I'm running Windows 8.1 64bit with Windows Defender. Over the past couple weeks I notice the computer is slightly slower than normal, my adblocker doesn't seem to work as well, and programs such as Adobe Reader occasionally freeze (this never used to happen). Windows Defender popped up twice and said it detected Win32/Hadsruda!bit and I delted both of them. I then ran a full scan and found BroswerModifier:Win32/Diplugem. I deleted it.
Solved Unusual behaviour and virus detected
- Thread starter Jskid
- Start date
Here is the first part of FRST.txt
Ran by Josh (administrator) on WHITEKNIGHT (09-12-2015 22:50:56)
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
() C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\pia_manager\pia_manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\bin\rubyw.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2014-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-07-23]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F3CE8913-4601-457B-8EF0-175D642D59EB}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: KESIReaderBHO Class -> {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} -> C:\Program Files (x86)\Kurzweil Educational Systems\Common Files\KESIReaderIE.dll [2014-06-03] (TODO: <Company name>)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter-x32: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1506505283-487300969-3346399363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Josh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-28] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com [2015-12-03] [not signed]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-04]
FF Extension: Canadian English Dictionary - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\en-CA@dictionaries.addons.mozilla.org [2015-08-22]
FF Extension: Ghostery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\firefox@ghostery.com.xpi [2015-11-05]
FF Extension: Smart Middle Click - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\SmartMiddleClick@spiers.xpi [2015-03-24] [not signed]
FF Extension: KESI Reader - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{0B37872F-D59F-4b47-B2FD-F37E3F979437} [2015-03-06] [not signed]
FF Extension: uBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05]
FF Extension: Facebook Message Seen Disable - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi [2015-11-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-13] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [590416 2015-09-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-08-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-05-18] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-18] (Razer Inc)
R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2014-11-03] (Sony Ericsson Mobile Communications)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [194904 2015-10-06] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-07-23] (Basil Projects)
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Ran by Josh (administrator) on WHITEKNIGHT (09-12-2015 22:50:56)
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
() C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\pia_manager\pia_manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\bin\rubyw.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2014-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-07-23]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F3CE8913-4601-457B-8EF0-175D642D59EB}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: KESIReaderBHO Class -> {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} -> C:\Program Files (x86)\Kurzweil Educational Systems\Common Files\KESIReaderIE.dll [2014-06-03] (TODO: <Company name>)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter-x32: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1506505283-487300969-3346399363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Josh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-28] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com [2015-12-03] [not signed]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-04]
FF Extension: Canadian English Dictionary - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\en-CA@dictionaries.addons.mozilla.org [2015-08-22]
FF Extension: Ghostery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\firefox@ghostery.com.xpi [2015-11-05]
FF Extension: Smart Middle Click - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\SmartMiddleClick@spiers.xpi [2015-03-24] [not signed]
FF Extension: KESI Reader - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{0B37872F-D59F-4b47-B2FD-F37E3F979437} [2015-03-06] [not signed]
FF Extension: uBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05]
FF Extension: Facebook Message Seen Disable - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi [2015-11-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-13] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [590416 2015-09-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-08-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-05-18] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-18] (Razer Inc)
R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2014-11-03] (Sony Ericsson Mobile Communications)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [194904 2015-10-06] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-07-23] (Basil Projects)
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Second part of FRST.txt
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2015-12-09 22:51 - 00024404 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-09 22:50 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-26 00:07 - 2015-11-26 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-10 17:56 - 2015-11-10 17:56 - 00194976 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00117768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 22:50 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 22:45 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-09 22:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-09 19:59 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:59 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 19:53 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-09 19:53 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-09 19:53 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-09 19:53 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-09 19:53 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 19:52 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-09 19:20 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-09 18:35 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 02:00 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-09 01:53 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 20:25 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:44 - 2014-07-23 20:54 - 00028014 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-28 19:55 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-26 00:07 - 2015-04-22 23:50 - 00000983 _____ C:\Users\Public\Desktop\DriverEasy.lnk
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-13 18:35 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-10 17:56 - 2015-11-02 21:05 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-11-10 17:56 - 2015-11-02 21:05 - 00138904 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 14:01
==================== End of FRST.txt ============================
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2015-12-09 22:51 - 00024404 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-09 22:50 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-26 00:07 - 2015-11-26 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-10 17:56 - 2015-11-10 17:56 - 00194976 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00117768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 22:50 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 22:45 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-09 22:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-09 19:59 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:59 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 19:53 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-09 19:53 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-09 19:53 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-09 19:53 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-09 19:53 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 19:52 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-09 19:20 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-09 18:35 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 02:00 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-09 01:53 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 20:25 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:44 - 2014-07-23 20:54 - 00028014 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-28 19:55 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-26 00:07 - 2015-04-22 23:50 - 00000983 _____ C:\Users\Public\Desktop\DriverEasy.lnk
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-13 18:35 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-10 17:56 - 2015-11-02 21:05 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-11-10 17:56 - 2015-11-02 21:05 - 00138904 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 14:01
==================== End of FRST.txt ============================
Last edited:
Here is addition.txt
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2015-12-09 22:51 - 00024404 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-09 22:50 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-26 00:07 - 2015-11-26 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-10 17:56 - 2015-11-10 17:56 - 00194976 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00117768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 22:50 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 22:45 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-09 22:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-09 19:59 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:59 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 19:53 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-09 19:53 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-09 19:53 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-09 19:53 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-09 19:53 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 19:52 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-09 19:20 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-09 18:35 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 02:00 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-09 01:53 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 20:25 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:44 - 2014-07-23 20:54 - 00028014 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-28 19:55 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-26 00:07 - 2015-04-22 23:50 - 00000983 _____ C:\Users\Public\Desktop\DriverEasy.lnk
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-13 18:35 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-10 17:56 - 2015-11-02 21:05 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-11-10 17:56 - 2015-11-02 21:05 - 00138904 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 14:01
==================== End of FRST.txt ============================
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2015-12-09 22:51 - 00024404 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-09 22:50 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-26 00:07 - 2015-11-26 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-10 17:56 - 2015-11-10 17:56 - 00194976 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2015-11-10 17:56 - 2015-11-10 17:56 - 00117768 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-09 22:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 22:50 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 22:45 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-09 22:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-09 19:59 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:59 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-09 19:53 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-09 19:53 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-09 19:53 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-09 19:53 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-09 19:53 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 19:52 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-09 19:20 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-09 18:35 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 02:00 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-09 01:53 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 20:25 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:44 - 2014-07-23 20:54 - 00028014 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-28 19:55 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-26 00:07 - 2015-04-22 23:50 - 00000983 _____ C:\Users\Public\Desktop\DriverEasy.lnk
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-13 18:35 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-10 17:56 - 2015-11-02 21:05 - 00964928 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-11-10 17:56 - 2015-11-02 21:05 - 00138904 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-30 14:01
==================== End of FRST.txt ============================
Last edited:
Broni
Posts: 56,041 +516
Please, observe following rules:
====================================
I still need Addition.txt log from FRST.
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
====================================
I still need Addition.txt log from FRST.
Sorry I thought I had, here is Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Josh (2015-12-09 22:51:23)
Running from C:\Users\Josh\Desktop
Windows 8.1 Pro (X64) (2014-07-24 04:41:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1506505283-487300969-3346399363-500 - Administrator - Disabled)
Guest (S-1-5-21-1506505283-487300969-3346399363-501 - Limited - Disabled)
Josh (S-1-5-21-1506505283-487300969-3346399363-1001 - Administrator - Enabled) => C:\Users\Josh
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acapela North And South American Voices (HKLM-x32\...\{2E424B29-041D-4F1F-A532-A3168CB7D0D8}) (Version: 1.00.0000 - Kurzweil Educational Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Amazon Kindle) (Version: - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
DriverEasy 4.9.6 (HKLM\...\DriverEasy_is1) (Version: 4.9.6.0 - Easeware)
Edimax AC1200 Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - Edimax Technology Co.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
GitHub (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.9.0 - GitHub, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kurzweil 3000 v.14 (HKLM-x32\...\{B66BF8FD-4E4D-41B3-9AE6-CA8E725210CF}) (Version: 14.00.0000 - Kurzweil Educational Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MathPlayer (HKLM-x32\...\{32F66A20-7614-11D4-BD11-00104BD3F987}) (Version: 2.2 - Design Science, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 3.5.0b4 (32-bit) (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\{663d017d-5c95-41a5-ae68-77af43c04014}) (Version: 3.5.114.0 - Python Software Foundation)
Python 3.5.0b4 Add to Path (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Core Interpreter (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Development Libraries (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Executables (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Launcher (32-bit) (x32 Version: 3.5.113.0 - Python Software Foundation) Hidden
Python 3.5.0b4 pip Bootstrap (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Standard Library (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Test Suite (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Utility Scripts (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Simple DNSCrypt (HKLM-x32\...\{D59CEE5A-645E-44B0-B0BF-39255AB84C56}) (Version: 0.2.7 - bitbeans)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Tixati (HKLM-x32\...\tixati) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.15 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM\...\{4E3CD3D0-7F82-4B44-A3D9-A4000522B529}) (Version: 12.1.0 - VMware, Inc.)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-12-2015 19:45:13 Scheduled Checkpoint
08-12-2015 00:26:55 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-07-05 13:03 - 00001059 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 localhost
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Josh (2015-12-09 22:51:23)
Running from C:\Users\Josh\Desktop
Windows 8.1 Pro (X64) (2014-07-24 04:41:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1506505283-487300969-3346399363-500 - Administrator - Disabled)
Guest (S-1-5-21-1506505283-487300969-3346399363-501 - Limited - Disabled)
Josh (S-1-5-21-1506505283-487300969-3346399363-1001 - Administrator - Enabled) => C:\Users\Josh
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acapela North And South American Voices (HKLM-x32\...\{2E424B29-041D-4F1F-A532-A3168CB7D0D8}) (Version: 1.00.0000 - Kurzweil Educational Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Amazon Kindle) (Version: - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
DriverEasy 4.9.6 (HKLM\...\DriverEasy_is1) (Version: 4.9.6.0 - Easeware)
Edimax AC1200 Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - Edimax Technology Co.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
GitHub (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.9.0 - GitHub, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kurzweil 3000 v.14 (HKLM-x32\...\{B66BF8FD-4E4D-41B3-9AE6-CA8E725210CF}) (Version: 14.00.0000 - Kurzweil Educational Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MathPlayer (HKLM-x32\...\{32F66A20-7614-11D4-BD11-00104BD3F987}) (Version: 2.2 - Design Science, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 3.5.0b4 (32-bit) (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\{663d017d-5c95-41a5-ae68-77af43c04014}) (Version: 3.5.114.0 - Python Software Foundation)
