ C:\WINDOWS\SysWOW64\LogiDPP.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 10919784 _____ C:\WINDOWS\system32\LogiDPP.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 04758176 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvuvc64.sys
2015-12-16 21:33 - 2015-12-16 21:33 - 00768288 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUI64.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00560416 _____ (Logitech Inc.) C:\WINDOWS\system32\LVUIRC64.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00542568 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00538472 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\LVUI2RC.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00351520 _____ (Logitech Inc.) C:\WINDOWS\system32\Drivers\lvrs64.sys
2015-12-16 21:33 - 2015-12-16 21:33 - 00336232 _____ C:\WINDOWS\SysWOW64\DevManagerCore.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00336232 _____ C:\WINDOWS\system32\DevManagerCore.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00305000 _____ (Logitech Inc.) C:\WINDOWS\SysWOW64\lvcodec2.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00266828 _____ C:\WINDOWS\system32\Drivers\LVAFT.cfg
2015-12-16 21:33 - 2015-12-16 21:33 - 00262432 _____ (Logitech Inc.) C:\WINDOWS\system32\lvco1380853.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00175392 _____ (Logitech Inc.) C:\WINDOWS\system32\lvcod64.dll
2015-12-16 21:33 - 2015-12-16 21:33 - 00103272 _____ C:\WINDOWS\SysWOW64\LogiDPPApp.exe
2015-12-16 21:33 - 2015-12-16 21:33 - 00103272 _____ C:\WINDOWS\system32\LogiDPPApp.exe
2015-12-16 21:33 - 2015-12-16 21:33 - 00040398 _____ C:\WINDOWS\system32\Repository.reg
2015-12-16 21:33 - 2015-12-16 21:33 - 00029494 _____ C:\WINDOWS\system32\lvcoin64.ini
2015-12-16 21:33 - 2015-12-16 21:33 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-BCA0LPH_defaultuser0_HistoryPrediction.bin
2015-12-16 21:33 - 2015-12-16 21:33 - 00000000 ____D C:\Users\thedi\AppData\Local\TileDataLayer
2015-12-16 21:27 - 2016-01-05 20:04 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-16 21:26 - 2016-01-05 20:01 - 00720878 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2015-12-16 21:26 - 2015-12-16 21:26 - 00000000 ____D C:\WINDOWS\tbaseregistry
2015-12-16 21:26 - 2015-12-16 21:26 - 00000000 ____D C:\ProgramData\USOShared
2015-12-16 21:26 - 2015-12-16 20:59 - 00424448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEShims.dll
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Videos
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Pictures
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Users\Default.migrated\Documents\My Music
2015-12-16 21:25 - 2015-12-16 21:25 - 00000000 _SHDL C:\Documents and Settings
2015-12-16 21:18 - 2015-12-16 21:18 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-16 21:17 - 2015-12-16 21:17 - 00000000 _____ C:\Recovery.txt
2015-12-16 21:02 - 2015-12-16 21:02 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2015-12-16 21:02 - 2015-12-16 21:02 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-12-16 21:02 - 2015-12-16 21:00 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-12-16 21:02 - 2015-12-16 21:00 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-12-16 21:02 - 2015-12-16 21:00 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-12-16 21:02 - 2015-12-16 21:00 - 00000219 _____ C:\WINDOWS\system.ini
2015-12-16 21:02 - 2015-12-16 21:00 - 00000092 _____ C:\WINDOWS\win.ini
2015-12-16 20:43 - 2015-12-27 06:46 - 00000000 ____D C:\Users\Default.migrated
2015-12-16 20:34 - 2015-12-16 21:17 - 00000000 ___HD C:\$SysReset
2015-12-16 15:44 - 2015-10-09 00:16 - 503647831 _____ C:\Users\thedi\Desktop\job 1_20151001_140507.mp4
2015-12-16 15:26 - 2015-10-09 00:17 - 43845249 _____ C:\Users\thedi\Desktop\10-8 7-30 am _20151008_072927.mp4
2015-12-16 13:27 - 2015-12-16 13:27 - 00000000 ____D C:\Users\thedi\Desktop\QuickBooks 2015
2015-12-10 09:27 - 2015-12-10 09:27 - 00041720 _____ (USBPcap) C:\WINDOWS\system32\Drivers\USBPcap.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-05 21:23 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2016-01-05 20:37 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-05 20:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-05 20:04 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-05 12:32 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-04 05:44 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-02 17:40 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 03:30 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-29 03:30 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-29 03:30 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-28 20:16 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-28 04:59 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-27 16:17 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-27 13:04 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-27 12:47 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-27 12:47 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-27 12:47 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-27 06:55 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-27 06:53 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-27 06:53 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-27 06:50 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-27 06:45 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-27 06:45 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-27 06:45 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-27 06:45 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-27 06:45 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-27 06:43 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-27 06:38 - 2015-10-30 01:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-27 06:36 - 2015-10-29 23:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-27 06:34 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-27 06:34 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-27 06:34 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-27 06:34 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-27 06:15 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== Files in the root of some directories =======
 
