Solved How do I destroy KMS-R@1n.exe?

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  • Hello everyone We want to personally apologize to everyone for the downtime that we've experienced. We are working to get everything back up as quickly as possible. Due to the issues we've had, your password will need to be reset. Please click the button that says "Forgot Your Password" and change it. We are working to have things back to normal. Emails are fixed and should now send properly. Thank you all for your patience. Thanks, PCHF Management
Status
Not open for further replies.
Johnathon Patterson

Johnathon Patterson

PCHF Member
Nov 24, 2016
17
5
26
I have been having a lot of problems in the past week with my laptop (after I uninstalled and re-installed my anti-virus). Since then I've been getting a lot of driver errors and other programs errors. I have run the tests listed on this Reddit thread. Malwarebytes did not discover any threats, ADW did not either, JRT discovered one and Hitman Prod discovered 11 which were all detected and 'cleaned'. I have located the file in my C:/Windows directory. I have tried to scan the file directly but Malware Byes does not recognize it as a threat. I also cannot delete it, once it is deleted it just comes back after a restart. I have tried killing it in services.msc and disabled the auto start up. Right now I'm creating a bootable USB drive with Avira Rescue System on it in hopes of getting rid of this thing.



Hopefully, someone here can help me out as there's not much on the internet to go by regarding this trojan.
 
Welcome to PCHF. :)


Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.794


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.795

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan

frst-jpg.796


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.797


Please Copy and Paste the contents of these logs in your next post for review
 
Last edited:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Kadence (administrator) on DESKTOP-M0IAP3C (23-11-2016 22:29:52)
Running from C:\Users\Kadence\Desktop\fix
Loaded Profiles: Kadence (Available Profiles: defaultuser0 & Kadence)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Cepstral, LLC) C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Conexant Systems, Inc.) C:\Windows\syswow64\SASrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
() C:\Program Files\pia_manager\pia_manager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(PreSonus) C:\Program Files\PreSonus\Universal Control\Universal Control.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(hxxp://www.ruby-lang.org/) C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\bin\rubyw.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\pia_manager\pia_manager.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(hxxp://www.ruby-lang.org/) C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(FlashPeak Inc.) C:\Program Files (x86)\Slimjet\slimjet.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838480 2016-11-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [4804096 2016-08-31] (PreSonus)
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] ()
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\RunOnce: [Uninstall C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\RunOnce: [Uninstall C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\MountPoints2: E - "E:\setup.exe"
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\MountPoints2: F - "F:\Autorun.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-22] (Dropbox, Inc.)
Startup: C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-11-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b5eb688e-0b01-4f96-b086-c6126b0ae269}: [DhcpNameServer] 192.168.168.1
Tcpip\..\Interfaces\{d244dffb-258b-46c7-9ec4-b4af66fa4f28}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{e06735e6-51ae-4e90-8ad9-ebe6563411ca}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vfi8x1x6.default
FF ProfilePath: C:\Users\Kadence\AppData\Roaming\Mozilla\Firefox\Profiles\vfi8x1x6.default [2016-11-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-06-14] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [71680 2013-10-21] (Cepstral, LLC) [File not signed]
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [449112 2016-07-28] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-22] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1385640 2015-07-12] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-07-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-22] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusSGDrv; C:\Windows\System32\drivers\AsusSGDrv.sys [135992 2015-06-30] (ASUS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [75888 2016-11-22] (Dropbox, Inc.)
S3 dg_ssudbus; C:\Windows\System32\drivers\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2015-07-12] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-07-12] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-07-12] (Intel Corporation)
S3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-25] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-11-23] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2016-11-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-11-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-11-23] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [223528 2016-11-23] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252560 2016-11-23] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112336 2016-11-23] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [167904 2016-11-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-11-23] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_1690e1309a521ecf\nvlddmkm.sys [14172608 2016-11-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\drivers\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\system32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudcdf; C:\Windows\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [64640 2016-07-22] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\Windows\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-23 22:28 - 2016-11-23 22:28 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-11-23 22:28 - 2016-11-23 22:28 - 00000000 ____D C:\Users\Default\AppData\Local\Apple
2016-11-23 22:28 - 2016-11-23 22:28 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple
2016-11-23 22:28 - 2016-11-23 22:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-23 22:07 - 2016-11-23 22:07 - 00000601 _____ C:\Users\Kadence\Downloads\fixlist.txt
2016-11-23 21:54 - 2016-11-23 22:29 - 00000000 ____D C:\Users\Kadence\Desktop\fix
2016-11-23 21:50 - 2016-11-23 21:51 - 00003444 _____ C:\Users\Kadence\Downloads\Fixlog.txt
2016-11-23 20:16 - 2016-11-23 20:20 - 00012884 ____H C:\Users\Kadence\Desktop\~WRL2139.tmp
2016-11-23 18:19 - 2016-11-23 18:19 - 00252560 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2016-11-23 18:14 - 2016-11-23 18:14 - 00223528 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2016-11-23 18:14 - 2016-11-23 18:14 - 00167904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2016-11-23 18:14 - 2016-11-23 18:14 - 00112336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2016-11-23 18:14 - 2015-08-22 20:38 - 00010065 _____ C:\Users\Kadence\Desktop\Kaspersky Internet Security 16.0.0.614_26.08.2017_3CED.lic
2016-11-23 18:13 - 2016-11-23 22:12 - 00003392 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-11-23 18:13 - 2016-11-23 22:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-23 18:13 - 2016-11-23 18:17 - 01012056 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-11-23 18:13 - 2016-11-23 18:17 - 00435032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-11-23 18:13 - 2016-11-23 18:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-23 18:13 - 2016-11-23 18:13 - 00002225 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-11-23 18:13 - 2016-11-23 18:13 - 00002207 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-11-23 18:13 - 2016-11-23 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-11-23 18:13 - 2016-11-23 18:13 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-11-23 18:13 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-11-23 18:13 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-11-23 17:36 - 2016-11-23 17:37 - 00056687 _____ C:\Users\Kadence\Downloads\Addition.txt
2016-11-23 17:34 - 2016-11-23 22:29 - 00000000 ____D C:\FRST
2016-11-23 17:34 - 2016-11-23 17:37 - 00144543 _____ C:\Users\Kadence\Downloads\FRST.txt
2016-11-23 16:33 - 2016-11-23 18:02 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-11-23 16:33 - 2016-11-23 16:33 - 02840616 _____ C:\Users\Kadence\Downloads\SecurityTaskManager_Setup.exe
2016-11-23 16:33 - 2016-11-23 16:33 - 00001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00001206 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2016-11-23 16:23 - 2016-11-23 16:46 - 04713984 _____ (Geza Kovacs) C:\Users\Kadence\Downloads\unetbootin-windows-625.exe
2016-11-23 16:22 - 2016-11-23 16:27 - 703033344 _____ C:\Users\Kadence\Downloads\rescue-system (1).iso
2016-11-23 15:53 - 2016-11-23 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-23 15:51 - 2016-11-23 15:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-11-23 15:33 - 2016-11-23 15:51 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kadence\Desktop\rufus-2.11.exe
2016-11-23 15:33 - 2016-11-23 15:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kadence\Downloads\rufus-2.11.exe
2016-11-23 15:26 - 2016-11-23 15:31 - 703033344 _____ C:\Users\Kadence\Downloads\rescue-system.iso
2016-11-23 14:30 - 2016-11-23 14:30 - 00001416 _____ C:\Windows\system32\.crusader
2016-11-23 14:21 - 2016-11-23 14:21 - 00000516 _____ C:\Users\Kadence\Downloads\url (1).htm
2016-11-23 14:20 - 2016-11-23 14:20 - 00000460 _____ C:\Users\Kadence\Downloads\url.htm
2016-11-23 13:02 - 2016-11-23 13:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-23 13:01 - 2016-11-23 14:30 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-23 13:00 - 2016-11-23 15:15 - 00000549 _____ C:\Users\Kadence\Desktop\JRT.txt
2016-11-23 12:57 - 2016-11-23 12:57 - 00001732 _____ C:\Users\Kadence\Desktop\AdwCleaner[C0].txt
2016-11-23 12:52 - 2016-11-23 15:12 - 00000000 ____D C:\AdwCleaner
2016-11-23 12:01 - 2016-11-23 12:01 - 01453048 _____ (RaMMicHaeL) C:\Users\Kadence\Downloads\unchecky_setup.exe
2016-11-23 12:01 - 2016-11-23 12:01 - 01453048 _____ (RaMMicHaeL) C:\Users\Kadence\Desktop\unchecky_setup.exe
2016-11-23 11:59 - 2016-11-23 13:01 - 11581544 _____ (SurfRight B.V.) C:\Users\Kadence\Desktop\HitmanPro_x64.exe
2016-11-23 11:59 - 2016-11-23 12:57 - 01631928 _____ (Malwarebytes) C:\Users\Kadence\Desktop\JRT.exe
2016-11-23 11:59 - 2016-11-23 11:59 - 11581544 _____ (SurfRight B.V.) C:\Users\Kadence\Downloads\HitmanPro_x64.exe
2016-11-23 11:59 - 2016-11-23 11:59 - 03910208 _____ C:\Users\Kadence\Desktop\adwcleaner_6.030.exe
2016-11-23 11:58 - 2016-11-23 11:58 - 03910208 _____ C:\Users\Kadence\Downloads\adwcleaner_6.030.exe
2016-11-23 11:58 - 2016-11-23 11:58 - 01631928 _____ (Malwarebytes) C:\Users\Kadence\Downloads\JRT.exe
2016-11-23 11:50 - 2016-11-23 21:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-23 11:50 - 2016-11-23 11:50 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-23 11:50 - 2016-11-23 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-23 11:50 - 2016-11-23 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-23 11:50 - 2016-11-23 11:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-23 11:50 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-23 11:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-23 11:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-23 11:49 - 2016-11-23 11:50 - 22851472 _____ (Malwarebytes ) C:\Users\Kadence\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-23 11:48 - 2016-11-23 11:49 - 00004294 _____ C:\Users\Kadence\Desktop\Rkill.txt
2016-11-23 11:48 - 2016-11-23 11:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Kadence\Downloads\rkill.com
2016-11-23 11:29 - 2016-11-23 11:29 - 00000000 ____D C:\Users\Kadence\Desktop\Kaspersky Internet Security 2016 v16.0.0.614 Build 8529
2016-11-23 11:11 - 2016-11-23 11:12 - 00000000 ____D C:\Users\Kadence\Downloads\Kaspersky Internet Security 2016 v16.0.0.614 Build 8529
2016-11-23 11:09 - 2016-11-23 11:09 - 00014449 _____ C:\Users\Kadence\Downloads\Kaspersky Internet Security 2016 v16.0.0.614 Build 8529 [IPT].torrent
2016-11-23 09:04 - 2016-11-23 09:04 - 00087386 _____ C:\Users\Kadence\Desktop\Belarc Advisor Computer Profile.html
2016-11-23 09:02 - 2016-11-23 09:02 - 04738296 _____ C:\Users\Kadence\Downloads\advisorinstaller.exe
2016-11-23 09:02 - 2016-11-23 09:02 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-11-23 09:02 - 2016-11-23 09:02 - 00002195 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-11-23 09:02 - 2016-11-23 09:02 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-11-23 09:00 - 2016-11-23 09:00 - 01946548 _____ C:\Users\Kadence\Desktop\Johnathon Patterson.nfo
2016-11-23 08:59 - 2016-11-23 08:59 - 01116464 _____ (TC Applied Technologies) C:\Users\Kadence\Downloads\ohciTool2.exe
2016-11-23 07:55 - 2016-11-23 07:55 - 00001963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
2016-11-23 07:55 - 2016-11-23 07:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2016-11-23 07:55 - 2011-09-01 00:23 - 00447104 _____ (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
2016-11-23 07:54 - 2014-10-20 14:54 - 00207576 _____ (Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
2016-11-23 07:09 - 2016-11-23 07:09 - 00462174 _____ C:\Users\Kadence\Downloads\ASIO4ALL_2_13_English.exe
2016-11-23 07:09 - 2016-11-23 07:09 - 00001209 _____ C:\Users\Kadence\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2016-11-22 20:11 - 2016-11-22 20:11 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-22 20:11 - 2016-11-22 20:11 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-22 20:11 - 2016-11-22 20:11 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-22 20:11 - 2016-11-22 20:11 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2016-11-22 20:11 - 2016-11-22 20:11 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-22 17:59 - 2014-04-16 11:22 - 00046080 _____ () C:\Windows\system32\Drivers\paeusbaudioks_x64.sys
2016-11-22 17:58 - 2016-11-22 17:58 - 08431584 _____ (PreSonus ) C:\Users\Kadence\Downloads\PreSonus_AudioBox_Installer_v1_3_5653.exe
2016-11-22 17:58 - 2016-11-22 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus
2016-11-22 12:42 - 2016-11-22 12:43 - 34159912 _____ (PreSonus) C:\Users\Kadence\Downloads\PreSonus_Universal_Control_1.8.1.39355 (1).exe
2016-11-22 12:25 - 2016-11-22 12:43 - 00001138 _____ C:\Users\Kadence\Desktop\Universal Control.lnk
2016-11-22 12:22 - 2016-11-22 12:23 - 34159912 _____ (PreSonus) C:\Users\Kadence\Downloads\PreSonus_Universal_Control_1.8.1.39355.exe
2016-11-22 11:41 - 2016-11-22 11:41 - 00000000 ____D C:\NVIDIA
2016-11-22 10:35 - 2016-04-14 00:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-22 10:35 - 2016-04-14 00:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-22 10:33 - 2016-11-22 10:34 - 23778856 _____ (NVIDIA Corporation) C:\Users\Kadence\Downloads\GeForce_Experience_v1.7.1.0.exe
2016-11-21 14:38 - 2016-11-21 14:38 - 930852191 _____ C:\Windows\MEMORY.DMP
2016-11-21 14:38 - 2016-11-21 14:38 - 00423596 _____ C:\Windows\Minidump\112116-26578-01.dmp
2016-11-21 14:38 - 2016-11-21 14:38 - 00000000 ____D C:\Windows\Minidump