Python 3.5.0b4 Add to Path (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Core Interpreter (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Development Libraries (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Executables (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Launcher (32-bit) (x32 Version: 3.5.113.0 - Python Software Foundation) Hidden
Python 3.5.0b4 pip Bootstrap (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Standard Library (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Test Suite (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Utility Scripts (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Simple DNSCrypt (HKLM-x32\...\{D59CEE5A-645E-44B0-B0BF-39255AB84C56}) (Version: 0.2.7 - bitbeans)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Tixati (HKLM-x32\...\tixati) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.15 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM\...\{4E3CD3D0-7F82-4B44-A3D9-A4000522B529}) (Version: 12.1.0 - VMware, Inc.)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-12-2015 19:45:13 Scheduled Checkpoint
08-12-2015 00:26:55 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-07-05 13:03 - 00001059 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 localhost
==================== End of Addition.txt ============================
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FAA4B06-CE8F-40A7-8B89-D65D0B141BEB} - System32\Tasks\AdobeAAMUpdater-1.0-WhiteKnight-Josh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2AAA147B-6B4A-4E9E-A42D-BC64FF14014C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2CE86CC8-4DDA-46BC-B8DD-FEC71CDDE4A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {2D9655CB-F736-4522-B4D0-F3E4E2AE7F43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {382C49D8-4111-4D81-B91D-AC924F60CC51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {526C51A6-36D2-4BA3-B28A-F08B7EF251D8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {A2C735BF-87E9-4D3B-A82A-6D0D654F356E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {AD073A98-9F4C-4B35-BFE8-E811B006C22A} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-10-27] (Easeware)
Task: {BA3679C9-340A-4F46-9AB3-9DF53001AFD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BBF52BDE-88BC-43DC-87E9-4C665F76C826} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CED7C50C-C391-4E40-92AE-5EA13023B991} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D129964E-8EE4-4365-ADED-711EA4FD8527} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {F5482DA6-AA50-4353-B965-89E1A22859C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-07-23 21:11 - 2015-11-24 10:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00590416 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2015-04-07 00:00 - 2014-01-16 15:19 - 00044104 _____ () C:\Windows\runSW.exe
2014-07-23 20:50 - 2008-06-26 15:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2015-04-07 00:00 - 2013-05-07 14:06 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
2015-02-23 12:05 - 2014-06-03 22:17 - 00070480 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KVPPlugIns.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 12:13 - 2015-04-15 12:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00445080 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-13.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00125928 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-03-30 13:12 - 2015-11-12 10:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-09 19:53 - 2015-12-09 19:53 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\src\rgloader\rgloader193.mswin.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\bin\libffi-6.dll
2015-12-09 19:53 - 2015-12-09 19:53 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-09 19:53 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-08 17:35 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\src\rgloader\rgloader193.mswin.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00118784 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00069120 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00083968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\zlib1.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00275968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00015360 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008192 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00023552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00036352 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\libffi-6.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-07-23 20:46 - 2015-12-01 13:52 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-02 23:54 - 2015-12-02 23:54 - 01020928 _____ () C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Wireless Connection Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87218DCD-5BA5-4978-BB9D-55C6B611ACA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7F66F558-C8FC-4D58-87C8-0087B14A39CC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{938756D5-28AC-4AF4-88F3-BE3B8B513020}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B182164D-6AA9-4498-80C5-40ED7FD183D6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C0FB43-CBA2-4C5C-949D-8D6CF298510D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A6E13A13-58E2-4458-9EB8-FF5A0B5FDC0C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{71975F5B-B539-49D5-A337-9DC40FA86982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16BDFA7A-25FA-4D9F-8B39-21AD291AF71B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6F5B3BEA-B07B-46F3-BB74-99D902879C5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{435ECAD6-A665-444D-B7FD-35535A5BF5BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC9654C4-BC8E-486D-BB7B-EC38B9AA1CF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B47BA226-874B-48D4-A62A-70EB7EE7FC9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7D721C9C-B4E7-4A53-BBE3-F37B48ED28D3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BC258D6B-194D-4B3E-A67A-B36E03572500}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{0F046C07-8485-4CAD-A6EA-EBFAA2DD32CD}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{718E3FD9-FBC3-43F4-AA4F-8A6DF71A3EEA}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{53320305-0EEC-4E78-82B0-00D7A03E7E99}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{86ACEF3E-36CC-4562-B068-5A3E29A15AEE}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{A2A360F2-1957-4B65-9DA6-EC09704E31EF}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [UDP Query User{3C2E9E2D-067E-4F0A-B668-1F838765F00B}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [TCP Query User{3B4AB674-1190-4409-8C4B-35EC2BC34DED}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{D1C4B686-DD66-4B9E-916F-D75F32EE1F32}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{36D389F4-BD64-4F55-B10E-525067C679D5}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{51B59B8A-975F-40EC-96CA-0206A1BE55B8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{3F131C05-CE02-4BC5-98B6-8A698D202F97}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{8C7C7877-658B-43D1-95A0-6B9DDACF2859}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{11C54487-B761-4BA2-8EC1-3B22F758DD0C}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{A18EE8D0-AFCD-42BD-BD8E-55BDB47415F8}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{6F7F2889-9FAC-408F-817F-227C95F6761D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D084814-2CA2-45B6-8299-0062ECF5C29B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{92D71732-C3AF-4344-8CC6-0BF683743629}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [UDP Query User{A0C4A57A-198E-4083-8E23-2CB99BE915D9}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [TCP Query User{111599D5-FDC5-421C-B516-D12095A844A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93087213-060D-4D45-A7F3-325DE3FAC9BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F50ADD2-4CF4-417C-9E4E-691B7F69BD88}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56511C0D-C114-4B37-AB36-D1341D830142}] => (Allow) LPort=2869
FirewallRules: [{468F7FA3-CD9D-4656-AACE-8A3C53D24295}] => (Allow) LPort=1900
FirewallRules: [{29B357B1-7ACF-40BA-B076-0FACDEAB17D0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28A84F87-3CEB-4756-8BF7-613E08AE2DFF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{48FC5C2C-130D-45C0-AF13-32060F084841}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{BF5834E0-DDEB-4342-822A-51E64BBBC05B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8B8B6759-80F5-4653-8559-0FDA0097F30B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7A54B1FE-4FB8-4448-A50F-A35B99CB5514}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{440AB108-F7B9-445C-9D19-1A8145952000}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{42640DDB-8DD9-4366-9194-BCEE40FDAD5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{46BE4DCE-912F-494E-ABF7-0CBF74549A79}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{96CABAD9-EC77-494E-8A82-40DF599AC98A}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{281B6EFA-FF89-4347-BA8F-DAA2E059C365}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{D1332989-4EC0-43E1-9307-8EF8B6B7EEBA}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{6DBD3E06-492E-442E-B1B2-61787C74E9D3}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{A5454F5C-B73C-4691-86A6-AAEBEE8C875B}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{CAE4D5AF-0CFE-4F14-9923-CC6A5D5C636D}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{366A35E8-91EE-4FBD-9D6B-1FF944A37028}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{FF09676A-66D8-4B68-855A-00A1C1E18A22}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{2EE53426-4FEC-44F5-AEC7-443BB2DC0043}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B9549C6-86F8-469E-8382-2E1EA0457C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDF3B039-657A-41E4-AEF4-378CCA34F84A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0640961-5A5F-4219-8599-1B6CFB9D285C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4378C9FB-6454-42B4-8AC0-4C22DD415C80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00E19E75-EAB3-4366-B9AA-48D4BE623FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122DC77D-B59D-456B-9556-1A328174B5B6}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{DD54E600-68A6-44D0-BACB-8456ECFF092E}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{E745BCC6-7121-4498-9E48-A910EF141659}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{E3EACF65-0D31-422D-AD5B-C61B03F11086}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{481B88E8-D36B-4BB2-B8E1-663E81239B95}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{43A66DE5-AF83-4823-A3D1-4E64CFAF0F3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EEAEC21-9418-4D76-86A4-95BD42D7F39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E71145D-45D5-44FD-9BEB-1C1F4C2D3790}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1E5C6E6F-DEFE-47CB-99A9-87433895F7B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{13F87D97-A936-4793-A76C-9F3B263B764C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C8BFCE1A-CB8A-417C-9757-FBB56B2F04AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2015 07:53:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffaab180399
Faulting process id: 0x784
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 07:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f94
Start Time: 01d132f9ed3b5d8c
Termination Time: 8
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: f3bdd60c-9eee-11e5-8305-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 01:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff899980399
Faulting process id: 0x814
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 12:28:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware.exe version 12.1.0.2487 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d10
Start Time: 01d132498c023fbb
Termination Time: 60000
Application Path: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Report Id: 6a2263c5-9e4e-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 05:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 584
Start Time: 01d1321c73dce8e1
Termination Time: 9
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: 29d9ef2d-9e10-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 04:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1338
Start Time: 01d132191e7a78a1
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: abc4753c-9e0f-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 12:40:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc2f580399
Faulting process id: 0x53c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/08/2015 12:33:55 AM) (Source: MsiInstaller) (EventID: 11722) (User: WhiteKnight)
Description: Product: Kurzweil 3000 v.14 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action KillHelpToy, location: C:\Windows\Installer\MSI85B0.tmp, command: -k
Error: (12/08/2015 12:29:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007fff875e0399
Faulting process id: 0x5ac
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/08/2015 12:26:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (12/09/2015 07:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (12/09/2015 07:54:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (12/09/2015 07:52:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/09/2015 07:17:57 PM) (Source: DCOM) (EventID: 10010) (User: WhiteKnight)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/09/2015 07:17:27 PM) (Source: DCOM) (EventID: 10010) (User: WhiteKnight)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/09/2015 06:23:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:12:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:11:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:11:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 01:41:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
CodeIntegrity:
===================================
Date: 2015-12-09 22:10:46.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8156.87 MB
Available physical RAM: 5287.76 MB
Total Virtual: 15580.87 MB
Available Virtual: 12584.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.25 GB) (Free:29.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:458.71 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:1862.98 GB) (Free:216.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445F9625)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=209.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0AD132E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FAA4B06-CE8F-40A7-8B89-D65D0B141BEB} - System32\Tasks\AdobeAAMUpdater-1.0-WhiteKnight-Josh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2AAA147B-6B4A-4E9E-A42D-BC64FF14014C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2CE86CC8-4DDA-46BC-B8DD-FEC71CDDE4A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {2D9655CB-F736-4522-B4D0-F3E4E2AE7F43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {382C49D8-4111-4D81-B91D-AC924F60CC51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {526C51A6-36D2-4BA3-B28A-F08B7EF251D8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {A2C735BF-87E9-4D3B-A82A-6D0D654F356E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {AD073A98-9F4C-4B35-BFE8-E811B006C22A} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-10-27] (Easeware)
Task: {BA3679C9-340A-4F46-9AB3-9DF53001AFD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BBF52BDE-88BC-43DC-87E9-4C665F76C826} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CED7C50C-C391-4E40-92AE-5EA13023B991} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D129964E-8EE4-4365-ADED-711EA4FD8527} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {F5482DA6-AA50-4353-B965-89E1A22859C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-07-23 21:11 - 2015-11-24 10:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00590416 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2015-04-07 00:00 - 2014-01-16 15:19 - 00044104 _____ () C:\Windows\runSW.exe
2014-07-23 20:50 - 2008-06-26 15:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2015-04-07 00:00 - 2013-05-07 14:06 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
2015-02-23 12:05 - 2014-06-03 22:17 - 00070480 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KVPPlugIns.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 12:13 - 2015-04-15 12:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00445080 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-13.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00125928 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-03-30 13:12 - 2015-11-12 10:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-09 19:53 - 2015-12-09 19:53 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\src\rgloader\rgloader193.mswin.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\bin\libffi-6.dll
2015-12-09 19:53 - 2015-12-09 19:53 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-09 19:53 - 2015-12-09 19:53 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-09 19:53 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr48D0.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-08 17:35 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\src\rgloader\rgloader193.mswin.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00118784 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00069120 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00083968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\zlib1.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00275968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00015360 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008192 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00023552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00036352 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\bin\libffi-6.dll