2015-12-18 05:55 - 2015-12-18 05:55 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-12-27 20:59 - 2015-12-30 01:21 - 0000033 _____ () C:\Users\thedi\AppData\Roaming\AdobeWLCMCache.dat
2015-12-21 04:09 - 2015-12-21 04:09 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\thedi\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-27 06:37
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by thedi (2016-01-05 21:24:21)
Running from C:\Users\thedi\Downloads
Windows 10 Home (X64) (2015-12-27 14:55:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3090308167-3704022509-3444710303-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3090308167-3704022509-3444710303-503 - Limited - Disabled)
Guest (S-1-5-21-3090308167-3704022509-3444710303-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3090308167-3704022509-3444710303-1003 - Limited - Enabled)
Shaly (S-1-5-21-3090308167-3704022509-3444710303-1005 - Limited - Enabled)
shays (S-1-5-21-3090308167-3704022509-3444710303-1004 - Limited - Enabled)
thedi (S-1-5-21-3090308167-3704022509-3444710303-1001 - Administrator - Enabled) => C:\Users\thedi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.2.187 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_0) (Version: 19.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.1 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.275.0 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cool Cat Casino (HKLM-x32\...\{0f6a4080-a890-4d08-873f-ca211f828a6c}) (Version: 15.12.0-RTG - RealTimeGaming Software)
Desktop Lightning (HKLM-x32\...\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1) (Version: 2.14 - UNKNOWN)
Desktop Lightning (x32 Version: 2.14 - UNKNOWN) Hidden
Digital DJ (HKLM-x32\...\Digital DJ) (Version: 2.0 - MAGIX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
SketchList 3D Pro v4 (HKLM-x32\...\{4EB795D7-D694-4FAA-A2AB-66F0EFBEA4B3}) (Version: 4.0.3675 - SketchList 3D Pro)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.1.0 - Tweaking.com)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.7.46 - Webroot)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.797 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-534D7DE30DE7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\thedi\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {028E0772-9891-4E03-B32A-E30B03058114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {0CF664DA-E02E-4761-968E-D73EB8B1C6D5} - System32\Tasks\HPCeeScheduleForthedi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0F897FE8-5C68-4648-B2CA-771FFF234F15} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-thedizzle33@live.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {18CD57E2-3F2C-452D-9E5E-4BD8101BEE7F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {1CD0D2E1-1662-4165-B7F2-285C70F2973D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {22BFA7FE-AEA0-4EE9-AB78-4C422C0F1701} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {2DBCE9D3-D1D0-4030-9838-4C8E56B68143} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {35AF2A61-6F30-4944-8681-0C3BE5A6FD11} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {3938F10F-C905-45AA-822F-79A474496718} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3DDEFB26-614A-48BE-A842-C87F48FB8EB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {48E82782-166B-4532-9619-778C5999BA62} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {4FBC164F-2588-40E8-9606-1F225023031D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {5DA56AC4-7BFC-4350-9093-466713035798} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {7D5660D8-24BE-4FC8-9872-9772021DC9F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BDE80118-7D8C-4E2D-B7B0-5B2A4607ED62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {DA74F677-D92A-4BC7-B64F-70847C3B3FD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-12-03] (HP Inc.)
Task: {E1C96D91-56AA-449F-A1B7-6415051BC365} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {EE864CA2-2829-457D-9FFC-9EC4C67FD22A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {F6310CFA-E048-42A2-B6F4-5F6AFB696C53} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForthedi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-27 16:10 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-27 06:33 - 2015-12-27 06:33 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-12-27 16:14 - 2015-12-27 16:14 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-27 16:25 - 2015-12-27 16:25 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-12-27 13:22 - 2015-12-27 13:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-27 14:55 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-27 14:55 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-27 14:55 - 2015-12-06 19:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-27 14:55 - 2015-12-06 19:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-27 14:55 - 2015-12-06 19:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-27 14:55 - 2015-12-06 19:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 01:37 - 2015-12-17 01:37 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-17 01:37 - 2015-12-17 01:37 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-12-17 01:37 - 2015-12-17 01:37 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-27 13:22 - 2015-12-27 13:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-27 13:22 - 2015-12-27 13:22 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-16 23:41 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 23:41 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxldefnplfh
AlternateDataStreams: C:\Users\thedi\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71183567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71183567.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-16 21:02 - 2015-12-16 21:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thedi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 76.14.96.13 - 76.14.96.14
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\StartupApproved\StartupFolder: => "Desktop Lightning.lnk"
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\StartupApproved\Run: => "HP Officejet Pro 8610 (NET)"
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{0AA70CD5-2B2E-4354-B7B8-A22A4E52AB32}C:\program files\hp\hp officejet pro 8610\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8610\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{6FFDF503-4212-4955-91D9-96A37C0494EF}C:\program files\hp\hp officejet pro 8610\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet pro 8610\bin\hpnetworkcommunicatorcom.exe
 