2016-11-21 00:22 - 2016-11-21 00:22 - 00000000 ____D C:\Users\Kadence\Desktop\Mixing In Mono
2016-11-20 23:10 - 2016-11-20 23:12 - 00000000 ____D C:\Users\Kadence\Documents\Flux
2016-11-20 23:10 - 2016-11-20 23:12 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Flux
2016-11-20 23:09 - 2016-11-20 23:09 - 00000218 _____ C:\Users\Kadence\AppData\Local\recently-used.xbel
2016-11-20 23:09 - 2016-11-20 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-20 23:08 - 2016-11-20 23:08 - 00000000 ____D C:\Program Files\Flux
2016-11-20 23:04 - 2016-11-20 23:08 - 00000000 ____D C:\Users\Kadence\Downloads\Flux.Full.Pack.2.2.v3.5.25.44238-R2R
2016-11-20 23:04 - 2016-11-20 23:04 - 00011146 _____ C:\Users\Kadence\Downloads\[audionews.org].t199929.torrent
2016-11-20 22:00 - 2016-11-20 22:13 - 00000000 ____D C:\Users\Kadence\Downloads\South.Park.S20E08.720p.HDTV.x264-AVS
2016-11-20 21:59 - 2016-11-20 21:59 - 00004493 _____ C:\Users\Kadence\Downloads\South.Park.S20E08.720p.HDTV.x264-AVS [IPT].torrent
2016-11-20 19:10 - 2016-11-20 16:21 - 00000000 ____D C:\Users\Kadence\Desktop\Shev
2016-11-20 18:06 - 2016-11-20 18:23 - 435729928 _____ C:\Users\Kadence\Desktop\Black Friday Deals.mp4
2016-11-20 16:16 - 2016-11-20 16:16 - 00000372 _____ C:\Users\Kadence\Desktop\DownloadedLicenses.txt
2016-11-20 16:11 - 2016-11-22 14:24 - 00000000 ____D C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64
2016-11-20 16:10 - 2016-11-20 16:10 - 00004337 _____ C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64 [IPT].torrent
2016-11-20 15:54 - 2016-11-20 15:54 - 00000000 ____D C:\Users\Kadence\AppData\Local\ESET
2016-11-20 13:49 - 2016-11-20 13:50 - 00000000 ____D C:\Users\Kadence\AppData\Local\LooksBuilder
2016-11-20 13:49 - 2016-11-20 13:49 - 00000000 ____D C:\Users\Kadence\AppData\Local\Red Giant
2016-11-20 13:47 - 2016-11-20 13:51 - 00000081 _____ C:\Users\Kadence\AppData\Local\FILM_AE_LogFile.txt
2016-11-20 13:47 - 2016-11-20 13:47 - 00003760 _____ C:\Windows\System32\Tasks\Red Giant Link
2016-11-20 13:47 - 2016-11-20 13:47 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Red Giant
2016-11-20 13:47 - 2016-11-20 13:47 - 00000000 ____D C:\ProgramData\Red Giant
2016-11-20 13:47 - 2016-11-20 13:47 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2016-11-20 13:46 - 2016-11-20 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2016-11-20 13:46 - 2016-11-20 13:46 - 00000000 ____D C:\ProgramData\RedGiant
2016-11-20 13:46 - 2016-11-20 13:46 - 00000000 ____D C:\Program Files\Red Giant
2016-11-20 13:46 - 2016-11-20 13:46 - 00000000 ____D C:\Program Files (x86)\Red Giant
2016-11-20 13:46 - 2016-11-20 13:46 - 00000000 ____D C:\Program Files (x86)\LooksBuilder
2016-11-20 13:46 - 2016-10-25 15:55 - 63957504 _____ (Red Giant LLC) C:\Windows\system32\MBLooks4UI_x64.dll
2016-11-20 13:46 - 2016-10-25 13:46 - 14733824 _____ C:\Windows\system32\UniChooser.dll
2016-11-20 13:46 - 2016-10-25 13:46 - 13150720 _____ (Red Giant Software) C:\Windows\system32\Gpu_Shader_Engine_x64.dll
2016-11-20 13:46 - 2016-10-25 13:46 - 05528064 _____ (Noesis Technologies) C:\Windows\system32\Noesis.dll
2016-11-20 13:45 - 2016-11-20 13:45 - 00000000 ____D C:\Users\Kadence\Downloads\Magic Bullet Suite 13.0.0
2016-11-20 13:44 - 2016-11-20 13:44 - 00071407 _____ C:\Users\Kadence\Downloads\Lynda.com.After.Effects.CC.Essential.Training.2015-ELOHiM [IPT].torrent
2016-11-20 13:44 - 2016-11-20 13:44 - 00048377 _____ C:\Users\Kadence\Downloads\Lynda.com.After.Effects.CC.2017.New.Features-ELOHiM [IPT].torrent
2016-11-20 13:35 - 2016-11-20 13:35 - 00011570 _____ C:\Users\Kadence\Downloads\Red+Giant+Magic+Bullet+Suite+v13.0+(Win)+[by+Robert].torrent
2016-11-20 13:29 - 2016-11-20 13:29 - 00211508 _____ C:\Users\Kadence\Downloads\MAGIC BULLET SUITE 12 (FULL) WIN [IPT] (3).torrent
2016-11-20 13:28 - 2016-11-20 13:28 - 00211508 _____ C:\Users\Kadence\Downloads\MAGIC BULLET SUITE 12 (FULL) WIN [IPT] (2).torrent
2016-11-20 13:27 - 2016-11-20 13:27 - 00211508 _____ C:\Users\Kadence\Downloads\MAGIC BULLET SUITE 12 (FULL) WIN [IPT] (1).torrent
2016-11-20 13:21 - 2016-11-20 13:20 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-11-20 13:06 - 2016-11-20 13:34 - 00000000 ____D C:\Users\Kadence\Downloads\MAGIC BULLET SUITE 12 (FULL) WIN
2016-11-20 13:06 - 2016-11-20 13:06 - 00211508 _____ C:\Users\Kadence\Downloads\MAGIC BULLET SUITE 12 (FULL) WIN [IPT].torrent
2016-11-20 13:01 - 2016-11-20 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REVisionEffects
2016-11-20 13:00 - 2016-11-20 13:01 - 00000000 ____D C:\Program Files\REVisionEffects
2016-11-19 23:09 - 2016-11-19 23:09 - 00000000 ____D C:\Users\Kadence\AppData\Local\ffmpeg-avcodex
2016-11-19 21:33 - 2016-11-19 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-11-19 15:33 - 2016-11-19 15:34 - 445183221 _____ C:\Users\Kadence\Desktop\Colder.mp4
2016-11-17 23:52 - 2016-11-17 23:52 - 00000000 ____D C:\Program Files\Cepstral
2016-11-17 23:52 - 2016-11-17 23:52 - 00000000 ____D C:\Program Files (x86)\Cepstral
2016-11-17 23:20 - 2016-11-17 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text to Speech Maker
2016-11-17 23:20 - 2016-11-17 23:20 - 00000000 ____D C:\Program Files (x86)\Text to Speech Maker
2016-11-17 23:20 - 2002-01-05 15:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcr70.dll
2016-11-17 23:16 - 2016-11-17 23:16 - 00000000 ____D C:\Program Files (x86)\NCT
2016-11-17 14:49 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-11-17 14:49 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-11-17 14:49 - 2007-07-20 00:54 - 00021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll
2016-11-17 14:49 - 2007-07-20 00:54 - 00018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll
2016-11-17 14:49 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-11-17 14:49 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-11-17 14:49 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-11-17 14:49 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-11-17 14:49 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-11-17 14:49 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-11-17 14:49 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-11-17 14:49 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-11-17 14:16 - 2016-11-17 14:16 - 00000000 ____D C:\Users\Kadence\AppData\Local\PaceAP
2016-11-17 14:05 - 2016-11-23 14:56 - 00000000 ____D C:\Users\Kadence\Documents\Electronic Arts
2016-11-15 20:39 - 2016-11-15 20:39 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-15 20:39 - 2016-09-09 13:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-11-15 20:39 - 2016-09-09 13:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-11-15 20:39 - 2016-09-09 13:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-11-15 20:39 - 2016-09-09 13:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-11-15 20:37 - 2016-11-10 18:51 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 35222464 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 34711096 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 28203576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 10912048 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 10804064 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 10354984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 09158432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 08761376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 02953152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 02587704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437586.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437586.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00976952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00802584 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00644112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00394888 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-15 20:37 - 2016-11-10 18:51 - 00327408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-13 12:47 - 2016-11-13 12:47 - 00001273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk
2016-11-13 12:44 - 2016-11-13 12:44 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator (Preview).lnk
2016-11-13 12:41 - 2016-11-13 12:41 - 00001617 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-11-12 12:50 - 2016-11-12 12:50 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Mozilla
2016-11-12 12:50 - 2016-11-12 12:50 - 00000000 ____D C:\Users\Kadence\AppData\Local\Mozilla
2016-11-11 23:47 - 2016-11-11 23:47 - 00148314 _____ C:\Users\Kadence\Documents\cc_20161111_234745.reg
2016-11-11 23:27 - 2016-11-23 21:56 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-11-11 23:25 - 2016-11-23 07:54 - 00000000 ____D C:\Windows\LastGood
2016-11-11 23:23 - 2016-11-11 23:25 - 00003628 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-11-11 14:57 - 2016-11-23 18:23 - 00000000 ____D C:\Users\Kadence\AppData\Local\CrashDumps
2016-11-11 14:52 - 2016-10-25 16:40 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437570.dll
2016-11-11 14:52 - 2016-10-25 16:40 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437570.dll
2016-11-11 14:52 - 2016-10-25 16:40 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-11 14:52 - 2016-10-25 16:40 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-11 14:47 - 2016-11-11 14:53 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-11 01:27 - 2016-11-11 01:27 - 00065640 _____ C:\Windows\system32\ASGCoInstaller_x64.dll
2016-11-10 21:23 - 2016-11-10 21:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-11-09 21:54 - 2016-11-09 22:04 - 00000000 ____D C:\Users\Kadence\Evernote
2016-11-09 21:53 - 2016-11-09 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-11-09 20:51 - 2016-11-10 14:40 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 20:51 - 2016-11-10 14:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-09 19:12 - 2016-11-09 19:12 - 00000000 ____D C:\Users\Kadence\AppData\LocalLow\Evernote
2016-11-09 19:12 - 2016-11-09 19:12 - 00000000 ____D C:\Users\Kadence\AppData\Local\Evernote
2016-11-09 10:05 - 2016-11-09 10:05 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Apple Computer
2016-11-09 01:36 - 2016-11-15 14:06 - 00000000 ____D C:\Users\Kadence\AppData\LocalLow\Adobe
2016-11-08 21:11 - 2016-11-08 21:11 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
2016-11-08 21:04 - 2016-11-23 22:28 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-08 21:04 - 2016-11-08 21:04 - 00000000 ____D C:\Users\Kadence\AppData\Local\Apple
2016-11-08 21:04 - 2016-11-08 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-11-08 21:04 - 2016-11-08 21:04 - 00000000 ____D C:\ProgramData\Apple Computer
2016-11-08 21:04 - 2016-11-08 21:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-11-08 21:03 - 2016-11-08 21:03 - 00000000 ____D C:\Users\Kadence\AppData\LocalLow\Apple Computer
2016-11-08 20:55 - 2016-11-08 20:55 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2016-11-08 20:39 - 2016-11-10 22:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-08 20:39 - 2016-11-08 20:39 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-11-08 20:39 - 2016-11-08 20:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-11-08 20:39 - 2016-11-08 20:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-11-08 20:35 - 2016-11-23 21:50 - 00000000 ____D C:\Users\Kadence\AppData\LocalLow\Temp
2016-11-08 20:23 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-08 20:23 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 20:23 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 20:23 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 20:23 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-08 20:23 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 20:23 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-11-08 20:23 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 20:23 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-11-08 20:23 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2016-11-08 20:23 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-08 20:23 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-11-08 20:23 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-08 20:23 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-08 20:23 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-11-08 20:23 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-08 20:23 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-11-08 20:23 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2016-11-08 20:23 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 20:23 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-11-08 20:23 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-11-08 20:23 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-08 20:23 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-11-08 20:23 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-11-08 20:23 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2016-11-08 20:23 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 20:23 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-08 20:23 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-11-08 20:23 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthExt.dll
2016-11-08 20:23 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2016-11-08 20:23 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-11-08 20:23 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2016-11-08 20:23 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2016-11-08 20:23 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2016-11-08 20:23 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-11-08 20:23 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-08 20:23 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-11-08 20:23 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\efsext.dll