2015-12-09 19:54 - 2015-12-09 19:54 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-09 19:54 - 2015-12-09 19:54 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr9A4C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-07-23 20:46 - 2015-12-01 13:52 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-02 23:54 - 2015-12-02 23:54 - 01020928 _____ () C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Wireless Connection Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87218DCD-5BA5-4978-BB9D-55C6B611ACA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7F66F558-C8FC-4D58-87C8-0087B14A39CC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{938756D5-28AC-4AF4-88F3-BE3B8B513020}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B182164D-6AA9-4498-80C5-40ED7FD183D6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C0FB43-CBA2-4C5C-949D-8D6CF298510D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A6E13A13-58E2-4458-9EB8-FF5A0B5FDC0C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{71975F5B-B539-49D5-A337-9DC40FA86982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16BDFA7A-25FA-4D9F-8B39-21AD291AF71B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6F5B3BEA-B07B-46F3-BB74-99D902879C5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{435ECAD6-A665-444D-B7FD-35535A5BF5BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC9654C4-BC8E-486D-BB7B-EC38B9AA1CF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B47BA226-874B-48D4-A62A-70EB7EE7FC9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7D721C9C-B4E7-4A53-BBE3-F37B48ED28D3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BC258D6B-194D-4B3E-A67A-B36E03572500}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{0F046C07-8485-4CAD-A6EA-EBFAA2DD32CD}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{718E3FD9-FBC3-43F4-AA4F-8A6DF71A3EEA}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{53320305-0EEC-4E78-82B0-00D7A03E7E99}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{86ACEF3E-36CC-4562-B068-5A3E29A15AEE}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{A2A360F2-1957-4B65-9DA6-EC09704E31EF}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [UDP Query User{3C2E9E2D-067E-4F0A-B668-1F838765F00B}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [TCP Query User{3B4AB674-1190-4409-8C4B-35EC2BC34DED}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{D1C4B686-DD66-4B9E-916F-D75F32EE1F32}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{36D389F4-BD64-4F55-B10E-525067C679D5}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{51B59B8A-975F-40EC-96CA-0206A1BE55B8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{3F131C05-CE02-4BC5-98B6-8A698D202F97}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{8C7C7877-658B-43D1-95A0-6B9DDACF2859}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{11C54487-B761-4BA2-8EC1-3B22F758DD0C}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{A18EE8D0-AFCD-42BD-BD8E-55BDB47415F8}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{6F7F2889-9FAC-408F-817F-227C95F6761D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D084814-2CA2-45B6-8299-0062ECF5C29B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{92D71732-C3AF-4344-8CC6-0BF683743629}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [UDP Query User{A0C4A57A-198E-4083-8E23-2CB99BE915D9}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [TCP Query User{111599D5-FDC5-421C-B516-D12095A844A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93087213-060D-4D45-A7F3-325DE3FAC9BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F50ADD2-4CF4-417C-9E4E-691B7F69BD88}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56511C0D-C114-4B37-AB36-D1341D830142}] => (Allow) LPort=2869
FirewallRules: [{468F7FA3-CD9D-4656-AACE-8A3C53D24295}] => (Allow) LPort=1900
FirewallRules: [{29B357B1-7ACF-40BA-B076-0FACDEAB17D0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28A84F87-3CEB-4756-8BF7-613E08AE2DFF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{48FC5C2C-130D-45C0-AF13-32060F084841}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{BF5834E0-DDEB-4342-822A-51E64BBBC05B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8B8B6759-80F5-4653-8559-0FDA0097F30B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7A54B1FE-4FB8-4448-A50F-A35B99CB5514}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{440AB108-F7B9-445C-9D19-1A8145952000}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{42640DDB-8DD9-4366-9194-BCEE40FDAD5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{46BE4DCE-912F-494E-ABF7-0CBF74549A79}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{96CABAD9-EC77-494E-8A82-40DF599AC98A}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{281B6EFA-FF89-4347-BA8F-DAA2E059C365}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{D1332989-4EC0-43E1-9307-8EF8B6B7EEBA}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{6DBD3E06-492E-442E-B1B2-61787C74E9D3}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{A5454F5C-B73C-4691-86A6-AAEBEE8C875B}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{CAE4D5AF-0CFE-4F14-9923-CC6A5D5C636D}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{366A35E8-91EE-4FBD-9D6B-1FF944A37028}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{FF09676A-66D8-4B68-855A-00A1C1E18A22}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{2EE53426-4FEC-44F5-AEC7-443BB2DC0043}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B9549C6-86F8-469E-8382-2E1EA0457C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDF3B039-657A-41E4-AEF4-378CCA34F84A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0640961-5A5F-4219-8599-1B6CFB9D285C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4378C9FB-6454-42B4-8AC0-4C22DD415C80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00E19E75-EAB3-4366-B9AA-48D4BE623FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122DC77D-B59D-456B-9556-1A328174B5B6}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{DD54E600-68A6-44D0-BACB-8456ECFF092E}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{E745BCC6-7121-4498-9E48-A910EF141659}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{E3EACF65-0D31-422D-AD5B-C61B03F11086}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{481B88E8-D36B-4BB2-B8E1-663E81239B95}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{43A66DE5-AF83-4823-A3D1-4E64CFAF0F3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EEAEC21-9418-4D76-86A4-95BD42D7F39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E71145D-45D5-44FD-9BEB-1C1F4C2D3790}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1E5C6E6F-DEFE-47CB-99A9-87433895F7B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{13F87D97-A936-4793-A76C-9F3B263B764C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C8BFCE1A-CB8A-417C-9757-FBB56B2F04AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2015 07:53:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffaab180399
Faulting process id: 0x784
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 07:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f94
Start Time: 01d132f9ed3b5d8c
Termination Time: 8
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: f3bdd60c-9eee-11e5-8305-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 01:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff899980399
Faulting process id: 0x814
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 12:28:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware.exe version 12.1.0.2487 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d10
Start Time: 01d132498c023fbb
Termination Time: 60000
Application Path: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Report Id: 6a2263c5-9e4e-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 05:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 584
Start Time: 01d1321c73dce8e1
Termination Time: 9
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: 29d9ef2d-9e10-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 04:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1338
Start Time: 01d132191e7a78a1
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: abc4753c-9e0f-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 12:40:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc2f580399
Faulting process id: 0x53c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/08/2015 12:33:55 AM) (Source: MsiInstaller) (EventID: 11722) (User: WhiteKnight)
Description: Product: Kurzweil 3000 v.14 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action KillHelpToy, location: C:\Windows\Installer\MSI85B0.tmp, command: -k
Error: (12/08/2015 12:29:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007fff875e0399
Faulting process id: 0x5ac
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/08/2015 12:26:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (12/09/2015 07:55:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (12/09/2015 07:54:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (12/09/2015 07:52:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/09/2015 07:17:57 PM) (Source: DCOM) (EventID: 10010) (User: WhiteKnight)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (12/09/2015 07:17:27 PM) (Source: DCOM) (EventID: 10010) (User: WhiteKnight)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (12/09/2015 06:23:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:12:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:11:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 12:11:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RunSwUSB service.
Error: (12/09/2015 01:41:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
CodeIntegrity:
===================================
Date: 2015-12-09 22:10:46.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8156.87 MB
Available physical RAM: 5287.76 MB
Total Virtual: 15580.87 MB
Available Virtual: 12584.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.25 GB) (Free:29.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:458.71 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:1862.98 GB) (Free:216.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445F9625)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=209.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0AD132E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Broni
Posts: 56,041 +516
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
NOTE. If you already have MBAM 2.0 installed scroll down.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
(Export log to save as txt)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- Attach that saved log to your next reply.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
RogueKiller V11.0.2.0 [Dec 7 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Josh [Administrator]
Started from : C:\Users\Josh\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/10/2015 16:46:42
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 34 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {31264A33-A653-46C4-AF49-1232C59A7DA5} : BS Player ControlBar B Toolbar -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFE (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherAES_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherBlowfish (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherCAST5 (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherCAST6_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherDES (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherMARS_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherRC6_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherSerpent_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherTwofish_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashRIPEMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashSHA (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashTiger (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashWhirlpool (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFE (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherAES_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherBlowfish (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherCAST5 (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherCAST6_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherDES (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherMARS_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherRC6_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherSerpent_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherTwofish_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashRIPEMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashSHA (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashTiger (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashWhirlpool (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys) -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1506505283-487300969-3346399363-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1506505283-487300969-3346399363-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Program Files (x86)\Tbccint -> Deleted
¤¤¤ Hosts File : 7 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 na1r.services.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hlrcv.stage.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lmlicenses.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lm.licenses.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] e95efa44ef6eee6a65c71366de984c80
[BSP] cbb3769eb2a25fd2a061e79916a0d8b8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 214275 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 1fba8da96970598ca6112f0f614093d5
[BSP] a0ad61377eb5810ce3d6d344e2d55ca1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 7a4ec4e08b9c0b7774c61db295f91382
[BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Josh [Administrator]
Started from : C:\Users\Josh\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/10/2015 16:46:42
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 34 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {31264A33-A653-46C4-AF49-1232C59A7DA5} : BS Player ControlBar B Toolbar -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFE (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherAES_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherBlowfish (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherCAST5 (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherCAST6_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherDES (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherMARS_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherRC6_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherSerpent_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFECypherTwofish_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashRIPEMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashSHA (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashTiger (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FreeOTFEHashWhirlpool (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFE (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherAES_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherBlowfish (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherCAST5 (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherCAST6_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherDES (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherMARS_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherRC6_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherSerpent_Gladman (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFECypherTwofish_ltc (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashRIPEMD (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashSHA (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashTiger (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FreeOTFEHashWhirlpool (\??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys) -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1506505283-487300969-3346399363-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1506505283-487300969-3346399363-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Program Files (x86)\Tbccint -> Deleted
¤¤¤ Hosts File : 7 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 na1r.services.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hlrcv.stage.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lmlicenses.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lm.licenses.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] e95efa44ef6eee6a65c71366de984c80
[BSP] cbb3769eb2a25fd2a061e79916a0d8b8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 214275 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 1fba8da96970598ca6112f0f614093d5
[BSP] a0ad61377eb5810ce3d6d344e2d55ca1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 7a4ec4e08b9c0b7774c61db295f91382
[BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2015-12-10
Scan Time: 4:51 PM
Logfile:
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2015.12.10.06
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Josh
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419638
Time Elapsed: 8 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.Conduit, HKLM\SOFTWARE\CLASSES\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13],
PUP.Optional.Conduit, HKU\S-1-5-21-1506505283-487300969-3346399363-1001_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3329621, Quarantined, [ed81049f6922ed49c5e36b0aaf54d12f],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3329621, Quarantined, [3d31c3e0a7e4b680eabeff769f64c43c],
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [72fc6c375b30d660004c81338a79e11f],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Tbccint, Quarantined, [1856841fddae40f620958bead330857b],
PUP.Optional.Conduit, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Tbccint_HKLM, Quarantined, [dd914c573853a39394bb790ec14203fd],