==================== Restore Points =========================
 
27-12-2015 16:42:57 Zemana AntiMalware 12/27/2015 4:42:43 PM
27-12-2015 16:55:01 JRT Pre-Junkware Removal
28-12-2015 20:38:23 Zemana AntiMalware 12/28/2015 8:38:18 PM
31-12-2015 01:05:38 Installed iTunes
03-01-2016 03:57:48 Windows Update
03-01-2016 05:47:44 JRT Pre-Junkware Removal
05-01-2016 21:14:30 Removed Lincoln Casino.
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2016 09:14:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/05/2016 08:27:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5676) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/05/2016 08:27:23 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5676) testing: An attempt to open the file "C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/05/2016 07:52:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (444) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/05/2016 07:52:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (444) testing: An attempt to open the file "C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/05/2016 01:38:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (3872) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/05/2016 01:38:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (3872) WebCacheLocal: An attempt to open the file "C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/05/2016 01:38:08 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (3872) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error: (01/05/2016 01:38:08 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (3872) WebCacheLocal: An attempt to open the file "C:\Users\thedi\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/04/2016 08:34:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (01/05/2016 08:28:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/05/2016 08:26:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BCA0LPH)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DESKTOP-BCA0LPHthediS-1-5-21-3090308167-3704022509-3444710303-1001LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-01-05 21:06:26.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:26.560
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\aadcloudap.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:13.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:13.065
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\DmNotificationBroker.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.986
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\DsmUserTask.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.586
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\EditionUpgradeManagerObj.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.566
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\edpauditapi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\edpauditapi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-05 21:06:04.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 24%
Total physical RAM: 11188.85 MB
Available physical RAM: 8423.9 MB
Total Virtual: 11892.85 MB
Available Virtual: 8742.09 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1845.2 GB) (Free:1652.85 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:15.89 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (MAGIX DigitalDJ2) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F0A48D62)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 09 January 2016 - 10:24 AM

Greetings abeattie3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Could you provide more detailed information regarding your symptoms.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-534D7DE30DE7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxldefnplfh
AlternateDataStreams: C:\Users\thedi\.DS_Store:AFP_AfpInfo
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Description of symptoms
  • Fixlog
  • System Summary Information

Edited by Oh My!, 09 January 2016 - 10:24 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 09 January 2016 - 06:26 PM

Gary Im Bert.  