2016-11-08 20:23 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2016-11-08 20:23 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 20:23 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-11-08 20:23 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-08 20:23 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2016-11-08 20:23 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-11-08 20:23 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 20:23 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2016-11-08 20:23 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NPSM.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-11-08 20:23 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chartv.dll
2016-11-08 20:23 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-11-08 20:23 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-11-08 20:23 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-11-08 20:23 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2016-11-08 20:23 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\ddraw.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-11-08 20:23 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2016-11-08 20:23 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2016-11-08 20:23 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-11-08 20:23 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-11-08 20:23 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 20:23 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-08 20:23 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-11-08 20:23 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2016-11-08 20:23 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-08 20:23 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\chartv.dll
2016-11-08 20:23 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 20:23 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-11-08 20:23 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2016-11-08 20:23 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-11-08 20:23 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-11-08 20:23 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-11-08 20:23 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-11-08 20:23 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-11-08 20:23 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2016-11-08 20:23 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2016-11-08 20:23 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-11-08 20:23 - 2016-11-02 03:20 - 00446896 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-08 20:22 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 20:22 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-08 20:22 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 20:22 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 20:22 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-11-08 20:22 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 20:22 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 20:22 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 20:22 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-08 20:22 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-11-08 20:22 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-11-08 20:22 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-11-08 20:22 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-11-08 20:22 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-11-08 20:22 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 20:22 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-11-08 20:22 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-11-08 20:22 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 20:22 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-11-08 20:22 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-11-08 20:22 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2016-11-08 20:22 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2016-11-08 20:22 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 20:22 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-11-08 20:22 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-11-08 20:22 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-11-08 20:22 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-08 20:22 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-08 20:22 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2016-11-08 20:22 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2016-11-08 20:22 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 20:22 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-11-08 20:22 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 20:22 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2016-11-08 20:22 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 20:22 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 20:22 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efsext.dll
2016-11-08 20:22 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-08 20:22 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BcastDVRHelper.dll
2016-11-08 20:22 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2016-11-08 20:22 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-11-08 20:22 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-08 20:22 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsensorgroup.dll
2016-11-08 20:22 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-08 20:22 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-11-08 20:22 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8.dll
2016-11-08 20:22 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-11-08 20:22 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 20:22 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2016-11-08 20:22 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-08 20:22 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-11-08 20:22 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2016-11-08 20:22 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-11-08 20:22 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2016-11-08 20:22 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 20:22 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 20:22 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ddraw.dll
2016-11-08 20:22 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2016-11-08 20:22 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2016-11-08 20:22 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 20:22 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-11-08 20:22 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-11-08 20:22 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 20:22 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetailsUpdate.dll
2016-11-08 20:22 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2016-11-08 20:22 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-08 20:22 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-11-08 20:22 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 20:22 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\BcastDVRHelper.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-08 20:22 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 20:22 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-11-08 20:22 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2016-11-08 20:22 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\NetworkDesktopSettings.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 20:22 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 20:22 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 20:22 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2016-11-08 20:22 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-11-08 20:22 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-11-08 20:22 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 20:22 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-11-08 20:22 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-08 20:22 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-11-08 20:22 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2016-11-08 20:22 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-11-08 20:22 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 20:22 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2016-11-08 20:22 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetailsUpdate.dll
2016-11-08 20:22 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 20:22 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-11-08 20:22 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-11-08 20:22 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-11-08 20:22 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2016-11-08 20:22 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\NPSM.dll
2016-11-08 20:22 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2016-11-08 20:22 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2016-11-08 20:22 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 20:22 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 20:22 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2016-11-08 20:22 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-11-08 20:22 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-11-08 20:22 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-11-08 20:22 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 20:22 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-11-08 20:22 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-11-08 20:22 - 2016-11-02 04:11 - 00788624 _____ C:\Windows\SysWOW64\locale.nls
2016-11-08 20:22 - 2016-11-02 04:11 - 00788624 _____ C:\Windows\system32\locale.nls
2016-11-08 20:22 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-11-08 19:56 - 2016-11-08 19:56 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
2016-11-08 19:46 - 2016-11-08 19:46 - 00000000 ____D C:\ProgramData\PACE
2016-11-08 19:42 - 2016-11-08 19:43 - 00000000 ____D C:\Program Files (x86)\iLok License Manager
2016-11-08 15:19 - 2016-11-08 15:19 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2016-11-08 13:06 - 2016-11-08 13:06 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio
2016-11-08 13:06 - 2016-11-08 13:06 - 00000000 ____D C:\ProgramData\Camel Audio
2016-11-08 13:06 - 2016-11-08 13:06 - 00000000 ____D C:\Program Files (x86)\Camel Audio
2016-11-08 12:59 - 2016-11-08 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SoundToys
2016-11-08 12:59 - 2016-11-08 12:59 - 00000000 ____D C:\Program Files (x86)\Soundtoys
2016-11-08 12:58 - 2016-11-08 12:58 - 00000000 ____D C:\Users\Public\Documents\Soundtoys
2016-11-08 12:58 - 2016-11-08 12:58 - 00000000 ____D C:\ProgramData\AudioUTOPiA
2016-11-08 12:53 - 2016-11-21 15:14 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-11-08 12:42 - 2016-11-08 19:58 - 00000000 ____D C:\Users\Kadence\Documents\FabFilter
2016-11-08 12:42 - 2016-11-08 19:58 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\FabFilter
2016-11-08 12:40 - 2016-11-08 12:40 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
2016-11-08 12:40 - 2016-11-08 12:40 - 00000000 ____D C:\Program Files (x86)\FabFilter
2016-11-08 12:37 - 2016-11-08 12:37 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life
2016-11-08 12:31 - 2016-11-08 12:35 - 00000000 ___SD C:\Program Files (x86)\Waves
2016-11-08 12:29 - 2016-11-08 12:52 - 00000000 ___SD C:\ProgramData\Waves Audio
2016-11-08 12:29 - 2016-11-08 12:52 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Waves Audio
2016-11-08 12:29 - 2016-11-08 12:30 - 00000000 ____D C:\Users\Kadence\AppData\Local\Waves Audio
2016-11-08 12:28 - 2016-11-08 12:31 - 00000000 ___SD C:\Users\Public\Waves Audio
2016-11-08 12:28 - 2016-11-08 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central
2016-11-08 12:28 - 2016-11-08 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2016-11-08 12:28 - 2016-11-08 12:28 - 00000000 ____D C:\Program Files (x86)\Waves Central
2016-11-08 12:28 - 2015-03-11 04:47 - 02193016 _____ (Propellerhead Software AB) C:\Windows\system32\ReWire.dll
2016-11-08 12:28 - 2015-03-11 04:47 - 01435256 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2016-11-08 12:24 - 2016-11-08 12:24 - 00000000 ____D C:\Users\Kadence\Documents\Xfer
2016-11-08 12:13 - 2016-11-08 12:13 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Xfer
2016-11-08 12:09 - 2016-11-08 12:09 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
2016-11-08 12:09 - 2016-11-08 12:09 - 00000000 ____D C:\Program Files (x86)\u-he
2016-11-08 11:59 - 2016-11-08 11:59 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2016-11-08 11:59 - 2016-11-08 11:59 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-11-08 11:53 - 2016-11-08 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2016-11-08 11:53 - 2009-10-24 21:15 - 01332224 _____ (AD © 2009) C:\Windows\SysWOW64\SYNSOEMU.DLL
2016-11-08 11:44 - 2016-11-08 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2016-11-08 11:08 - 2016-11-08 11:08 - 00003350 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-11-08 11:07 - 2016-11-08 11:07 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Skype
2016-11-07 18:40 - 2016-11-07 19:24 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\obs-studio
2016-11-07 18:40 - 2016-11-07 18:40 - 00000000 ____D C:\Users\Kadence\AppData\Local\CEF
2016-11-07 18:40 - 2016-11-07 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-07 15:37 - 2016-11-07 16:30 - 00000000 ____D C:\Users\Kadence\Documents\Business Information Systems
2016-11-07 15:37 - 2016-11-07 15:37 - 00000000 ____D C:\Users\Kadence\Documents\Custom Office Templates
2016-11-07 15:12 - 2016-11-23 11:29 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\deluge