PUP.Optional.PriceGong, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [9bd3dcc7365532044b45dfc9c93a44bc],
Registry Values: 2
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{31264A33-A653-46C4-AF49-1232C59A7DA5}, BS Player ControlBar B Toolbar, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13]
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [58163b684744bc7aafc2d07e6a98d828],
Registry Data: 0
(No malicious items detected)
Folders: 12
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B, Quarantined, [ff6f8a19f19a02346c861891f40ec63a],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Tbccint, Quarantined, [d99562411b707abcfa94a0d38a780bf5],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Tbccint\Community Alerts, Quarantined, [d99562411b707abcfa94a0d38a780bf5],
PUP.Optional.PriceGong, C:\Users\Josh\AppData\LocalLow\PriceGong, Quarantined, [3a343b68553652e45b4c3a57ab57857b],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults\preferences, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
Files: 20
PUP.Optional.ClientConnect, C:\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe, Quarantined, [aec063401e6d71c5d3a2b8092ad654ac],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe, Quarantined, [e38b2d76008b4cea09e02881d8293bc5],
PUP.Optional.RelevantKnowledge, C:\Users\Josh\AppData\Local\Temp\CSMF0C8.tmp, Quarantined, [0668970cf3981620f9bcb9cc24e0c53b],
PUP.Optional.InstallCore, C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe, Quarantined, [f07e356e7219fc3a3ef8a2a05da49d63],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B\tbBS_P.dll, Quarantined, [620c00a35a31e155e88d10b10bf50df3],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\CT3329621.xpi, Quarantined, [135b20832e5d46f0babb8e332dd3c937],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\ctbe.exe, Quarantined, [0965049fa6e564d23200ce5ece32c23e],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\ffLogic.exe, Quarantined, [7fefdac9a0eb50e6ef862e93728e42be],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\ieLogic.exe, Quarantined, [cba36142bfcc83b39adb6e53ea1613ed],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\statisticsStub.exe, Quarantined, [b2bcbde6b9d222142814daed2bd5e41c],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Tbccint\Community Alerts\Alert.dll, Quarantined, [9cd2e7bc9cef4fe73c39546d3ec239c7],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B\cctoolbar.cfg, Quarantined, [ff6f8a19f19a02346c861891f40ec63a],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\configutaion.json, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\SetupIcon.ico, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\setup.ini.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\chromeid.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\tbccint.xml, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\version.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\install.rdf, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults\preferences\defaults.js, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 2015-12-10
Scan Time: 4:51 PM
Logfile:
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2015.12.10.06
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Josh
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419638
Time Elapsed: 8 min, 29 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 8
PUP.Optional.Conduit, HKLM\SOFTWARE\CLASSES\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13],
PUP.Optional.Conduit, HKU\S-1-5-21-1506505283-487300969-3346399363-1001_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3329621, Quarantined, [ed81049f6922ed49c5e36b0aaf54d12f],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3329621, Quarantined, [3d31c3e0a7e4b680eabeff769f64c43c],
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [72fc6c375b30d660004c81338a79e11f],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Tbccint, Quarantined, [1856841fddae40f620958bead330857b],
PUP.Optional.Conduit, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Tbccint_HKLM, Quarantined, [dd914c573853a39394bb790ec14203fd],
PUP.Optional.PriceGong, HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [9bd3dcc7365532044b45dfc9c93a44bc],
Registry Values: 2
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{31264A33-A653-46C4-AF49-1232C59A7DA5}, BS Player ControlBar B Toolbar, Quarantined, [2d41980bed9e75c1abc6e46a62a0ed13]
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarantined, [58163b684744bc7aafc2d07e6a98d828],
Registry Data: 0
(No malicious items detected)
Folders: 12
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B, Quarantined, [ff6f8a19f19a02346c861891f40ec63a],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\IE, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Tbccint, Quarantined, [d99562411b707abcfa94a0d38a780bf5],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Tbccint\Community Alerts, Quarantined, [d99562411b707abcfa94a0d38a780bf5],
PUP.Optional.PriceGong, C:\Users\Josh\AppData\LocalLow\PriceGong, Quarantined, [3a343b68553652e45b4c3a57ab57857b],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults\preferences, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
Files: 20
PUP.Optional.ClientConnect, C:\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe, Quarantined, [aec063401e6d71c5d3a2b8092ad654ac],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\Josh\AppData\Local\Temp\sp-downloader.exe, Quarantined, [e38b2d76008b4cea09e02881d8293bc5],
PUP.Optional.RelevantKnowledge, C:\Users\Josh\AppData\Local\Temp\CSMF0C8.tmp, Quarantined, [0668970cf3981620f9bcb9cc24e0c53b],
PUP.Optional.InstallCore, C:\Users\Josh\AppData\Local\Temp\ICReinstall_WindowsMovieMakerSetup.exe, Quarantined, [f07e356e7219fc3a3ef8a2a05da49d63],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B\tbBS_P.dll, Quarantined, [620c00a35a31e155e88d10b10bf50df3],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\CT3329621.xpi, Quarantined, [135b20832e5d46f0babb8e332dd3c937],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\ctbe.exe, Quarantined, [0965049fa6e564d23200ce5ece32c23e],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\ffLogic.exe, Quarantined, [7fefdac9a0eb50e6ef862e93728e42be],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\ieLogic.exe, Quarantined, [cba36142bfcc83b39adb6e53ea1613ed],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Temp\ct3329621\statisticsStub.exe, Quarantined, [b2bcbde6b9d222142814daed2bd5e41c],
PUP.Optional.ClientConnect, C:\Users\Josh\AppData\Local\Tbccint\Community Alerts\Alert.dll, Quarantined, [9cd2e7bc9cef4fe73c39546d3ec239c7],
PUP.Optional.ConduitTB.Gen, C:\Users\Josh\AppData\Local\Temp\BS_Player_ControlBar_B\cctoolbar.cfg, Quarantined, [ff6f8a19f19a02346c861891f40ec63a],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\configutaion.json, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.ConduitTB.Gen, C:\ProgramData\Tbccint\Multi\CT3329621\SetupIcon.ico, Quarantined, [93db990accbf42f4286579fa2ad843bd],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\setup.ini.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\chromeid.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\tbccint.xml, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\version.txt, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\install.rdf, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
PUP.Optional.Conduit, C:\Users\Josh\AppData\Local\Temp\ct3329621\xpi\defaults\preferences\defaults.js, Quarantined, [3a34a7fc2e5d31053570abfcda2af40c],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v5.024 - Logfile created 10/12/2015 at 17:09:25
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Josh - WHITEKNIGHT
# Running from : C:\Users\Josh\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Service KMSELDI
***** [ Folders ] *****
[x] Folder Not Deleted : C:\Program Files\kmspico
[-] Folder Deleted : C:\Program Files\Easeware
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[-] Folder Deleted : C:\Users\Josh\AppData\LocalLow\Tbccint
[-] Folder Deleted : C:\Users\Josh\AppData\Roaming\Easeware
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : DriverEasy Scheduled Scan
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
***** [ Web browsers ] *****
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.FF19Solved", "true");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.UserID", "UN40248103522008029");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.dum", "2");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.fullUserID", "UN40248103522008029.IN.20141218190420");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installDate", "18/12/2014 19:04:22");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSessionId", "28036117-a36f-4c92-9b27-2fc3d1f6fd2c");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSp", "false");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installerVersion", "1.11.0.11");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchRevert", "@searchrevert@");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUninstallUserMode", "4");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUserMode", "4");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.toolbarInstallDate", "18-12-2014 19:04:20");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.versionFromInstaller", "10.35.0.3");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.xpeMode", "1");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "/URERXLEQ2VXLEOG7KVNGZGKJVASOACHZSILPIRG1I/GXE/L4ROCNQRPUJ2/YE7NPRZM63QC34BMKRGXK6CKKQ");
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4472 bytes] ##########
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Josh - WHITEKNIGHT
# Running from : C:\Users\Josh\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Service KMSELDI
***** [ Folders ] *****
[x] Folder Not Deleted : C:\Program Files\kmspico
[-] Folder Deleted : C:\Program Files\Easeware
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[-] Folder Deleted : C:\Users\Josh\AppData\LocalLow\Tbccint
[-] Folder Deleted : C:\Users\Josh\AppData\Roaming\Easeware
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Josh\AppData\Local\Temp\OptimizerPro.exe
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : DriverEasy Scheduled Scan
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1
***** [ Web browsers ] *****
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.FF19Solved", "true");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.UserID", "UN40248103522008029");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.dum", "2");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.fullUserID", "UN40248103522008029.IN.20141218190420");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installDate", "18/12/2014 19:04:22");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSessionId", "28036117-a36f-4c92-9b27-2fc3d1f6fd2c");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSp", "false");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.installerVersion", "1.11.0.11");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchRevert", "@searchrevert@");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUninstallUserMode", "4");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUserMode", "4");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.toolbarInstallDate", "18-12-2014 19:04:20");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.versionFromInstaller", "10.35.0.3");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("CT3329621.xpeMode", "1");
[-] [C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "/URERXLEQ2VXLEOG7KVNGZGKJVASOACHZSILPIRG1I/GXE/L4ROCNQRPUJ2/YE7NPRZM63QC34BMKRGXK6CKKQ");
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4472 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 Pro x64
Ran by Josh (Administrator) on 2015-12-10 at 17:14:51.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Josh\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\Users\Public\Desktop\drivereasy.lnk (Shortcut)
Deleted the following from C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js
user_pref(smartbar.machineId, /URERXLEQ2VXLEOG7KVNGZGKJVASOACHZSILPIRG1I/GXE/L4ROCNQRPUJ2/YE7NPRZM63QC34BMKRGXK6CKKQ);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-10 at 17:15:37.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 Pro x64
Ran by Josh (Administrator) on 2015-12-10 at 17:14:51.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Josh\AppData\Roaming\new version available (Folder)
Successfully deleted: C:\Users\Public\Desktop\drivereasy.lnk (Shortcut)
Deleted the following from C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\prefs.js
user_pref(smartbar.machineId, /URERXLEQ2VXLEOG7KVNGZGKJVASOACHZSILPIRG1I/GXE/L4ROCNQRPUJ2/YE7NPRZM63QC34BMKRGXK6CKKQ);
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-10 at 17:15:37.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Broni
Posts: 56,041 +516
Try to reinstall it.
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double click to run it.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Josh (administrator) on WHITEKNIGHT (11-12-2015 03:41:39)
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
() C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\rubyw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2014-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-07-23]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F3CE8913-4601-457B-8EF0-175D642D59EB}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: KESIReaderBHO Class -> {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} -> C:\Program Files (x86)\Kurzweil Educational Systems\Common Files\KESIReaderIE.dll [2014-06-03] (TODO: <Company name>)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter-x32: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1506505283-487300969-3346399363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Josh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-28] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com [2015-12-03] [not signed]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-04]
FF Extension: Canadian English Dictionary - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\en-CA@dictionaries.addons.mozilla.org [2015-08-22]
FF Extension: Ghostery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\firefox@ghostery.com.xpi [2015-11-05]
FF Extension: Smart Middle Click - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\SmartMiddleClick@spiers.xpi [2015-03-24] [not signed]
FF Extension: KESI Reader - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{0B37872F-D59F-4b47-B2FD-F37E3F979437} [2015-03-06] [not signed]
FF Extension: uBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05]
FF Extension: Facebook Message Seen Disable - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi [2015-11-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-13] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [590416 2015-09-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-08-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
Ran by Josh (administrator) on WHITEKNIGHT (11-12-2015 03:41:39)
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
() C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(hxxp://www.ruby-lang.org/) C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\rubyw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2014-10-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-10-21]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-07-23]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-171\wirelesscm.exe (D-Link Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F3CE8913-4601-457B-8EF0-175D642D59EB}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: KESIReaderBHO Class -> {67EC1BB4-1AC3-4B5E-9CAD-DA52013E7C31} -> C:\Program Files (x86)\Kurzweil Educational Systems\Common Files\KESIReaderIE.dll [2014-06-03] (TODO: <Company name>)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-21] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-21] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter-x32: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
Filter-x32: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll [2010-05-13] (Design Science, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-21] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1506505283-487300969-3346399363-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Josh\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-28] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\support@lastpass.com [2015-12-03] [not signed]
FF Extension: Tab Mix Plus - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-04]
FF Extension: Canadian English Dictionary - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\en-CA@dictionaries.addons.mozilla.org [2015-08-22]
FF Extension: Ghostery - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\firefox@ghostery.com.xpi [2015-11-05]
FF Extension: Smart Middle Click - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\SmartMiddleClick@spiers.xpi [2015-03-24] [not signed]
FF Extension: KESI Reader - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{0B37872F-D59F-4b47-B2FD-F37E3F979437} [2015-03-06] [not signed]
FF Extension: uBlock - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-05]
FF Extension: Facebook Message Seen Disable - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ntbnx206.default-1413951357403\Extensions\{7b9de502-149c-8165-ec2c-db01128febfe}.xpi [2015-11-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-13] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [590416 2015-09-21] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [415520 2015-08-07] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2014-01-16] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe [96768 2013-05-07] () [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-05-18] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-18] (Razer Inc)
R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2014-11-03] (Sony Ericsson Mobile Communications)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [194904 2015-10-06] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-07-23] (Basil Projects)