 

So I ran everything that you said but I should tell you that before I got your response the computer froze at the login screen and the password was changed.  It would not hook up to the internet either.  While trying to get it on it became unresponsive and had to be recovered.  However the same problem seems to be back.  There is what looks like a command prompt screen right before the  windows screen  when logging in.  The password works as of now but that is what happened last time.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Demo (2016-01-09 15:03:52) Run:1
Running from C:\Users\Demo\Desktop
Loaded Profiles: Demo (Available Profiles: Demo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-534D7DE30DE7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:vnhwfkolvwxldefnplfh
AlternateDataStreams: C:\Users\thedi\.DS_Store:AFP_AfpInfo
*****************
 
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-3090308167-3704022509-3444710303-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-534D7DE30DE7} => key not found. 
"C:\ProgramData\Reprise" => ":vnhwfkolvwxldefnplfh" ADS not found.
"C:\Users\thedi\.DS_Store" => ":AFP_AfpInfo" ADS not found.
 
==== End of Fixlog 15:03:52 ====

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 09 January 2016 - 06:42 PM

Hi Bert,

Did you happen to run the Fixlist twice?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 09 January 2016 - 06:43 PM

Oh and I also forgot to tell you I tried to upgrade to windows 10 and it gave me this error code and message 0xC1900101-0X20017

THIS INSTALLATION FAILED IN THE SAFE_OS PHASE


Edited by abeattie3, 09 January 2016 - 06:49 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 09 January 2016 - 06:54 PM

You might have missed this:

Did you happen to run the Fixlist twice?


Do you recall the date you attempted to update to Windows 10?

When you say shut downs does it actually shut down or just freeze?

Edited by Oh My!, 09 January 2016 - 07:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 09 January 2016 - 07:23 PM

No I only ran the fixlist one time but I saved it as fixlog the first time and then ran it and it didnt find a fixlist so I reread it and caught the error and then ran the fixlist again and the update that we tried to do was today before I checked  the site.  I forgot and just clicked it Sorry it wont happen again gary.  It shuts completely off and then restarts.  I know how it sounds but it is like someone is doing it remotely because it tends to happen at the very end of various downloads or updates Ie, when I was restoring my ipad mini it shut of twice at the very end of the restore process.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 09 January 2016 - 07:38 PM

No problem Bert, thanks.

There are a lot of recent errors in the System Summary report and it may be due to the failed Windows Update. I would like to try to restore your computer back to the last successful Windows Update.

I will be away from my computer after this post for probably 3 hours or so.

Please attempt this.

===================================================

Reverting to Previous System Restore Point - Windows 10

--------------------
  • Click the Windows Key + S at the same time
  • Type Recovery then Select Recovery Control Panel
  • Click Open System Restore
  • Select the Restore Point dated 03-01-2016 03:57:48 Windows Update
  • Click Next, then Finish
  • Allow the process to complete and your computer will reboot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did your system restore
  • Please describe your computer behavior now

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 09 January 2016 - 11:54 PM

Gary,

 

I have no restore points on my computer.  What should I do?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 10 January 2016 - 03:07 PM

In the System Restore Window select the Show more restore points box and see if any are listed.

Does your computer shut down or restart itself, like in a loop?


Edited by Oh My!, 10 January 2016 - 03:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 10 January 2016 - 03:37 PM

It just shuts down.  There are no points the Sys restore was off.  Just now all kind of files and stuff downloaded.  and I can hear like an echo of someone talking in my computer.  It is probably just the fans but there has been persistent evidence of an intrusion of some type.  



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 10 January 2016 - 03:46 PM

Thanks for the information.

Please do these things for me.