2016-11-07 15:08 - 2016-11-07 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-11-07 15:06 - 2016-11-07 15:08 - 00000000 ____D C:\Program Files (x86)\Deluge
2016-11-07 12:37 - 2016-11-07 12:37 - 00003696 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-johnathon.patterson97@hotmail.com
2016-11-07 12:37 - 2016-11-07 12:37 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\NVIDIA
2016-11-06 19:21 - 2016-11-17 14:14 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\iZotope
2016-11-06 19:16 - 2016-11-08 19:43 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2016-11-06 19:15 - 2016-11-06 19:15 - 00000000 ____D C:\ProgramData\Apple
2016-11-06 19:15 - 2016-11-06 19:15 - 00000000 ____D C:\Program Files\Bonjour
2016-11-06 19:15 - 2016-11-06 19:15 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-06 19:13 - 2016-11-08 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-11-06 19:13 - 2016-11-08 19:53 - 00000000 ____D C:\Users\Kadence\Documents\iZotope
2016-11-06 19:13 - 2016-11-08 19:53 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-11-06 19:13 - 2016-11-08 19:53 - 00000000 ____D C:\Program Files (x86)\iZotope
2016-11-06 19:07 - 2016-11-13 12:48 - 00000000 ____D C:\Users\Kadence\Documents\Adobe
2016-11-06 19:07 - 2016-11-13 12:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-06 19:07 - 2016-11-06 19:07 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-11-06 19:05 - 2016-11-13 12:47 - 00000000 ____D C:\Program Files\Adobe
2016-11-06 19:05 - 2016-11-13 12:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-06 19:01 - 2016-11-23 07:09 - 00000000 ____D C:\Users\Kadence\AppData\Local\Adobe
2016-11-06 19:01 - 2016-11-10 14:39 - 00000000 ____D C:\ProgramData\Adobe
2016-11-06 19:01 - 2016-11-06 19:01 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Macromedia
2016-11-06 18:55 - 2016-11-06 18:57 - 00000000 ____D C:\Program Files\CCleaner
2016-11-06 18:55 - 2016-11-06 18:55 - 00002874 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-06 18:55 - 2016-11-06 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-06 18:52 - 2016-11-06 20:25 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Audacity
2016-11-06 18:52 - 2016-11-06 18:52 - 00000000 ____D C:\Users\Kadence\AppData\Local\Audacity
2016-11-06 18:30 - 2016-11-12 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-06 18:27 - 2016-11-06 18:27 - 00002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00002628 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-11-06 18:27 - 2016-11-06 18:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-11-06 18:26 - 2016-11-06 18:26 - 00000000 ____D C:\Windows\PCHEALTH
2016-11-06 18:26 - 2016-11-06 18:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-11-06 18:26 - 2016-11-06 18:26 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-11-06 18:26 - 2016-11-06 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-06 18:25 - 2016-11-06 18:26 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-06 18:25 - 2016-11-06 18:25 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-11-06 18:25 - 2016-11-06 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-06 18:25 - 2016-11-06 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-06 18:16 - 2016-11-22 17:59 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\PreSonus
2016-11-06 18:16 - 2014-07-16 16:54 - 00062464 _____ () C:\Windows\system32\Drivers\paeusbaudiodsp_x64.sys
2016-11-06 18:16 - 2014-04-16 11:22 - 00260096 _____ () C:\Windows\system32\Drivers\paeusbaudio_x64.sys
2016-11-06 18:07 - 2016-11-06 18:07 - 00000000 __RHD C:\MSOCache
2016-11-06 17:56 - 2016-11-23 08:13 - 00000000 ____D C:\Users\Kadence\AppData\Local\ElevatedDiagnostics
2016-11-06 17:19 - 2016-11-06 17:19 - 00000000 ____D C:\Users\Kadence\AppData\Local\Microsoft Help
2016-11-06 17:10 - 2016-10-28 18:56 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-06 17:10 - 2016-10-28 18:56 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-06 16:52 - 2016-11-06 16:52 - 00000000 __HDC C:\ProgramData\{1C1EDD4B-9BC5-4A46-93AF-0D31E608815E}
2016-11-06 16:52 - 2016-11-06 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-11-06 16:52 - 2016-11-06 16:52 - 00000000 ____D C:\Program Files\Native Instruments
2016-11-06 16:52 - 2016-11-06 16:52 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-11-06 16:39 - 2016-11-06 16:39 - 00000000 ____D C:\Users\Kadence\AppData\Local\Native Instruments
2016-11-06 16:05 - 2016-11-22 17:58 - 00000000 ____D C:\Program Files\PreSonus
2016-11-06 16:05 - 2016-11-22 12:43 - 00001168 _____ C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Universal Control.lnk
2016-11-06 16:05 - 2016-11-06 16:05 - 00000000 ____D C:\ProgramData\PreSonus
2016-11-06 15:53 - 2016-11-06 15:53 - 00000000 ____D C:\Users\Kadence\Documents\Native Instruments
2016-11-06 15:52 - 2016-11-06 16:39 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-11-06 15:52 - 2016-11-06 15:52 - 00000000 ____D C:\ProgramData\Native Instruments
2016-11-06 15:39 - 2016-11-09 10:59 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-06 15:39 - 2016-11-09 10:59 - 00000000 ____D C:\Windows\system32\MRT
2016-11-06 15:34 - 2016-11-20 17:43 - 00051372 _____ C:\Users\Kadence\Documents\starburn.txt
2016-11-06 15:34 - 2016-11-06 15:34 - 00000000 ____D C:\ProgramData\Wondershare
2016-11-06 15:31 - 2016-11-06 15:31 - 00000000 ____D C:\Users\Kadence\AppData\Local\Wondershare
2016-11-06 15:30 - 2016-11-06 19:56 - 00000000 ____D C:\Users\Kadence\Documents\Wondershare Filmora
2016-11-06 15:30 - 2016-11-06 15:30 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-11-06 15:30 - 2016-11-06 15:30 - 00000000 ____D C:\Program Files\Wondershare
2016-11-06 15:28 - 2016-11-06 15:30 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-11-06 15:23 - 2016-11-06 18:42 - 00000000 ____D C:\Users\Kadence\AppData\Local\mpress
2016-11-06 15:22 - 2016-11-06 17:19 - 00000000 ____D C:\ProgramData\Microsoft Help.OLD
2016-11-06 15:10 - 2016-11-23 08:10 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\vlc
2016-11-06 15:10 - 2016-11-06 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-06 15:10 - 2016-11-06 15:10 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-11-06 15:05 - 2016-11-06 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-11-06 15:05 - 2016-05-24 18:06 - 00137280 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-11-06 15:00 - 2016-11-06 15:00 - 00000000 ____D C:\Users\Kadence\AppData\Local\VS Revo Group
2016-11-06 15:00 - 2016-11-06 15:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-11-06 15:00 - 2016-11-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-06 15:00 - 2016-11-06 15:00 - 00000000 ____D C:\Program Files\VS Revo Group
2016-11-06 15:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-11-06 14:51 - 2016-11-06 14:51 - 00003274 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2016-11-06 14:51 - 2016-11-06 14:51 - 00000000 ____D C:\Users\Kadence\AppData\Local\Private Internet Access
2016-11-06 14:51 - 2016-11-06 14:51 - 00000000 ____D C:\Users\Kadence\AppData\Local\Crashpad
2016-11-06 14:50 - 2016-11-06 14:53 - 00000000 ____D C:\Program Files\pia_manager
2016-11-06 14:50 - 2016-11-06 14:51 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2016-11-06 14:50 - 2016-11-06 14:50 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-11-06 14:42 - 2016-11-06 15:13 - 00000000 ____D C:\Program Files\PowerISO
2016-11-06 14:18 - 2016-11-06 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFirst IV
2016-11-06 14:13 - 2016-11-23 12:00 - 00003550 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-11-06 14:13 - 2016-11-23 12:00 - 00003540 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-11-06 14:13 - 2016-11-06 14:13 - 00003976 _____ C:\Windows\System32\Tasks\Update Checker
2016-11-06 14:12 - 2016-11-06 14:12 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\WildTangent
2016-11-06 14:05 - 2016-11-23 07:09 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-11-06 14:05 - 2016-11-07 09:41 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Users\Kadence\Documents\Image-Line
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Image-Line
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Program Files\Steinberg
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Program Files\Image-Line
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-11-06 14:05 - 2016-11-06 14:05 - 00000000 ____D C:\Program Files (x86)\Steinberg
2016-11-06 14:00 - 2016-11-06 14:05 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-11-06 13:51 - 2016-11-06 13:51 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\WinRAR
2016-11-06 13:50 - 2016-11-06 13:50 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-06 13:50 - 2016-11-06 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-06 13:50 - 2016-11-06 13:50 - 00000000 ____D C:\Program Files\WinRAR
2016-11-06 13:31 - 2016-11-23 21:57 - 00000000 ___RD C:\Users\Kadence\Dropbox
2016-11-06 13:29 - 2016-11-06 13:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-11-06 13:29 - 2016-11-06 13:29 - 00000000 ____D C:\Users\Kadence\AppData\Local\NetworkTiles
2016-11-06 13:27 - 2016-11-22 18:01 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-06 13:27 - 2016-11-22 18:01 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-06 13:27 - 2016-11-22 15:46 - 00004002 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-06 13:27 - 2016-11-22 15:46 - 00003770 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-06 13:27 - 2016-11-06 13:31 - 00000000 ____D C:\Users\Kadence\AppData\Local\Dropbox
2016-11-06 13:27 - 2016-11-06 13:27 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Dropbox
2016-11-06 13:27 - 2016-11-06 13:27 - 00000000 ____D C:\ProgramData\Dropbox
2016-11-06 13:26 - 2016-11-22 14:13 - 00000000 ____D C:\Program Files (x86)\Slimjet
2016-11-06 13:26 - 2016-11-06 13:26 - 00000000 ____D C:\Users\Kadence\AppData\Local\Slimjet
2016-11-06 13:26 - 2016-11-06 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2016-11-06 13:23 - 2016-11-06 13:23 - 00000000 ____D C:\Users\Kadence\AppData\Local\Comms
2016-11-06 13:13 - 2016-11-06 13:13 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\awsRun
2016-11-06 13:10 - 2016-11-06 13:24 - 00000000 ____D C:\Users\Kadence\AppData\Local\MicrosoftEdge
2016-11-06 13:09 - 2016-11-06 13:09 - 00000000 ____D C:\Users\Kadence\AppData\Local\Conexant
2016-11-06 13:08 - 2016-11-08 11:12 - 00003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-11-06 13:08 - 2016-11-08 11:08 - 00002371 _____ C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-06 13:08 - 2016-11-08 11:08 - 00000000 ___RD C:\Users\Kadence\OneDrive
2016-11-06 13:07 - 2016-11-06 13:29 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\DropboxOEM
2016-11-06 13:07 - 2016-11-06 13:07 - 00000000 ____D C:\Users\Kadence\AppData\Local\DropboxOEM
2016-11-06 13:06 - 2016-11-19 13:02 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Adobe
2016-11-06 13:06 - 2016-11-06 13:06 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\WebStorage
2016-11-06 13:06 - 2016-11-06 13:06 - 00000000 ____D C:\Users\Kadence\AppData\Local\Publishers
2016-11-06 13:05 - 2016-11-23 21:56 - 00000165 _____ C:\Users\Kadence\AppData\Roaming\sp_data.sys
2016-11-06 13:05 - 2016-11-23 21:56 - 00000000 __SHD C:\Users\Kadence\IntelGraphicsProfiles
2016-11-06 13:05 - 2016-11-23 08:30 - 00000000 ____D C:\Users\Kadence\AppData\Local\NVIDIA Corporation
2016-11-06 13:05 - 2016-11-23 08:30 - 00000000 ____D C:\Users\Kadence\AppData\Local\NVIDIA
2016-11-06 13:05 - 2016-11-18 10:25 - 00000000 ____D C:\Users\Kadence\AppData\Local\Packages
2016-11-06 13:05 - 2016-11-08 11:49 - 00000000 ____D C:\Users\Kadence\AppData\Local\VirtualStore
2016-11-06 13:05 - 2016-11-06 14:17 - 00000000 ____D C:\Users\Kadence\AppData\Local\ConnectedDevicesPlatform
2016-11-06 13:05 - 2016-11-06 13:05 - 00000000 ____D C:\Users\Kadence\AppData\Roaming\Intel
2016-11-06 13:05 - 2016-11-06 13:05 - 00000000 ____D C:\Users\Kadence\AppData\Local\TileDataLayer
2016-11-06 13:04 - 2016-11-23 14:30 - 00000000 ____D C:\Users\Kadence
2016-11-06 13:04 - 2016-11-06 13:04 - 00000020 ___SH C:\Users\Kadence\ntuser.ini
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 _SHDL C:\Users\Kadence\My Documents
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 _SHDL C:\Users\Kadence\Documents\My Videos
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 _SHDL C:\Users\Kadence\Documents\My Pictures
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 _SHDL C:\Users\Kadence\Documents\My Music
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\DropboxOEM
2016-11-06 13:04 - 2016-11-06 13:04 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\DropboxOEM
2016-11-06 13:03 - 2016-11-06 13:05 - 00000000 ____D C:\ProgramData\USBChargerPlus
2016-11-06 13:03 - 2016-11-06 13:04 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2016-11-06 13:03 - 2016-11-06 13:03 - 00000165 _____ C:\Users\defaultuser0\AppData\Roaming\sp_data.sys
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Intel
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\NVIDIA Corporation
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\NVIDIA
2016-11-06 13:03 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2016-11-06 12:57 - 2016-11-06 13:03 - 00000000 ____D C:\Users\defaultuser0
2016-11-06 12:57 - 2016-11-06 12:57 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-11-06 12:57 - 2016-11-06 12:57 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2016-11-06 12:57 - 2016-11-06 12:57 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2016-11-06 12:57 - 2016-11-06 12:57 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2016-11-06 12:57 - 2016-11-06 12:57 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2016-11-06 04:36 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\ASUS
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default\My Documents
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\Default User