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Users\Public\Foxit Software
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Foxit Software
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2015-12-10 18:02 - 2015-12-10 18:10 - 39170360 _____ (Foxit Software Inc. ) C:\Users\Josh\Downloads\FoxitReader728.1124_prom_enu_Setup.exe
2015-12-10 17:15 - 2015-12-10 17:15 - 00000950 _____ C:\Users\Josh\Desktop\JRT.txt
2015-12-10 17:14 - 2015-12-10 17:14 - 01599336 _____ (Malwarebytes) C:\Users\Josh\Desktop\JRT.exe
2015-12-10 17:05 - 2015-12-10 17:05 - 01738240 _____ C:\Users\Josh\Desktop\adwcleaner_5.024.exe
2015-12-10 16:49 - 2015-12-10 17:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 16:49 - 2015-12-10 16:49 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-10 16:49 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 16:49 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-10 16:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-10 16:48 - 2015-12-10 16:48 - 22908888 _____ (Malwarebytes ) C:\Users\Josh\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-10 16:14 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-10 16:14 - 2015-12-10 16:14 - 20829256 _____ C:\Users\Josh\Desktop\RogueKiller.exe
2015-12-10 16:14 - 2015-12-10 16:14 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-10 02:05 - 2015-12-10 02:05 - 00103045 _____ C:\Users\Josh\Downloads\protection-profile-key-concept-common-criteria-1007.pdf
2015-12-09 22:51 - 2015-12-09 22:52 - 00058257 _____ C:\Users\Josh\Desktop\Addition.txt
2015-12-09 22:50 - 2015-12-11 03:41 - 00025123 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-11 03:41 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 03:41 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-11 03:40 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-11 03:38 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 20:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-10 20:45 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-10 20:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 19:52 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-10 19:38 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-10 17:29 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-10 17:29 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-10 17:16 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 17:16 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-10 17:10 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-10 17:10 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-10 17:10 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 17:09 - 2014-11-04 21:18 - 00000000 ____D C:\AdwCleaner
2015-12-10 15:50 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-12-10 03:42 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-10 02:10 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-10 02:10 - 2015-11-01 18:43 - 00002067 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-10 02:10 - 2015-01-05 16:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-09 23:10 - 2014-07-23 20:54 - 00028110 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-09 22:51 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 15:42
==================== End of FRST.txt ============================
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8168; C:\Windows\system32\DRIVERS\rtlh64.sys [681688 2015-01-21] (Inventec )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [33448 2014-05-18] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-18] (Razer Inc)
R3 seehcri; C:\Windows\System32\drivers\seehcri.sys [34032 2014-11-03] (Sony Ericsson Mobile Communications)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-10] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [194904 2015-10-06] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-07-23] (Basil Projects)
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Users\Public\Foxit Software
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Foxit Software
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-12-10 18:16 - 2015-12-10 18:16 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2015-12-10 18:02 - 2015-12-10 18:10 - 39170360 _____ (Foxit Software Inc. ) C:\Users\Josh\Downloads\FoxitReader728.1124_prom_enu_Setup.exe
2015-12-10 17:15 - 2015-12-10 17:15 - 00000950 _____ C:\Users\Josh\Desktop\JRT.txt
2015-12-10 17:14 - 2015-12-10 17:14 - 01599336 _____ (Malwarebytes) C:\Users\Josh\Desktop\JRT.exe
2015-12-10 17:05 - 2015-12-10 17:05 - 01738240 _____ C:\Users\Josh\Desktop\adwcleaner_5.024.exe
2015-12-10 16:49 - 2015-12-10 17:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 16:49 - 2015-12-10 16:49 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-10 16:49 - 2015-12-10 16:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-10 16:49 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-10 16:49 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-10 16:49 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-10 16:48 - 2015-12-10 16:48 - 22908888 _____ (Malwarebytes ) C:\Users\Josh\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-10 16:14 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-10 16:14 - 2015-12-10 16:14 - 20829256 _____ C:\Users\Josh\Desktop\RogueKiller.exe
2015-12-10 16:14 - 2015-12-10 16:14 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-10 02:05 - 2015-12-10 02:05 - 00103045 _____ C:\Users\Josh\Downloads\protection-profile-key-concept-common-criteria-1007.pdf
2015-12-09 22:51 - 2015-12-09 22:52 - 00058257 _____ C:\Users\Josh\Desktop\Addition.txt
2015-12-09 22:50 - 2015-12-11 03:41 - 00025123 _____ C:\Users\Josh\Desktop\FRST.txt
2015-12-09 22:50 - 2015-12-11 03:41 - 00000000 ____D C:\FRST
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2015-12-09 22:49 - 2015-12-09 22:49 - 02369024 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2015-12-09 19:12 - 2015-12-09 19:12 - 00720345 _____ C:\Users\Josh\Downloads\penetration-testing-assessing-security-attackers-34635.pdf
2015-12-09 18:54 - 2015-12-09 18:55 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce(1).pdf
2015-12-09 12:21 - 2015-12-09 12:21 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5(1).pdf
2015-12-08 23:55 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 23:55 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 23:55 - 2015-11-11 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-08 23:55 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 23:55 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 23:55 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 23:55 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 23:55 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 23:55 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 23:55 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 23:55 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 23:55 - 2015-11-09 15:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-08 23:55 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 23:55 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 23:55 - 2015-11-09 15:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 23:55 - 2015-11-09 15:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-08 23:55 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 23:55 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 23:55 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 23:55 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 23:55 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 23:55 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 23:55 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 23:55 - 2015-11-08 13:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-08 23:55 - 2015-11-08 13:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-08 23:55 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 23:55 - 2015-11-08 13:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 23:55 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 23:55 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 23:55 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 23:55 - 2015-11-08 12:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-08 23:55 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 23:55 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 23:55 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 23:55 - 2015-11-05 00:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 23:54 - 2015-11-21 22:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-08 23:54 - 2015-11-21 22:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-08 23:54 - 2015-11-21 22:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-08 23:54 - 2015-11-21 22:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-08 23:54 - 2015-11-21 22:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-08 23:54 - 2015-11-21 10:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-08 23:54 - 2015-11-21 08:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 23:54 - 2015-11-21 08:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 23:54 - 2015-11-21 08:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 23:54 - 2015-11-08 16:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 23:54 - 2015-11-08 14:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 23:54 - 2015-11-08 13:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 23:54 - 2015-11-08 13:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 23:54 - 2015-11-08 13:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-08 23:54 - 2015-11-08 12:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 23:54 - 2015-11-08 12:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 23:54 - 2015-11-08 12:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 09:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 23:54 - 2015-10-22 08:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 23:54 - 2015-10-22 08:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 08:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-08 23:54 - 2015-10-22 07:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 23:54 - 2015-10-22 06:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-08 23:54 - 2015-10-10 09:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-08 23:54 - 2015-10-03 11:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-08 23:53 - 2015-11-20 14:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 23:53 - 2015-11-20 10:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 23:53 - 2015-11-20 08:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 23:53 - 2015-11-20 08:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-08 23:53 - 2015-11-20 08:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 23:53 - 2015-11-20 08:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 23:53 - 2015-11-20 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 23:53 - 2015-11-20 08:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 23:53 - 2015-11-20 08:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 23:53 - 2015-11-20 08:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 23:53 - 2015-10-28 07:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-08 23:53 - 2015-10-28 07:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-08 23:53 - 2015-10-10 22:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-08 23:53 - 2015-10-10 22:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-08 23:53 - 2015-10-10 22:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-08 23:53 - 2015-10-10 10:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-08 23:53 - 2015-10-10 10:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2015-12-08 23:53 - 2015-10-08 08:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-08 23:53 - 2015-10-08 07:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-08 23:53 - 2015-10-05 10:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-08 23:53 - 2015-10-05 10:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-08 22:13 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-12-08 22:13 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-12-08 22:13 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-12-08 22:12 - 2015-12-08 22:12 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-12-08 22:12 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-12-08 22:12 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-12-08 22:12 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-12-08 22:12 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-12-08 22:12 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-12-08 21:07 - 2015-12-08 21:07 - 00062956 _____ C:\Users\Josh\Downloads\2010_016_100_48336.pdf
2015-12-08 20:41 - 2015-12-08 20:41 - 02012780 _____ C:\Users\Josh\Downloads\secure development lifecylce.pdf
2015-12-08 16:45 - 2015-12-08 16:45 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics(1).pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 40408962 _____ C:\Users\Josh\Downloads\248565.pdf
2015-12-08 16:12 - 2015-12-08 16:12 - 00102474 _____ C:\Users\Josh\Downloads\kam97writer.pdf
2015-12-08 16:00 - 2015-12-08 16:00 - 00735419 _____ C:\Users\Josh\Downloads\docExam_2.pdf
2015-12-08 15:51 - 2015-12-08 15:51 - 08443404 _____ C:\Users\Josh\Downloads\Cases Involving the Reliability of Handwriting Identification Exp.pdf
2015-12-08 15:49 - 2015-12-08 15:49 - 00176072 _____ C:\Users\Josh\Downloads\iwfhr06.pdf
2015-12-08 15:47 - 2015-12-08 15:47 - 01283687 _____ C:\Users\Josh\Downloads\Biometrics.pdf
2015-12-08 12:12 - 2015-12-08 12:12 - 00115176 _____ C:\Users\Josh\Downloads\A6(1).pdf
2015-12-08 02:17 - 2015-12-08 02:17 - 02071031 _____ C:\Users\Josh\Downloads\access control.pdf
2015-12-08 02:13 - 2015-12-08 02:13 - 00094922 _____ C:\Users\Josh\Downloads\review.pdf
2015-12-08 01:45 - 2015-12-08 01:45 - 00115176 _____ C:\Users\Josh\Downloads\A6.pdf
2015-12-08 01:13 - 2015-12-08 01:13 - 00069640 _____ C:\Users\Josh\Downloads\l03.pdf
2015-12-08 00:35 - 2013-10-05 00:38 - 04424344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc120.dll
2015-12-08 00:31 - 2015-12-08 00:46 - 00000000 ____D C:\Users\Josh\Desktop\Kurzweil Errors
2015-12-08 00:26 - 2015-12-08 00:26 - 07194312 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\vcredist_x64.exe
2015-12-07 20:32 - 2015-12-07 20:32 - 00000086 _____ C:\Users\Josh\.gitconfig
2015-12-07 20:31 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00002177 _____ C:\Users\Josh\Desktop\Git Shell.lnk
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\Documents\GitHub
2015-12-07 20:31 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\GitHub
2015-12-07 19:49 - 2015-12-07 20:31 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-07 19:49 - 2015-12-07 19:49 - 00000308 _____ C:\Users\Josh\Desktop\GitHub.appref-ms
2015-12-07 19:46 - 2015-12-07 20:32 - 00000000 ____D C:\Users\Josh\AppData\Local\Deployment
2015-12-07 19:45 - 2015-12-07 19:45 - 00675936 _____ () C:\Users\Josh\Downloads\GitHubSetup.exe
2015-12-06 20:01 - 2015-12-06 20:01 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum(1).pdf
2015-12-06 15:16 - 2015-12-06 15:16 - 03239645 _____ C:\Users\Josh\Downloads\jeff.3gp
2015-12-06 01:41 - 2015-12-06 01:41 - 00154505 _____ C:\Users\Josh\Desktop\Sample Final.pdf
2015-12-06 01:34 - 2015-12-06 01:34 - 00096366 _____ C:\Users\Josh\Downloads\gl32(1).pdf
2015-12-05 16:03 - 2015-12-05 16:03 - 00022118 _____ C:\Users\Josh\Downloads\Crime_Free_Lease_Addendum.pdf
2015-12-04 18:25 - 2015-12-04 18:25 - 00002949 _____ C:\Users\Josh\Desktop\report.txt
2015-12-04 01:51 - 2015-12-04 01:51 - 00131738 _____ C:\Users\Josh\Downloads\otr-wpes.pdf
2015-12-03 21:32 - 2015-12-03 21:32 - 00001596 _____ C:\Users\Josh\Downloads\report.txt
2015-12-03 18:34 - 2015-12-03 18:34 - 00543446 _____ C:\Users\Josh\Downloads\w2sp12-final4.pdf
2015-12-03 18:29 - 2015-12-03 18:32 - 10244610 _____ C:\Users\Josh\Downloads\ProCapture_1_7_4_3_9androidapps_com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10524955 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture.free-1.7.4.3-APK4Fun.com.apk
2015-12-03 18:28 - 2015-12-03 18:30 - 10244610 _____ C:\Users\Josh\Downloads\com.neaststudios.procapture_1.7.4.3_paid-www.apkhere.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera-FV-5_v3.0.1_revdl.com.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m.apk
2015-12-03 18:06 - 2015-12-03 18:08 - 05098673 _____ C:\Users\Josh\Downloads\Camera FV-5 v3.0.1 ph4nt0m(1).apk
2015-12-02 18:31 - 2015-12-02 18:31 - 00109031 _____ C:\Users\Josh\Downloads\Sudoku-as-SAT.pdf
2015-12-02 17:53 - 2015-12-02 17:53 - 00028755 _____ C:\Users\Josh\Downloads\censoredBlankTimetable.pdf
2015-12-02 03:44 - 2015-12-02 03:44 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-12-02 03:43 - 2015-11-24 10:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-12-02 03:42 - 2015-11-24 15:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 18363696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-02 03:42 - 2015-11-24 15:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-02 03:42 - 2015-11-24 15:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-01 18:04 - 2015-11-12 10:37 - 00112712 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-11-30 17:08 - 2015-11-30 17:08 - 00110584 _____ C:\Users\Josh\Downloads\2015-2016 Fees.pdf
2015-11-29 21:47 - 2015-11-29 21:48 - 01009378 _____ C:\Users\Josh\Downloads\Paradoxa_Erica Lord.pdf
2015-11-29 18:33 - 2015-11-29 18:38 - 115286137 _____ C:\Users\Josh\Downloads\house party.zip
2015-11-26 22:42 - 2015-11-26 22:42 - 03839691 _____ C:\Users\Josh\Downloads\Lease-Agreement-Joshua-signed.pdf
2015-11-26 00:51 - 2015-11-26 00:51 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Intel
2015-11-25 17:51 - 2015-11-25 17:51 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-11-25 17:51 - 2015-11-25 17:51 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-11-25 17:51 - 2015-11-25 17:51 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-11-25 02:50 - 2015-11-25 02:50 - 00660530 _____ C:\Users\Josh\Downloads\N9.pdf
2015-11-25 02:36 - 2015-11-25 02:36 - 00003409 _____ C:\Users\Josh\Downloads\TENTTERM_Sample.pdf