===================================================

Core Temp

--------------------

NOTE: Many antivirus programs will flag this as malicious software but it is not. It can be safely downloaded and launched.
  • Disable your AntiVirus and AntiSpyware applications. Sometimes you can simply select that option after right clicking on the System Tray Program icon on the lower right corner of the screen
  • Please download Core Temp and save it to your desktop
  • If you receive a warning the file is malicious you can ignore the warning and download the file anyway
  • Unzip the folder onto your Desktop
  • Double click the unzipped folder then double click Core Temp.exe
  • Monitor the core temperature both at computer idle and while stressing your computer by launching videos, multiple programs, and high demand programs all at the same time
  • Please report the readings and especially the readings if your computer freezes or shuts down
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Core Temp results
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 11 January 2016 - 02:10 AM

So the core temp results were pretty good.  I ran every single video I could I got up to 20 I think plus games and other heavy use program and the temp got up to 38 Degrees with the load as high 100% but it never froze or shut down.  There is a screen shot of the high point below the other log

 

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda (SATA 3Gb/s, 4K Sectors)
Device Model:     ST2000DM001-1ER164
Serial Number:    Z4Z1J9RM
LU WWN Device Id: 5 000c50 079d59817
Firmware Version: HP51
User Capacity:    2,000,398,934,016 bytes [2.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ACS-2 (unknown minor revision code: 0x001f)
Local Time is:    Sun Jan 10 22:57:02 2016 PST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (   89) seconds.
Offline data collection
capabilities: (0x53) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 221) minutes.
SCT capabilities:       (0x103f) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   112   099   006    Pre-fail  Always       -       47726248
  3 Spin_Up_Time            0x0023   097   096   000    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   100   100   020    Old_age   Always       -       385
  5 Reallocated_Sector_Ct   0x0033   100   100   010    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002f   081   060   030    Pre-fail  Always       -       130316890
  9 Power_On_Hours          0x0032   095   095   000    Old_age   Always       -       5006
 10 Spin_Retry_Count        0x0033   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   020    Old_age   Always       -       358
180 Unused_Rsvd_Blk_Cnt_Tot 0x002a   100   100   000    Old_age   Always       -       868951707
183 Runtime_Bad_Block       0x0032   100   100   000    Old_age   Always       -       0
184 End-to-End_Error        0x0033   100   100   097    Pre-fail  Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
188 Command_Timeout         0x0032   100   099   000    Old_age   Always       -       3
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   072   054   045    Old_age   Always       -       28 (Min/Max 26/28)
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       -       0
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       91
193 Load_Cycle_Count        0x0032   097   097   000    Old_age   Always       -       7583
194 Temperature_Celsius     0x0022   028   046   000    Old_age   Always       -       28 (0 15 0 0 0)
196 Reallocated_Event_Count 0x0032   100   100   036    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      5006         -
# 2  Short offline       Completed without error       00%      4957         -
# 3  Short offline       Interrupted (host reset)      70%      4957         -
# 4  Short offline       Completed without error       00%      4904         -
# 5  Short offline       Completed without error       00%      4841         -
# 6  Short offline       Completed without error       00%      4760         -
# 7  Short offline       Completed without error       00%      4626         -
# 8  Short offline       Completed without error       00%      4538         -
# 9  Short offline       Completed without error       00%      4372         -
#10  Short offline       Completed without error       00%      4317         -
#11  Short offline       Completed without error       00%      4177         -
#12  Short offline       Completed without error       00%      2782         -
#13  Short offline       Completed without error       00%      2775         -
#14  Short offline       Interrupted (host reset)      10%      2775         -
#15  Short offline       Completed without error       00%      2677         -
#16  Short offline       Completed without error       00%      2623         -
#17  Short offline       Completed without error       00%      2524         -
#18  Short offline       Completed without error       00%      2465         -
#19  Extended offline    Interrupted (host reset)      90%         2         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
Untitled.png


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:40 AM

Posted 11 January 2016 - 10:10 AM

Thank you, those reports look good.

Does the computer just quit and go dark immediately or do you get a screen telling you the system is shutting down?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 11 January 2016 - 10:48 AM

It just went dark immediately each time as if it was unplugged or you held the power button down.  I was battling with "the hacker" yesterday and in turn I decided to look at the firewall and I started to disable and block connections and I noticed one rule that said remote computer shutdown.  Would that do that.  I am still getting the flash of the cmd propmt as well before startup






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users