2016-11-06 04:13 - 2016-11-06 04:13 - 00000000 _SHDL C:\Users\All Users
2016-11-06 04:12 - 2016-11-06 04:12 - 00022744 _____ C:\Windows\system32\emptyregdb.dat
2016-11-06 04:09 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-11-06 04:05 - 2016-11-06 04:05 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-06 03:56 - 2016-11-06 03:56 - 00000000 ____D C:\Windows\system32\config\bbimigrate
2016-11-06 03:50 - 2016-11-23 21:56 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-06 03:50 - 2016-11-23 21:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-06 03:50 - 2016-11-23 08:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-06 03:50 - 2016-11-23 08:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-06 03:50 - 2016-11-10 17:38 - 07511235 _____ C:\Windows\system32\nvcoproc.bin
2016-11-06 03:50 - 2016-11-10 17:38 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-06 03:50 - 2016-11-06 03:58 - 00000000 ___HD C:\Intel
2016-11-06 03:50 - 2016-11-06 03:58 - 00000000 ____D C:\Program Files\Intel
2016-11-06 03:50 - 2016-11-06 03:50 - 00000568 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-11-06 03:50 - 2016-11-06 03:50 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-11-06 03:50 - 2016-11-06 03:50 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2016-11-06 03:50 - 2016-07-28 00:27 - 00104584 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-11-06 03:50 - 2016-07-28 00:27 - 00100488 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-11-06 03:48 - 2016-11-23 07:36 - 00000000 ____D C:\ProgramData\Conexant
2016-11-06 03:48 - 2016-11-06 03:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2016-11-06 03:48 - 2016-11-06 03:48 - 00000000 ____D C:\Program Files\CONEXANT
2016-11-06 03:47 - 2016-11-06 03:59 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-06 03:47 - 2016-11-06 03:47 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-11-06 03:44 - 2016-11-06 03:44 - 00000000 ____D C:\ProgramData\USOShared
2016-11-06 03:42 - 2016-11-23 21:56 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-06 03:42 - 2016-11-23 21:43 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-11-06 03:42 - 2016-11-13 16:00 - 05045968 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-06 03:42 - 2016-11-06 03:42 - 00000000 ____D C:\Windows\ServiceProfiles
2016-11-06 01:20 - 2016-11-11 23:46 - 00000000 ___DC C:\Windows\Panther
2016-11-06 01:20 - 2016-11-06 01:20 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-11-06 01:20 - 2016-11-06 01:20 - 00000000 ____D C:\Windows\InfusedApps
2016-11-06 01:19 - 2016-11-11 13:23 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-11-06 01:18 - 2016-11-06 01:18 - 00000000 ____D C:\Windows\Setup
2016-11-06 01:15 - 2016-11-06 01:15 - 00000000 ____D C:\Windows\OCR
2016-11-06 01:15 - 2016-11-06 01:15 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-06 01:15 - 2016-11-06 01:15 - 00000000 ____D C:\Program Files\MSBuild
2016-11-06 01:15 - 2016-11-06 01:15 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-06 01:15 - 2016-11-06 01:15 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\winrm
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\WCN
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\slmgr
2016-11-06 01:14 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-11-06 01:14 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-11-06 01:14 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\SysWOW64\0409
2016-11-06 01:14 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\system32\0409
2016-11-06 01:14 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\DigitalLocker
2016-11-06 01:10 - 2016-11-06 01:07 - 00215943 _____ C:\Windows\SysWOW64\dssec.dat
2016-11-06 01:10 - 2016-11-06 01:07 - 00209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-11-06 01:10 - 2016-11-06 01:07 - 00000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2016-11-06 01:09 - 2016-11-23 18:13 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-11-06 01:09 - 2016-11-23 15:51 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-06 01:09 - 2016-11-23 11:50 - 00000000 ____D C:\Windows\AppReadiness
2016-11-06 01:09 - 2016-11-23 07:10 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-06 01:09 - 2016-11-20 10:42 - 00000000 ____D C:\Windows\LiveKernelReports
2016-11-06 01:09 - 2016-11-12 14:13 - 00000000 ____D C:\Windows\rescache
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ____D C:\Windows\system32\oobe
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ____D C:\Windows\ShellExperiences
2016-11-06 01:09 - 2016-11-11 00:18 - 00000000 ____D C:\Windows\bcastdvr
2016-11-06 01:09 - 2016-11-07 18:32 - 00000000 ____D C:\Windows\system32\NDF
2016-11-06 01:09 - 2016-11-07 09:02 - 00000000 ____D C:\Windows\appcompat
2016-11-06 01:09 - 2016-11-06 19:06 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-06 01:09 - 2016-11-06 18:27 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-06 01:09 - 2016-11-06 18:25 - 00000000 ____D C:\Program Files\Common Files\System
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ___SD C:\Windows\system32\F12
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ___SD C:\Windows\system32\dsc
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\system32\setup
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\system32\Dism
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-06 01:09 - 2016-11-06 17:04 - 00000000 ____D C:\Windows\Provisioning
2016-11-06 01:09 - 2016-11-06 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-06 01:09 - 2016-11-06 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-06 01:09 - 2016-11-06 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-06 01:09 - 2016-11-06 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-06 01:09 - 2016-11-06 17:02 - 00015425 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-11-06 01:09 - 2016-11-06 13:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-11-06 01:09 - 2016-11-06 04:12 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-06 01:09 - 2016-11-06 04:12 - 00000000 ____D C:\Windows\Registration
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\spool
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\system32\MUI
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\IME
2016-11-06 01:09 - 2016-11-06 04:04 - 00000000 ____D C:\Windows\Help
2016-11-06 01:09 - 2016-11-06 03:51 - 00000000 ___RD C:\Windows\PrintDialog
2016-11-06 01:09 - 2016-11-06 03:51 - 00000000 ___RD C:\Windows\MiracastView
2016-11-06 01:09 - 2016-11-06 03:44 - 00000000 ____D C:\ProgramData\USOPrivate
2016-11-06 01:09 - 2016-11-06 01:21 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-11-06 01:09 - 2016-11-06 01:15 - 00000000 ____D C:\Windows\SystemApps
2016-11-06 01:09 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-11-06 01:09 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\system32\Com
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2016-11-06 01:09 - 2016-11-06 01:10 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 __RSD C:\Windows\Media
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ___SD C:\Windows\system32\Nui
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ___SD C:\Windows\system32\Configuration
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Web
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Vss
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\tracing
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\TAPI
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\SMI
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\NDF
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\Ipmi
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\FxsTmp
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SysWOW64\AppLocker
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SystemResources
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\WinMetadata
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\winevt
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\ras
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\ProximityToast
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\PointOfService
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\MsDtc
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\MailContactsCalendarSync
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\Ipmi
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\InputMethod
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\inetsrv
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\IME
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\icsxml
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\ias
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\downlevel
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\DDFs
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\config\Journal
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\Bthprops
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\AppLocker
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\System
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SKB
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\security
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\schemas
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\SchCache
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Resources
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\PLA
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Performance
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\ModemLogs
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\L2Schemas
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\InputMethod
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Globalization
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\GameBarPresenceWriter
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Cursors
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\Branding
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\addins
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\ProgramData\Comms
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files\Windows NT
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files\Common Files\Services
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-06 01:09 - 2016-11-06 01:09 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-06 01:09 - 2016-11-06 01:07 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-11-06 01:09 - 2016-11-06 01:07 - 00215943 _____ C:\Windows\system32\dssec.dat
2016-11-06 01:09 - 2016-11-06 01:07 - 00004096 _____ C:\Windows\system32\config\VSMIDK
2016-11-06 01:09 - 2016-11-06 01:07 - 00003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2016-11-06 01:09 - 2016-11-06 01:07 - 00000858 _____ C:\Windows\system32\DefaultQuestions.json
2016-11-06 01:09 - 2016-11-06 01:07 - 00000741 _____ C:\Windows\system32\NOISE.DAT
2016-11-06 01:08 - 2016-11-23 18:18 - 00000000 ____D C:\Windows\INF
2016-11-06 00:58 - 2016-11-10 21:33 - 00000000 ____D C:\Windows\CbsTemp
2016-11-06 00:52 - 2016-11-23 21:55 - 00786432 _____ C:\Windows\system32\config\BBI
2016-11-06 00:52 - 2016-11-23 18:13 - 00032768 _____ C:\Windows\system32\config\ELAM
2016-11-06 00:52 - 2016-11-06 01:14 - 00000000 ____D C:\Windows\servicing
2016-11-06 00:52 - 2016-11-06 01:09 - 00000000 ____D C:\Windows\system32\SMI
2016-11-05 20:40 - 2016-11-06 01:32 - 00000000 ___HD C:\$SysReset
2016-11-02 05:36 - 2016-11-02 05:36 - 01562432 _____ (HMS hxxp://hp.vector.co.jp/authors/VA012897/) C:\Windows\system32\vorbis.acm
2016-11-02 05:36 - 2016-11-02 05:36 - 01456448 _____ (HMS hxxp://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
2016-10-27 12:36 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2016-10-27 12:36 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-27 12:35 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2016-10-27 12:35 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2016-10-27 12:35 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-10-27 12:35 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-10-27 12:35 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-10-27 12:35 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-27 12:35 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2016-10-27 12:35 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-10-27 12:35 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2016-10-27 12:35 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stdole2.tlb
2016-10-27 12:35 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\mfksproxy.dll
2016-10-27 12:35 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfksproxy.dll
2016-10-27 12:35 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-10-27 12:35 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-10-27 12:35 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-10-27 12:35 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2016-10-27 12:35 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-10-27 12:35 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Flights.dll
2016-10-27 12:35 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2016-10-27 12:35 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2016-10-27 12:35 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-10-27 12:35 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-27 12:35 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-10-27 12:35 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2016-10-27 12:35 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-10-27 12:35 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-27 12:35 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-10-27 12:35 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Bluetooth.dll