2015-11-24 23:03 - 2015-11-24 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-11-23 17:16 - 2015-11-23 17:16 - 02060650 _____ C:\Users\Josh\Downloads\rtb1(1).pdf
2015-11-23 17:15 - 2015-11-23 17:15 - 00137503 _____ C:\Users\Josh\Downloads\P26648_Employee_Confidential_Info_Band_6-10_Enable_v5.pdf
2015-11-23 00:47 - 2015-11-23 00:47 - 00096366 _____ C:\Users\Josh\Downloads\gl32.pdf
2015-11-22 21:26 - 2015-11-22 21:26 - 00041625 _____ C:\Users\Josh\Desktop\Teneant Replacement Form.pdf
2015-11-20 03:46 - 2015-11-15 19:35 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435900.dll
2015-11-20 03:46 - 2015-11-15 19:35 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435900.dll
2015-11-17 15:01 - 2015-11-17 15:01 - 00000000 ____D C:\Users\Josh\Downloads\EraserPortable
2015-11-17 15:00 - 2015-11-17 15:00 - 01369272 _____ (PortableApps.com) C:\Users\Josh\Downloads\EraserPortable_5.8.8.1_English.paf.exe
2015-11-17 14:51 - 2015-11-17 14:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000887 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-17 14:51 - 2015-11-17 14:51 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-17 14:04 - 2015-11-17 14:05 - 00929872 _____ (Google Inc.) C:\Users\Josh\Downloads\ChromeSetup.exe
2015-11-15 02:54 - 2015-11-15 02:54 - 00127652 _____ C:\Users\Josh\Downloads\project.pdf
2015-11-12 19:46 - 2015-11-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-11-12 19:45 - 2015-11-12 19:45 - 00000000 ____D C:\Program Files\Oracle
2015-11-12 02:23 - 2015-10-13 07:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-13 07:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-12 02:23 - 2015-10-10 22:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 02:23 - 2015-10-10 22:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 02:23 - 2015-10-10 10:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 02:23 - 2015-10-10 10:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 02:23 - 2015-10-10 10:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-12 02:23 - 2015-10-10 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 02:23 - 2015-10-10 09:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 02:23 - 2015-10-10 09:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-12 02:23 - 2015-10-10 08:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-12 02:19 - 2015-09-29 04:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-12 02:19 - 2015-09-04 11:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-12 02:19 - 2015-08-20 12:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-12 02:19 - 2015-08-20 09:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-12 02:18 - 2015-10-15 08:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 02:18 - 2015-10-15 07:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-12 02:18 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 02:18 - 2015-10-13 09:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 02:18 - 2015-09-12 05:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-12 02:18 - 2015-09-07 08:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-12 02:18 - 2015-09-07 08:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-11-12 02:18 - 2015-09-07 08:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-11-12 02:18 - 2015-09-07 07:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-12 02:18 - 2015-09-07 07:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-12 02:18 - 2015-08-28 14:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-12 02:15 - 2015-10-08 08:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-12 02:15 - 2015-08-10 10:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-12 02:15 - 2015-08-10 10:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 09:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-12 02:15 - 2015-08-10 08:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-12 02:15 - 2015-08-10 08:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 22:13 - 2015-11-05 09:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-11 03:41 - 2014-08-20 23:15 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe
2015-12-11 03:40 - 2014-07-23 21:12 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\LastPass
2015-12-11 03:38 - 2015-07-19 22:19 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 20:50 - 2014-07-24 18:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-10 20:45 - 2014-07-23 21:31 - 00000000 ____D C:\ProgramData\VMware
2015-12-10 20:35 - 2015-07-19 22:19 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 19:52 - 2014-07-23 20:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{094AC730-86C7-4689-B2D7-2DFCC2192C84}
2015-12-10 19:38 - 2014-07-23 20:47 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506505283-487300969-3346399363-1001
2015-12-10 17:29 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Roaming\VMware
2015-12-10 17:29 - 2014-07-23 21:34 - 00000000 ____D C:\Users\Josh\AppData\Local\VMware
2015-12-10 17:16 - 2014-03-18 02:04 - 01003716 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 17:16 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2015-12-10 17:10 - 2015-04-06 19:59 - 00000091 _____ C:\HaxLogs.txt
2015-12-10 17:10 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-10 17:10 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 17:09 - 2014-11-04 21:18 - 00000000 ____D C:\AdwCleaner
2015-12-10 15:50 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\rescache
2015-12-10 03:42 - 2014-07-23 20:59 - 00000000 ____D C:\Users\Josh\AppData\Roaming\KeePass
2015-12-10 02:10 - 2015-11-01 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-10 02:10 - 2015-11-01 18:43 - 00002067 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-10 02:10 - 2015-01-05 16:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-09 23:10 - 2014-07-23 20:54 - 00028110 _____ C:\Users\Josh\Documents\NewSafe.kdbx
2015-12-09 22:51 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2015-12-09 12:19 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh\AppData\Local\Packages
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 01:39 - 2014-07-28 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 01:39 - 2013-08-22 06:44 - 00538520 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:03 - 2014-12-03 17:43 - 00000000 ____D C:\Users\Josh\AppData\Local\ElevatedDiagnostics
2015-12-09 00:40 - 2014-07-25 00:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 00:39 - 2014-07-25 00:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 00:39 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-09 00:39 - 2013-08-22 05:25 - 00000288 _____ C:\Windows\win.ini
2015-12-09 00:37 - 2014-07-28 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 00:35 - 2014-07-27 01:17 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 00:21 - 2014-07-27 01:17 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:12 - 2014-12-09 22:10 - 00000000 ____D C:\Program Files (x86)\VMware
2015-12-08 22:12 - 2014-07-23 21:31 - 01008322 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-08 19:39 - 2014-07-26 00:18 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 15:50 - 2014-07-24 18:15 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 00:39 - 2015-03-06 09:34 - 00002158 _____ C:\Users\Public\Desktop\Kurzweil 3000.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000699 _____ C:\Users\Public\Desktop\Kurzweil 3000 Pending Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000694 _____ C:\Users\Public\Desktop\Kurzweil 3000 Output Audio.lnk
2015-12-08 00:39 - 2015-03-06 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kurzweil Educational Systems
2015-12-08 00:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-07 20:32 - 2014-07-23 20:41 - 00000000 ____D C:\Users\Josh
2015-12-07 19:46 - 2014-11-26 18:58 - 00000000 ____D C:\Users\Josh\AppData\Local\Apps\2.0
2015-12-07 19:17 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\tixati
2015-12-07 18:58 - 2014-11-04 00:51 - 00000000 ____D C:\Users\Josh\Documents\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000796 _____ C:\Users\Josh\Desktop\Tixati.lnk
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-12-07 18:27 - 2014-11-04 00:38 - 00000000 ____D C:\Program Files\tixati
2015-12-06 21:56 - 2014-07-24 18:53 - 00000000 ____D C:\Users\Josh\AppData\Roaming\vlc
2015-12-06 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-05 18:31 - 2014-07-23 21:08 - 00000000 ____D C:\ProgramData\TEMP
2015-12-05 15:59 - 2014-07-23 21:08 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-02 03:44 - 2015-10-29 23:23 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2015-12-02 03:44 - 2014-07-25 01:52 - 00000000 ____D C:\Temp
2015-12-02 03:44 - 2014-07-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-02 03:44 - 2014-07-23 21:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-01 20:16 - 2015-11-02 21:05 - 00000000 ____D C:\Users\Josh\.VirtualBox
2015-12-01 18:03 - 2014-07-24 22:59 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA Corporation
2015-12-01 13:52 - 2014-07-23 20:46 - 00000000 ____D C:\Program Files\pia_manager
2015-12-01 09:19 - 2013-08-22 07:38 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 09:19 - 2013-08-22 07:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 01:20 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-26 01:47 - 2014-07-23 20:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-26 01:45 - 2014-07-23 20:43 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-11-26 00:51 - 2015-04-21 23:22 - 00000000 ____D C:\ProgramData\Intel
2015-11-26 00:51 - 2015-04-06 22:22 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-26 00:08 - 2015-07-04 19:35 - 00000000 ____D C:\wamp
2015-11-24 22:24 - 2014-08-20 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-24 22:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Windows\system32\1033
2015-11-24 21:58 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-11-24 21:58 - 2014-09-13 17:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-24 21:58 - 2013-08-22 07:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-24 21:57 - 2014-09-13 17:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-24 21:54 - 2014-09-13 17:15 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-11-24 21:45 - 2014-09-13 17:20 - 00000000 ____D C:\Program Files\MSBuild
2015-11-24 21:44 - 2015-09-14 20:07 - 00000000 ____D C:\Program Files\Git
2015-11-24 15:10 - 2015-06-23 18:32 - 03159248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-24 15:10 - 2014-07-23 21:11 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-24 15:10 - 2014-03-20 19:03 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-24 15:10 - 2014-03-20 19:02 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-24 10:40 - 2014-07-23 21:11 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-24 10:40 - 2014-07-23 21:11 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-24 10:40 - 2014-07-23 21:11 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-23 02:38 - 2014-07-23 21:11 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2015-11-21 04:28 - 2015-01-17 18:18 - 00000000 ____D C:\Users\Josh\Documents\KurzweilVM
2015-11-20 03:45 - 2015-08-26 23:36 - 00000000 ____D C:\Users\Josh\.oracle_jre_usage
2015-11-20 03:45 - 2014-11-02 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Oracle
2015-11-20 03:45 - 2014-09-13 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-20 03:45 - 2014-09-13 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-20 03:44 - 2014-11-02 10:54 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-17 14:56 - 2014-07-23 21:31 - 00000000 ____D C:\Users\Josh\Desktop\Josh's Stuf
2015-11-17 14:51 - 2015-05-18 12:17 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-11-17 14:29 - 2015-07-19 22:19 - 00000000 ____D C:\Users\Josh\AppData\Local\Google
2015-11-12 10:37 - 2014-07-30 22:14 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-12 10:37 - 2014-07-30 22:14 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01828160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-12 10:37 - 2014-07-24 22:59 - 01509824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-12 04:57 - 2013-08-22 07:36 - 00000000 ___RD C:\Windows\ToastData
==================== Files in the root of some directories =======
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-10 15:42
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Josh (2015-12-11 03:42:08)
Running from C:\Users\Josh\Desktop
Windows 8.1 Pro (X64) (2014-07-24 04:41:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1506505283-487300969-3346399363-500 - Administrator - Disabled)
Guest (S-1-5-21-1506505283-487300969-3346399363-501 - Limited - Disabled)
Josh (S-1-5-21-1506505283-487300969-3346399363-1001 - Administrator - Enabled) => C:\Users\Josh
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acapela North And South American Voices (HKLM-x32\...\{2E424B29-041D-4F1F-A532-A3168CB7D0D8}) (Version: 1.00.0000 - Kurzweil Educational Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Amazon Kindle) (Version: - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Edimax AC1200 Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - Edimax Technology Co.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GitHub (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.9.0 - GitHub, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kurzweil 3000 v.14 (HKLM-x32\...\{B66BF8FD-4E4D-41B3-9AE6-CA8E725210CF}) (Version: 14.00.0000 - Kurzweil Educational Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MathPlayer (HKLM-x32\...\{32F66A20-7614-11D4-BD11-00104BD3F987}) (Version: 2.2 - Design Science, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 3.5.0b4 (32-bit) (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\{663d017d-5c95-41a5-ae68-77af43c04014}) (Version: 3.5.114.0 - Python Software Foundation)
Python 3.5.0b4 Add to Path (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Core Interpreter (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Development Libraries (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Executables (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Launcher (32-bit) (x32 Version: 3.5.113.0 - Python Software Foundation) Hidden
Python 3.5.0b4 pip Bootstrap (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Standard Library (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Test Suite (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Utility Scripts (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Simple DNSCrypt (HKLM-x32\...\{D59CEE5A-645E-44B0-B0BF-39255AB84C56}) (Version: 0.2.7 - bitbeans)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Tixati (HKLM-x32\...\tixati) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.15 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM\...\{4E3CD3D0-7F82-4B44-A3D9-A4000522B529}) (Version: 12.1.0 - VMware, Inc.)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-12-2015 19:45:13 Scheduled Checkpoint
08-12-2015 00:26:55 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
10-12-2015 17:14:57 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-07-05 13:03 - 00001059 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C8F0E6D-DC1D-4B17-9B84-99B3E389CFAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {0FAA4B06-CE8F-40A7-8B89-D65D0B141BEB} - System32\Tasks\AdobeAAMUpdater-1.0-WhiteKnight-Josh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2AAA147B-6B4A-4E9E-A42D-BC64FF14014C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2CE86CC8-4DDA-46BC-B8DD-FEC71CDDE4A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {2D9655CB-F736-4522-B4D0-F3E4E2AE7F43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {382C49D8-4111-4D81-B91D-AC924F60CC51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {526C51A6-36D2-4BA3-B28A-F08B7EF251D8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {BA3679C9-340A-4F46-9AB3-9DF53001AFD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BBF52BDE-88BC-43DC-87E9-4C665F76C826} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CED7C50C-C391-4E40-92AE-5EA13023B991} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D129964E-8EE4-4365-ADED-711EA4FD8527} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {D1D4D7B3-2740-43E0-AE28-17C91D0F6664} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-21 13:32 - 2015-09-21 13:32 - 00590416 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2015-04-07 00:00 - 2014-01-16 15:19 - 00044104 _____ () C:\Windows\runSW.exe
2014-07-23 20:50 - 2008-06-26 15:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2015-04-07 00:00 - 2013-05-07 14:06 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-02-23 12:05 - 2014-06-03 22:17 - 00070480 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KVPPlugIns.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00445080 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-13.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00125928 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 13:12 - 2015-11-12 10:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\src\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\bin\libffi-6.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-08 17:35 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\src\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00118784 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00069120 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00083968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\zlib1.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00275968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00015360 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008192 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00023552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00036352 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\libffi-6.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-11 03:38 - 2015-12-11 03:39 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-07-23 20:46 - 2015-12-01 13:52 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (Whitelisted) ===================
Ran by Josh (2015-12-11 03:42:08)
Running from C:\Users\Josh\Desktop