2016-10-27 12:35 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-10-27 12:35 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-10-27 12:35 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-27 12:35 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2016-10-27 12:35 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-10-27 12:35 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2016-10-27 12:35 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2016-10-27 12:35 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 12:35 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-10-27 12:35 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-10-27 12:35 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 12:35 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.exe
2016-10-27 12:35 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\energy.dll
2016-10-27 12:35 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-10-27 12:35 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 12:35 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-10-27 12:35 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-10-27 12:35 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-10-27 12:35 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-10-27 12:35 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-10-27 12:35 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2016-10-27 12:35 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2016-10-27 12:35 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmifw.dll
2016-10-27 12:35 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-10-27 12:35 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-10-27 12:35 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2016-10-27 12:35 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\capimg.sys
2016-10-27 12:35 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-10-27 12:34 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-27 12:34 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-27 12:34 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-10-27 12:34 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-10-27 12:34 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-27 12:34 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-10-27 12:34 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-10-27 12:34 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-10-27 12:34 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-10-27 12:34 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-10-27 12:34 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-27 12:34 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-10-27 12:34 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-27 12:34 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-10-27 12:34 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-10-27 12:34 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2016-10-27 12:34 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-10-27 12:34 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2016-10-27 12:34 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-10-27 12:34 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-10-27 12:34 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-10-27 12:34 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-10-27 12:34 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-27 12:34 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-10-27 12:34 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2016-10-27 12:34 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2016-10-27 12:34 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-10-27 12:34 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-10-27 12:34 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-27 12:34 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-27 12:34 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-10-27 12:34 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2016-10-27 12:34 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2016-10-27 12:34 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2016-10-27 12:34 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe
2016-10-27 12:34 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esentutl.exe
2016-10-27 12:34 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFi.dll
2016-10-27 12:34 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-10-27 12:34 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-10-27 12:34 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2016-10-27 12:34 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-10-27 12:34 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll
2016-10-27 12:34 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2016-10-27 12:34 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2016-10-27 12:34 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-10-27 12:34 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2016-10-27 12:34 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2016-10-27 12:34 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-10-27 12:34 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2016-10-27 12:34 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2016-10-27 12:34 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2016-10-27 12:34 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-10-27 12:34 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2016-10-27 12:34 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-27 12:34 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-10-27 12:34 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-10-27 12:34 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-10-27 12:34 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2016-10-27 12:34 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-10-27 12:34 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-10-27 12:34 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-27 12:34 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2016-10-27 12:34 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-10-27 12:34 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-27 12:34 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-10-27 12:34 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-27 12:34 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-27 12:34 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-10-27 12:34 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-10-27 12:34 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-10-27 12:34 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-10-27 12:34 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2016-10-27 12:34 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-10-27 12:34 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-10-27 12:34 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2016-10-27 12:34 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2016-10-27 12:34 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-10-27 12:34 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-27 12:34 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-10-27 12:34 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-10-27 12:34 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\cmifw.dll
2016-10-27 12:34 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-10-27 12:34 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-10-27 12:34 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-10-27 12:34 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-10-27 12:34 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-27 12:34 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-10-27 12:34 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-10-27 12:34 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-27 12:33 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-10-27 12:33 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-10-27 12:33 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2016-10-27 12:33 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-10-27 12:33 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-10-27 12:33 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-27 12:33 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-10-27 12:33 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-27 12:33 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-10-27 12:33 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-10-27 12:33 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-27 12:33 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-10-27 12:33 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-27 12:33 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2016-10-27 12:33 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\stdole2.tlb
2016-10-27 12:33 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2016-10-27 12:33 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-10-27 12:33 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2016-10-27 12:33 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-10-27 12:33 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2016-10-27 12:33 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-10-27 12:33 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-10-27 12:33 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-10-27 12:33 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-10-27 12:33 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-27 12:33 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
2016-10-27 12:33 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-10-27 12:33 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2016-10-27 12:33 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-10-27 12:33 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-10-27 12:33 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-10-27 12:33 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-10-27 12:33 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-23 22:03 - 2015-08-18 03:36 - 01678208 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-23 18:17 - 2016-06-20 23:41 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-11-23 18:17 - 2016-06-02 22:39 - 00127896 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-11-23 15:54 - 2015-08-18 03:38 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-23 15:51 - 2015-07-10 06:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-23 08:30 - 2016-02-05 05:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-20 12:53 - 2016-02-05 05:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-11 23:25 - 2016-02-05 06:07 - 00000000 ____D C:\Program Files\DIFX
2016-11-11 23:23 - 2015-08-18 03:37 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-11 01:44 - 2016-02-05 05:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 18:51 - 2016-07-14 13:30 - 03934504 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-10 18:51 - 2016-07-14 13:30 - 03473880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-10 18:51 - 2016-07-14 13:30 - 00042296 _____ C:\Windows\system32\nvinfo.pb
2016-11-08 19:43 - 2016-02-05 05:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-06 18:27 - 2015-07-10 08:14 - 00000000 ____D C:\Windows\ShellNew
2016-11-06 18:25 - 2015-07-10 06:04 - 00000199 _____ C:\Windows\win.ini
2016-11-06 14:14 - 2016-02-05 06:12 - 00000000 ____D C:\ProgramData\McAfee
2016-11-06 14:13 - 2016-02-05 06:17 - 00000000 ____D C:\ProgramData\ASUS
2016-11-06 14:13 - 2015-08-18 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-06 14:12 - 2015-08-18 03:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-06 14:12 - 2015-08-18 03:37 - 00000000 ____D C:\ProgramData\WildTangent
2016-11-06 13:38 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2016-11-06 13:08 - 2016-02-05 05:37 - 00000000 ____D C:\ProgramData\Intel
2016-11-06 13:05 - 2015-08-18 03:34 - 00000000 ____D C:\Windows\Log
2016-11-06 04:12 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\Tasks_Migrated
2016-11-06 04:04 - 2016-02-05 05:58 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-06 04:04 - 2016-02-05 05:52 - 00000000 ____D C:\Windows\Cnxt
2016-11-06 04:04 - 2015-08-18 03:53 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-11-06 04:04 - 2015-07-10 06:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-11-06 04:04 - 2015-07-10 06:04 - 00000000 ___RD C:\Windows\DesktopTileResources
2016-11-06 04:00 - 2016-02-05 06:24 - 00000000 ___HD C:\uninstall
2016-11-06 04:00 - 2016-02-05 06:22 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-11-06 04:00 - 2016-02-05 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-11-06 04:00 - 2016-02-05 06:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2016-11-06 04:00 - 2016-02-05 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-11-06 04:00 - 2016-02-05 05:33 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-06 04:00 - 2015-08-18 03:37 - 00000000 ____D C:\ProgramData\WebStorage
2016-11-06 03:59 - 2016-02-05 06:22 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs
2016-11-06 03:59 - 2016-02-05 06:11 - 00000000 ____D C:\Program Files (x86)\ICEpower
2016-11-06 03:59 - 2016-02-05 06:03 - 00000000 ____D C:\ProgramData\Intel Corporation
2016-11-06 03:59 - 2016-02-05 06:03 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2016-11-06 03:59 - 2016-02-05 05:58 - 00000000 ____D C:\ProgramData\Intel.sav
2016-11-06 03:59 - 2016-02-05 05:58 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-06 03:59 - 2016-02-05 05:53 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-06 03:59 - 2015-08-18 03:37 - 00000000 ____D C:\ProgramData\ASUS WebStorage
2016-11-06 03:59 - 2015-08-18 03:37 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-11-06 03:59 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-11-06 03:58 - 2016-02-05 06:27 - 00000000 ____D C:\eSupport
2016-11-06 03:58 - 2016-02-05 06:02 - 00000000 ____D C:\Program Files\Intel Corporation
2016-11-06 03:58 - 2016-02-05 05:58 - 00000000 ____D C:\Program Files\Common Files\Intel