Windows 8.1 Pro (X64) (2014-07-24 04:41:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1506505283-487300969-3346399363-500 - Administrator - Disabled)
Guest (S-1-5-21-1506505283-487300969-3346399363-501 - Limited - Disabled)
Josh (S-1-5-21-1506505283-487300969-3346399363-1001 - Administrator - Enabled) => C:\Users\Josh
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acapela North And South American Voices (HKLM-x32\...\{2E424B29-041D-4F1F-A532-A3168CB7D0D8}) (Version: 1.00.0000 - Kurzweil Educational Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\Amazon Kindle) (Version: - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Edimax AC1200 Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0218.1 - Edimax Technology Co.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GitHub (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.9.0 - GitHub, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kurzweil 3000 v.14 (HKLM-x32\...\{B66BF8FD-4E4D-41B3-9AE6-CA8E725210CF}) (Version: 14.00.0000 - Kurzweil Educational Systems)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MathPlayer (HKLM-x32\...\{32F66A20-7614-11D4-BD11-00104BD3F987}) (Version: 2.2 - Design Science, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-GB)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 3.5.0b4 (32-bit) (HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\{663d017d-5c95-41a5-ae68-77af43c04014}) (Version: 3.5.114.0 - Python Software Foundation)
Python 3.5.0b4 Add to Path (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Core Interpreter (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Development Libraries (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Executables (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Launcher (32-bit) (x32 Version: 3.5.113.0 - Python Software Foundation) Hidden
Python 3.5.0b4 pip Bootstrap (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Standard Library (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Test Suite (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Python 3.5.0b4 Utility Scripts (32-bit) (x32 Version: 3.5.114.0 - Python Software Foundation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Simple DNSCrypt (HKLM-x32\...\{D59CEE5A-645E-44B0-B0BF-39255AB84C56}) (Version: 0.2.7 - bitbeans)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Tixati (HKLM-x32\...\tixati) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.15 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM\...\{4E3CD3D0-7F82-4B44-A3D9-A4000522B529}) (Version: 12.1.0 - VMware, Inc.)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
04-12-2015 19:45:13 Scheduled Checkpoint
08-12-2015 00:26:55 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
10-12-2015 17:14:57 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-07-05 13:03 - 00001059 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C8F0E6D-DC1D-4B17-9B84-99B3E389CFAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {0FAA4B06-CE8F-40A7-8B89-D65D0B141BEB} - System32\Tasks\AdobeAAMUpdater-1.0-WhiteKnight-Josh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {2AAA147B-6B4A-4E9E-A42D-BC64FF14014C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2CE86CC8-4DDA-46BC-B8DD-FEC71CDDE4A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {2D9655CB-F736-4522-B4D0-F3E4E2AE7F43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {382C49D8-4111-4D81-B91D-AC924F60CC51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {526C51A6-36D2-4BA3-B28A-F08B7EF251D8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-01] ()
Task: {BA3679C9-340A-4F46-9AB3-9DF53001AFD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BBF52BDE-88BC-43DC-87E9-4C665F76C826} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {CED7C50C-C391-4E40-92AE-5EA13023B991} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D129964E-8EE4-4365-ADED-711EA4FD8527} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {D1D4D7B3-2740-43E0-AE28-17C91D0F6664} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-21 13:32 - 2015-09-21 13:32 - 00590416 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2015-04-07 00:00 - 2014-01-16 15:19 - 00044104 _____ () C:\Windows\runSW.exe
2014-07-23 20:50 - 2008-06-26 15:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-171\WlanWpsSvc.exe
2015-04-07 00:00 - 2013-05-07 14:06 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-02-23 12:05 - 2014-06-03 22:17 - 00070480 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KVPPlugIns.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 08845798 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00690688 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-07-23 20:46 - 2015-12-01 13:52 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00445080 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libsodium-13.dll
2015-09-21 13:32 - 2015-09-21 13:32 - 00125928 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\libgcc_s_dw2-1.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-08-07 01:09 - 2015-08-07 01:09 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 13:12 - 2015-11-12 10:39 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\src\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\bin\libffi-6.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr378D.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-12-08 17:35 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00012800 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009728 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00014848 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\src\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00094208 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00118784 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00069120 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00083968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\zlib1.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00275968 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00015360 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008192 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00009216 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00023552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00008704 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00036352 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00126976 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00087552 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00016384 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00127316 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\bin\libffi-6.dll
2015-12-11 03:38 - 2015-12-11 03:38 - 00013312 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-12-11 03:38 - 2015-12-11 03:38 - 00095744 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-12-11 03:38 - 2015-12-11 03:39 - 00026624 _____ () C:\Users\Josh\AppData\Local\Temp\ocr7216.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-07-23 20:46 - 2015-12-01 13:52 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-07-23 20:46 - 2015-12-01 13:52 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Wireless Connection Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87218DCD-5BA5-4978-BB9D-55C6B611ACA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7F66F558-C8FC-4D58-87C8-0087B14A39CC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{938756D5-28AC-4AF4-88F3-BE3B8B513020}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B182164D-6AA9-4498-80C5-40ED7FD183D6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C0FB43-CBA2-4C5C-949D-8D6CF298510D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A6E13A13-58E2-4458-9EB8-FF5A0B5FDC0C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{71975F5B-B539-49D5-A337-9DC40FA86982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16BDFA7A-25FA-4D9F-8B39-21AD291AF71B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6F5B3BEA-B07B-46F3-BB74-99D902879C5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{435ECAD6-A665-444D-B7FD-35535A5BF5BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC9654C4-BC8E-486D-BB7B-EC38B9AA1CF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B47BA226-874B-48D4-A62A-70EB7EE7FC9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7D721C9C-B4E7-4A53-BBE3-F37B48ED28D3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BC258D6B-194D-4B3E-A67A-B36E03572500}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{0F046C07-8485-4CAD-A6EA-EBFAA2DD32CD}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{718E3FD9-FBC3-43F4-AA4F-8A6DF71A3EEA}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{53320305-0EEC-4E78-82B0-00D7A03E7E99}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{86ACEF3E-36CC-4562-B068-5A3E29A15AEE}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{A2A360F2-1957-4B65-9DA6-EC09704E31EF}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [UDP Query User{3C2E9E2D-067E-4F0A-B668-1F838765F00B}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [TCP Query User{3B4AB674-1190-4409-8C4B-35EC2BC34DED}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{D1C4B686-DD66-4B9E-916F-D75F32EE1F32}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{36D389F4-BD64-4F55-B10E-525067C679D5}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{51B59B8A-975F-40EC-96CA-0206A1BE55B8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{3F131C05-CE02-4BC5-98B6-8A698D202F97}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{8C7C7877-658B-43D1-95A0-6B9DDACF2859}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{11C54487-B761-4BA2-8EC1-3B22F758DD0C}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{A18EE8D0-AFCD-42BD-BD8E-55BDB47415F8}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{6F7F2889-9FAC-408F-817F-227C95F6761D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D084814-2CA2-45B6-8299-0062ECF5C29B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{92D71732-C3AF-4344-8CC6-0BF683743629}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [UDP Query User{A0C4A57A-198E-4083-8E23-2CB99BE915D9}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [TCP Query User{111599D5-FDC5-421C-B516-D12095A844A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93087213-060D-4D45-A7F3-325DE3FAC9BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F50ADD2-4CF4-417C-9E4E-691B7F69BD88}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56511C0D-C114-4B37-AB36-D1341D830142}] => (Allow) LPort=2869
FirewallRules: [{468F7FA3-CD9D-4656-AACE-8A3C53D24295}] => (Allow) LPort=1900
FirewallRules: [{29B357B1-7ACF-40BA-B076-0FACDEAB17D0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28A84F87-3CEB-4756-8BF7-613E08AE2DFF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{48FC5C2C-130D-45C0-AF13-32060F084841}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{BF5834E0-DDEB-4342-822A-51E64BBBC05B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8B8B6759-80F5-4653-8559-0FDA0097F30B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7A54B1FE-4FB8-4448-A50F-A35B99CB5514}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{440AB108-F7B9-445C-9D19-1A8145952000}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{42640DDB-8DD9-4366-9194-BCEE40FDAD5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{46BE4DCE-912F-494E-ABF7-0CBF74549A79}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{96CABAD9-EC77-494E-8A82-40DF599AC98A}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{281B6EFA-FF89-4347-BA8F-DAA2E059C365}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{D1332989-4EC0-43E1-9307-8EF8B6B7EEBA}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{6DBD3E06-492E-442E-B1B2-61787C74E9D3}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{A5454F5C-B73C-4691-86A6-AAEBEE8C875B}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{CAE4D5AF-0CFE-4F14-9923-CC6A5D5C636D}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{366A35E8-91EE-4FBD-9D6B-1FF944A37028}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{FF09676A-66D8-4B68-855A-00A1C1E18A22}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{2EE53426-4FEC-44F5-AEC7-443BB2DC0043}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B9549C6-86F8-469E-8382-2E1EA0457C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDF3B039-657A-41E4-AEF4-378CCA34F84A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0640961-5A5F-4219-8599-1B6CFB9D285C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4378C9FB-6454-42B4-8AC0-4C22DD415C80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00E19E75-EAB3-4366-B9AA-48D4BE623FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122DC77D-B59D-456B-9556-1A328174B5B6}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{DD54E600-68A6-44D0-BACB-8456ECFF092E}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{E745BCC6-7121-4498-9E48-A910EF141659}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{E3EACF65-0D31-422D-AD5B-C61B03F11086}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{481B88E8-D36B-4BB2-B8E1-663E81239B95}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{43A66DE5-AF83-4823-A3D1-4E64CFAF0F3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EEAEC21-9418-4D76-86A4-95BD42D7F39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E71145D-45D5-44FD-9BEB-1C1F4C2D3790}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1E5C6E6F-DEFE-47CB-99A9-87433895F7B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{13F87D97-A936-4793-A76C-9F3B263B764C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C8BFCE1A-CB8A-417C-9757-FBB56B2F04AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2015 05:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 14e0
Start Time: 01d133b2a060a323
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: dd2c5834-9fa9-11e5-8308-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/10/2015 05:14:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/10/2015 05:01:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007fff4d8f0399
Faulting process id: 0x840
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/10/2015 02:06:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1144
Start Time: 01d1331c533df097
Termination Time: 13
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: a673bee8-9f25-11e5-8306-30b5c2031edf
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 07:53:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffaab180399
Faulting process id: 0x784
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 07:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f94
Start Time: 01d132f9ed3b5d8c
Termination Time: 8
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: f3bdd60c-9eee-11e5-8305-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 01:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff899980399
Faulting process id: 0x814
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 12:28:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware.exe version 12.1.0.2487 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d10
Start Time: 01d132498c023fbb
Termination Time: 60000
Application Path: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Report Id: 6a2263c5-9e4e-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 05:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 584
Start Time: 01d1321c73dce8e1
Termination Time: 9
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: 29d9ef2d-9e10-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 04:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1338
Start Time: 01d132191e7a78a1
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: abc4753c-9e0f-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/10/2015 05:15:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (12/10/2015 05:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (12/10/2015 05:09:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2015-12-10 15:43:12.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 21%
Total physical RAM: 8156.87 MB
Available physical RAM: 6422.86 MB
Total Virtual: 15580.87 MB
Available Virtual: 13580.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.25 GB) (Free:30.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:445.78 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:1862.98 GB) (Free:216.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445F9625)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=209.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0AD132E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Wireless Connection Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87218DCD-5BA5-4978-BB9D-55C6B611ACA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7F66F558-C8FC-4D58-87C8-0087B14A39CC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{938756D5-28AC-4AF4-88F3-BE3B8B513020}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B182164D-6AA9-4498-80C5-40ED7FD183D6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E2C0FB43-CBA2-4C5C-949D-8D6CF298510D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A6E13A13-58E2-4458-9EB8-FF5A0B5FDC0C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{71975F5B-B539-49D5-A337-9DC40FA86982}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{16BDFA7A-25FA-4D9F-8B39-21AD291AF71B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6F5B3BEA-B07B-46F3-BB74-99D902879C5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{435ECAD6-A665-444D-B7FD-35535A5BF5BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC9654C4-BC8E-486D-BB7B-EC38B9AA1CF5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B47BA226-874B-48D4-A62A-70EB7EE7FC9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7D721C9C-B4E7-4A53-BBE3-F37B48ED28D3}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BC258D6B-194D-4B3E-A67A-B36E03572500}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{0F046C07-8485-4CAD-A6EA-EBFAA2DD32CD}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{718E3FD9-FBC3-43F4-AA4F-8A6DF71A3EEA}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{53320305-0EEC-4E78-82B0-00D7A03E7E99}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{86ACEF3E-36CC-4562-B068-5A3E29A15AEE}] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [TCP Query User{A2A360F2-1957-4B65-9DA6-EC09704E31EF}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [UDP Query User{3C2E9E2D-067E-4F0A-B668-1F838765F00B}C:\program files\java\jdk1.8.0_20\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_20\bin\jmc.exe
FirewallRules: [TCP Query User{3B4AB674-1190-4409-8C4B-35EC2BC34DED}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{D1C4B686-DD66-4B9E-916F-D75F32EE1F32}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{36D389F4-BD64-4F55-B10E-525067C679D5}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{51B59B8A-975F-40EC-96CA-0206A1BE55B8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{3F131C05-CE02-4BC5-98B6-8A698D202F97}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{8C7C7877-658B-43D1-95A0-6B9DDACF2859}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsn986B.tmp\CnetInstaller-75660251.exe
FirewallRules: [{11C54487-B761-4BA2-8EC1-3B22F758DD0C}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{A18EE8D0-AFCD-42BD-BD8E-55BDB47415F8}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsaB2E2.tmp\CnetInstaller-10598299.exe
FirewallRules: [{6F7F2889-9FAC-408F-817F-227C95F6761D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D084814-2CA2-45B6-8299-0062ECF5C29B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{92D71732-C3AF-4344-8CC6-0BF683743629}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [UDP Query User{A0C4A57A-198E-4083-8E23-2CB99BE915D9}C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe] => (Allow) C:\program files (x86)\kurzweil educational systems\kurzweil 3000\kurzweil 3000.exe
FirewallRules: [TCP Query User{111599D5-FDC5-421C-B516-D12095A844A3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93087213-060D-4D45-A7F3-325DE3FAC9BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F50ADD2-4CF4-417C-9E4E-691B7F69BD88}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56511C0D-C114-4B37-AB36-D1341D830142}] => (Allow) LPort=2869
FirewallRules: [{468F7FA3-CD9D-4656-AACE-8A3C53D24295}] => (Allow) LPort=1900
FirewallRules: [{29B357B1-7ACF-40BA-B076-0FACDEAB17D0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{28A84F87-3CEB-4756-8BF7-613E08AE2DFF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{48FC5C2C-130D-45C0-AF13-32060F084841}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{BF5834E0-DDEB-4342-822A-51E64BBBC05B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{8B8B6759-80F5-4653-8559-0FDA0097F30B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7A54B1FE-4FB8-4448-A50F-A35B99CB5514}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{440AB108-F7B9-445C-9D19-1A8145952000}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{42640DDB-8DD9-4366-9194-BCEE40FDAD5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{46BE4DCE-912F-494E-ABF7-0CBF74549A79}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{96CABAD9-EC77-494E-8A82-40DF599AC98A}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{281B6EFA-FF89-4347-BA8F-DAA2E059C365}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{D1332989-4EC0-43E1-9307-8EF8B6B7EEBA}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{6DBD3E06-492E-442E-B1B2-61787C74E9D3}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{A5454F5C-B73C-4691-86A6-AAEBEE8C875B}] => (Allow) C:\wamp\wampmanager.exe
FirewallRules: [{CAE4D5AF-0CFE-4F14-9923-CC6A5D5C636D}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{366A35E8-91EE-4FBD-9D6B-1FF944A37028}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{FF09676A-66D8-4B68-855A-00A1C1E18A22}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{2EE53426-4FEC-44F5-AEC7-443BB2DC0043}] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{3B9549C6-86F8-469E-8382-2E1EA0457C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDF3B039-657A-41E4-AEF4-378CCA34F84A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A0640961-5A5F-4219-8599-1B6CFB9D285C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4378C9FB-6454-42B4-8AC0-4C22DD415C80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00E19E75-EAB3-4366-B9AA-48D4BE623FD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{122DC77D-B59D-456B-9556-1A328174B5B6}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{DD54E600-68A6-44D0-BACB-8456ECFF092E}] => (Allow) C:\Users\Josh\AppData\Local\Temp\nsxB3C9.tmp\Installer-75802911.exe
FirewallRules: [{E745BCC6-7121-4498-9E48-A910EF141659}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{E3EACF65-0D31-422D-AD5B-C61B03F11086}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{481B88E8-D36B-4BB2-B8E1-663E81239B95}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{43A66DE5-AF83-4823-A3D1-4E64CFAF0F3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EEAEC21-9418-4D76-86A4-95BD42D7F39D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E71145D-45D5-44FD-9BEB-1C1F4C2D3790}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1E5C6E6F-DEFE-47CB-99A9-87433895F7B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{13F87D97-A936-4793-A76C-9F3B263B764C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C8BFCE1A-CB8A-417C-9757-FBB56B2F04AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2015 05:52:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 14e0
Start Time: 01d133b2a060a323
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: dd2c5834-9fa9-11e5-8308-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/10/2015 05:14:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (12/10/2015 05:01:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007fff4d8f0399
Faulting process id: 0x840
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/10/2015 02:06:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1144
Start Time: 01d1331c533df097
Termination Time: 13
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: a673bee8-9f25-11e5-8306-30b5c2031edf
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 07:53:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffaab180399
Faulting process id: 0x784
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 07:34:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f94
Start Time: 01d132f9ed3b5d8c
Termination Time: 8
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: f3bdd60c-9eee-11e5-8305-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2015 01:39:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.1.0.0, time stamp: 0x5313ef48
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff899980399
Faulting process id: 0x814
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
Error: (12/09/2015 12:28:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware.exe version 12.1.0.2487 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d10
Start Time: 01d132498c023fbb
Termination Time: 60000
Application Path: C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
Report Id: 6a2263c5-9e4e-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 05:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 584
Start Time: 01d1321c73dce8e1
Termination Time: 9
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: 29d9ef2d-9e10-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2015 04:56:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.9.20077.29851 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1338
Start Time: 01d132191e7a78a1
Termination Time: 7
Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Report Id: abc4753c-9e0f-11e5-8304-14dae9f55cd6
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/10/2015 05:15:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (12/10/2015 05:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
Error: (12/10/2015 05:09:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (12/10/2015 05:09:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (12/10/2015 05:09:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2015-12-10 15:43:12.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.525
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:46.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 22:10:34.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.485
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-12-09 20:09:18.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 21%
Total physical RAM: 8156.87 MB
Available physical RAM: 6422.86 MB
Total Virtual: 15580.87 MB
Available Virtual: 13580.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:209.25 GB) (Free:30.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:445.78 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Passport) (Fixed) (Total:1862.98 GB) (Free:216.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 445F9625)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=209.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0AD132E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Broni
Posts: 56,041 +516
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Josh (2015-12-11 17:20:24) Run:1
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{150fbb15-4907-11e4-8275-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{150fbb15-4907-11e4-8275-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62768430-da44-11e4-82aa-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{62768430-da44-11e4-82aa-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b715eb9-2e79-11e4-826a-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{7b715eb9-2e79-11e4-826a-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e57a7c-12ec-11e4-8252-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{d6e57a7c-12ec-11e4-8252-14dae9f55cd6} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
FreeOTFE => service removed successfully
FreeOTFECypherAES_ltc => service removed successfully
FreeOTFECypherBlowfish => service removed successfully
FreeOTFECypherCAST5 => service removed successfully
FreeOTFECypherCAST6_Gladman => service removed successfully
FreeOTFECypherDES => service removed successfully
FreeOTFECypherMARS_Gladman => service removed successfully
FreeOTFECypherRC6_ltc => service removed successfully
FreeOTFECypherSerpent_Gladman => service removed successfully
FreeOTFECypherTwofish_ltc => service removed successfully
FreeOTFEHashMD => service removed successfully
FreeOTFEHashRIPEMD => service removed successfully
FreeOTFEHashSHA => service removed successfully
FreeOTFEHashTiger => service removed successfully
FreeOTFEHashWhirlpool => service removed successfully
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Josh\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Josh\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\namebench.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\python27.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\smarter.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\tcl85.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\tk85.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\un19772.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe => moved successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
==== End of Fixlog 17:20:28 ====
Ran by Josh (2015-12-11 17:20:24) Run:1
Running from C:\Users\Josh\Desktop
Loaded Profiles: Josh (Available Profiles: Josh & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: G - "G:\Autoplay.exe" -auto
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {150fbb15-4907-11e4-8275-14dae9f55cd6} - "I:\Startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {62768430-da44-11e4-82aa-14dae9f55cd6} - "I:\startme.exe"
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {7b715eb9-2e79-11e4-826a-14dae9f55cd6} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1506505283-487300969-3346399363-1001\...\MountPoints2: {d6e57a7c-12ec-11e4-8252-14dae9f55cd6} - "G:\WD Drive Unlock.exe" autoplay=true
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 FreeOTFE; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFE.sys [X]
S3 FreeOTFECypherAES_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherAES_ltc.sys [X]
S3 FreeOTFECypherBlowfish; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherBlowfish.sys [X]
S3 FreeOTFECypherCAST5; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST5.sys [X]
S3 FreeOTFECypherCAST6_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherCAST6_Gladman.sys [X]
S3 FreeOTFECypherDES; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherDES.sys [X]
S3 FreeOTFECypherMARS_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherMARS_Gladman.sys [X]
S3 FreeOTFECypherRC6_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherRC6_ltc.sys [X]
S3 FreeOTFECypherSerpent_Gladman; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherSerpent_Gladman.sys [X]
S3 FreeOTFECypherTwofish_ltc; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFECypherTwofish_ltc.sys [X]
S3 FreeOTFEHashMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashMD.sys [X]
S3 FreeOTFEHashRIPEMD; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashRIPEMD.sys [X]
S3 FreeOTFEHashSHA; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashSHA.sys [X]
S3 FreeOTFEHashTiger; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashTiger.sys [X]
S3 FreeOTFEHashWhirlpool; \??\C:\Users\Josh\AppData\Local\Temp\Rar$EXa0.162\amd64\FreeOTFEHashWhirlpool.sys [X]
2014-10-21 23:35 - 2014-10-21 23:36 - 14016000 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-11-23 22:37 - 2015-10-03 17:26 - 0001456 _____ () C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-24 00:23 - 2015-03-24 00:23 - 0004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 23:01 - 2015-10-28 16:21 - 0000600 _____ () C:\Users\Josh\AppData\Local\PUTTY.RND
2015-01-17 03:13 - 2015-10-21 00:12 - 0007597 _____ () C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
2015-04-07 00:13 - 2015-04-07 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe
C:\Users\Josh\AppData\Local\Temp\namebench.exe
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Josh\AppData\Local\Temp\ose00000.exe
C:\Users\Josh\AppData\Local\Temp\ose00001.exe
C:\Users\Josh\AppData\Local\Temp\python27.dll
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe
C:\Users\Josh\AppData\Local\Temp\smarter.exe
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll
C:\Users\Josh\AppData\Local\Temp\tcl85.dll
C:\Users\Josh\AppData\Local\Temp\tk85.dll
C:\Users\Josh\AppData\Local\Temp\un19772.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{150fbb15-4907-11e4-8275-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{150fbb15-4907-11e4-8275-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62768430-da44-11e4-82aa-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{62768430-da44-11e4-82aa-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b715eb9-2e79-11e4-826a-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{7b715eb9-2e79-11e4-826a-14dae9f55cd6} => key not found.
"HKU\S-1-5-21-1506505283-487300969-3346399363-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6e57a7c-12ec-11e4-8252-14dae9f55cd6}" => key removed successfully
HKCR\CLSID\{d6e57a7c-12ec-11e4-8252-14dae9f55cd6} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
FreeOTFE => service removed successfully
FreeOTFECypherAES_ltc => service removed successfully
FreeOTFECypherBlowfish => service removed successfully
FreeOTFECypherCAST5 => service removed successfully
FreeOTFECypherCAST6_Gladman => service removed successfully
FreeOTFECypherDES => service removed successfully
FreeOTFECypherMARS_Gladman => service removed successfully
FreeOTFECypherRC6_ltc => service removed successfully
FreeOTFECypherSerpent_Gladman => service removed successfully
FreeOTFECypherTwofish_ltc => service removed successfully
FreeOTFEHashMD => service removed successfully
FreeOTFEHashRIPEMD => service removed successfully
FreeOTFEHashSHA => service removed successfully
FreeOTFEHashTiger => service removed successfully
FreeOTFEHashWhirlpool => service removed successfully
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
C:\Users\Josh\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Josh\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Josh\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Josh\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\DownloadMapleAutoUpdate.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyljl3.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u25-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\K3000patch13.31.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\Maple18.01WindowsX64Upgrade.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\namebench.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\npp.6.8.6.Installer.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\nv3DVStreaming.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\python27.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\Samsung_Magician_Setup_v4.5.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\smarter.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\tcl85.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\tk85.dll => moved successfully
C:\Users\Josh\AppData\Local\Temp\un19772.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.4-win64.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\vlc-2.1.5-win64.exe => moved successfully
C:\Users\Josh\AppData\Local\Temp\xmlUpdater.exe => moved successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
==== End of Fixlog 17:20:28 ====
Broni
Posts: 56,041 +516
Last scans...
Download Security Check from here or here and save it to your Desktop.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Download Sophos Free Virus Removal Tool and save it to your desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.2
Java 8 Update 66
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.235
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.2
Java 8 Update 66
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.235
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 10-06-2014
Ran by Josh (administrator) on 12-12-2015 at 15:04:55
Running from "C:\Users\Josh\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
Ran by Josh (administrator) on 12-12-2015 at 15:04:55
Running from "C:\Users\Josh\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