==================== Files in the root of some directories =======

2016-11-06 13:05 - 2016-11-23 21:56 - 0000165 _____ () C:\Users\Kadence\AppData\Roaming\sp_data.sys
2016-11-20 13:47 - 2016-11-20 13:51 - 0000081 _____ () C:\Users\Kadence\AppData\Local\FILM_AE_LogFile.txt
2016-11-20 23:09 - 2016-11-20 23:09 - 0000218 _____ () C:\Users\Kadence\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-23 08:11

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Kadence (23-11-2016 22:31:40)
Running from C:\Users\Kadence\Desktop\fix
Windows 10 Home Version 1607 (X64) (2016-11-06 18:02:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4061130887-767355613-478329729-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4061130887-767355613-478329729-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4061130887-767355613-478329729-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4061130887-767355613-478329729-501 - Limited - Disabled)
Kadence (S-1-5-21-4061130887-767355613-478329729-1001 - Administrator - Enabled) => C:\Users\Kadence

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioBox version 1.3 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.3 - PreSonus)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.85 - ICEpower a/s)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.55.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cepstral Allison 6.2.3 (HKLM\...\{022068D4-87D2-492D-ADB1-9BA447F513D5}) (Version: 6.2.3.801 - Cepstral LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.30.60 - Conexant)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version: - )
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.3.20 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.61.1 - Dropbox, Inc.) Hidden
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
FabFilter Total Bundle (HKLM-x32\...\FabFilter Total Bundle) (Version: 2016.02.02 - FabFilter)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlashPeak Slimjet (HKLM-x32\...\Slimjet) (Version: 12.0.6.0 - FlashPeak Inc.)
Flux Full Pack 2.2 (HKLM\...\Full Pack 2.2_is1) (Version: 3.5.25.44238 - Flux)
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.12) (Version: 1.5.12 - ASUS)
GameFirst IV (x32 Version: 1.5.12 - ASUS) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (x32 Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9A287643-10C5-4463-B9D1-B2404CE18CCF}) (Version: 17.1.1529.1620 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
iZotope Ozone 7 Advanced (HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Magic Bullet Suite v13.0.0 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 13.0.0 - Red Giant, LLC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments)
NVIDIA Graphics Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{D66028F5-4026-41ad-8E11-9324C83E24DF}) (Version: 3.1.2.1600 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 3.1.2.1600 - PACE Anti-Piracy, Inc.) Hidden
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.35 - ASUS)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.1 - ASUS)
Security Task Manager 2.1h (HKLM-x32\...\Security Task Manager) (Version: 2.1h - Neuber Software)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
Text to Speech Maker version 2.5 (HKLM-x32\...\Text to Speech Maker_is1) (Version: - )
The Sims™ 3 Кино Каталог (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
Twixtor v6 for After Effects and Premiere Pro (HKLM\...\Twixtor v6 for After Effects and Premiere Pro 6.2.6) (Version: 6.2.6 - RE:Vision Effects)
u-he Hive (HKLM-x32\...\u-he Hive) (Version: 1.1.0.3898 - u-he)
Universal Control (HKLM\...\Universal Control) (Version: 1.8.1.39355 - PreSonus Audio Electronics, Inc)
Update for Skype for Business 2016 (KB3115268) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5D633E34-0FA8-4C3F-8A16-D1A6C33C7015}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115268) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5D633E34-0FA8-4C3F-8A16-D1A6C33C7015}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115268) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{5D633E34-0FA8-4C3F-8A16-D1A6C33C7015}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Waves Central 1.2.1.5 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.2.1 - Waves, Inc.)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (06/18/2015 8.0.0.16) (HKLM\...\545B999BD5E2E239335F95C2AF9BED5D511CEC95) (Version: 06/18/2015 8.0.0.16 - ASUS)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (08/06/2015 8.0.0.19) (HKLM\...\149F37A1996406108DA0EB71D7EBC48895119059) (Version: 08/06/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 7.8.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XSplit Gamecaster (HKLM-x32\...\{0E12BEC0-F2EE-43FA-AEA0-24B5E9F80167}) (Version: 2.5.1507.3011 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03B942DB-FAD8-4BBC-B3B6-21113ABEA5E2} - \ATK Package A22126881260 -> No File <==== ATTENTION
Task: {06EA6836-6698-41D2-93D0-3FB57C44CD47} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
Task: {12BD2954-1C64-4FDF-9E9E-F115AC45700D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {1A1B9FE1-B969-4A7F-BC76-1C15849D2934} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-johnathon.patterson97@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {1CD86FD5-7687-49DB-AA23-E14A1C6B90AF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {23343450-5F24-4126-ACB4-FBCE09431456} - \ROG Gaming Center -> No File <==== ATTENTION
Task: {25CD8A08-C5E8-4D51-B1E4-0913D52EF365} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {2B4CED9B-B7B4-46AA-9ED2-887D529F8D29} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {3FF1C8AB-B247-46A7-B39C-F08709C0C340} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {43661564-6FF5-4F1A-99E1-F29BA7A00DDB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4955193E-6CDD-41EC-81FA-B2C097BBAFA8} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {508CC714-4125-40C3-A570-6D110F80AF52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {5DCD21EE-F10C-4D11-930B-C6D6E6CC2253} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {65EC842C-BF78-4B87-AB64-FB998611EE91} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - \DropboxOEM -> No File <==== ATTENTION
Task: {6FB62EEC-B0E3-4C58-9FC6-8E2AE189D6AF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {7830106E-EC5F-44F4-9215-6D18A2D70D99} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {86A115A1-4329-4508-ABAB-A3445622C493} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {8F8FF97D-87A7-4942-B7C9-FF5338660692} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {9F62021F-5E58-4B85-9FEA-28901828A395} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {B2484FC4-EA6F-4B2E-B790-43619B90B3B3} - \ASUS Splendid ACMON -> No File <==== ATTENTION
Task: {B27F872E-2320-47DA-BC82-F832EE24F7D2} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {BB146202-FEBF-4BE9-B40C-DCE5FEB265E1} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-11-06] ()
Task: {D5AC1847-4F65-4383-87E0-EE9ADE5D665D} - \ATK Package 36D18D69AFC3 -> No File <==== ATTENTION
Task: {D890CF7D-6DF1-4F3D-934C-1214E7EEE6C9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {EE4CF441-AA0B-42DF-AAE6-BFE00EC463B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Kadence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camel Audio\Alchemy\Camel Audio Website.lnk -> hxxp://www.camelaudio.com/

ShortcutWithArgument: C:\Users\Kadence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk -> C:\Program Files (x86)\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-29 13:23 - 2016-09-15 12:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-06 03:50 - 2016-11-10 17:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-06 14:50 - 2016-11-06 14:50 - 07711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-09-29 13:23 - 2016-09-15 12:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-11-08 11:07 - 2016-11-08 11:07 - 01864384 _____ () C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-16 13:13 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 20:22 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-28 00:27 - 2016-07-28 00:27 - 00402520 _____ () C:\Windows\system32\igfxTray.exe
2016-11-08 20:22 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 20:22 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 20:22 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 20:22 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 20:22 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 11:33 - 2016-11-17 11:34 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 11:33 - 2016-11-17 11:34 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 11:33 - 2016-11-17 11:34 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-22 17:59 - 2014-07-16 16:54 - 07593984 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-08-31 16:31 - 2016-08-31 16:31 - 03551744 _____ () C:\Program Files\PreSonus\Universal Control\ipp.dll
2016-06-03 04:44 - 2016-06-03 04:44 - 17484800 _____ () C:\Program Files\PreSonus\Universal Control\SmaartFactory_Win32.dll
2016-06-03 04:44 - 2016-06-03 04:44 - 00238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\Studio192\PaeStudio192api.dll
2016-06-03 04:44 - 2016-06-03 04:44 - 00238008 _____ () C:\Program Files\PreSonus\Universal Control\Drivers\StudioLiveAR\PaeStudioLiveARapi.dll
2016-11-22 17:59 - 2014-04-16 11:22 - 00192512 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-11-23 21:56 - 2016-11-23 21:56 - 00012800 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00009728 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00014848 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00094208 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\src\rgloader\rgloader193.mswin.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00009216 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00094208 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00126976 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00087552 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00016384 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00127316 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\bin\libffi-6.dll
2016-11-23 21:56 - 2016-11-23 21:56 - 00008704 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00013312 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00095744 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-11-23 21:56 - 2016-11-23 21:56 - 00026624 _____ () C:\Users\Kadence\AppData\Local\Temp\ocrA4FA.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-11-07 15:14 - 2016-10-28 18:50 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-23 15:53 - 2016-10-28 18:50 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-11-23 15:53 - 2016-10-28 18:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-11-23 15:53 - 2016-10-28 18:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-07 15:14 - 2016-10-28 18:50 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-07 15:14 - 2016-10-28 18:50 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-11-07 15:14 - 2016-10-28 18:50 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-07 15:14 - 2016-10-28 18:51 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-11-23 15:53 - 2016-10-28 18:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-11-23 15:53 - 2016-10-28 18:53 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-07 15:14 - 2016-10-28 18:52 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-23 15:53 - 2016-10-28 18:49 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-11-23 15:53 - 2016-11-22 20:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-11-23 15:53 - 2016-11-22 20:11 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-11-23 15:53 - 2016-11-22 20:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-23 15:53 - 2016-11-22 20:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-07 15:14 - 2016-10-28 18:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-23 15:53 - 2016-10-28 18:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-11-23 15:53 - 2016-10-28 18:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-11-23 15:53 - 2016-11-22 20:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-07 15:14 - 2016-10-28 18:53 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-11-07 15:14 - 2016-11-22 20:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-11-07 15:14 - 2016-11-22 20:27 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-23 15:53 - 2016-11-22 20:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-11-06 15:31 - 2016-10-08 16:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-11-06 15:31 - 2016-07-21 10:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-11-08 11:07 - 2016-11-08 11:07 - 01383616 _____ () C:\Users\Kadence\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-06-14 06:25 - 2016-06-14 06:25 - 08911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-06 13:26 - 2016-11-22 00:47 - 01797632 _____ () C:\Program Files (x86)\Slimjet\libglesv2.dll
2016-11-06 13:26 - 2016-11-22 00:47 - 00079360 _____ () C:\Program Files (x86)\Slimjet\libegl.dll
2016-11-23 21:57 - 2016-11-23 21:57 - 00012800 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00009728 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00014848 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00094208 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\src\rgloader\rgloader193.mswin.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00094208 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00118784 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00069120 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00083968 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\bin\zlib1.dll
2016-11-23 21:57 - 2016-11-23 21:57 - 00026624 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00275968 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00015360 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00008192 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00009216 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00023552 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00008704 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00008704 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00008704 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00008704 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00036352 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00126976 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00087552 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00016384 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00127316 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\bin\libffi-6.dll
2016-11-23 21:57 - 2016-11-23 21:57 - 00013312 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00095744 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-11-23 21:57 - 2016-11-23 21:57 - 00026624 _____ () C:\Users\Kadence\AppData\Local\Temp\ocr3311.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-11-06 14:50 - 2016-11-06 14:50 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2015-07-22 03:18 - 2015-07-22 03:18 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-06 14:50 - 2016-11-06 14:50 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-11-08 13:09 - 2016-11-08 13:09 - 17772736 _____ () C:\Users\Kadence\AppData\Local\Slimjet\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kadence\Desktop\Screenshot 2016-11-23 14.42.56.png:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2016-11-13 12:50 - 00001058 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 license.piriform.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4061130887-767355613-478329729-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kadence\Desktop\E3fYGb4.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: lfsvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{379BDE5E-6112-4D73-AE5A-401853F25448}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{1487AC65-BA99-4280-9811-3112F994CF49}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{523169FC-FD98-4DCD-8B50-0A80E3EAC343}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{2A0DADA5-557B-43E9-A23F-6659B91ACA45}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{FD93D4CC-03EA-45A9-941F-8591D0A6C6E6}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{9B62C6A4-1360-4376-8A77-8F312BCB9EA9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{615DF932-0D5E-4A59-AB42-02DDE477FABE}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [UDP Query User{D3FA9A63-DBCB-4619-AA54-24F4DB8DAF99}C:\program files\presonus\universal control\universal control.exe] => (Allow) C:\program files\presonus\universal control\universal control.exe
FirewallRules: [TCP Query User{C174328A-8E11-41F7-8242-3BDE7D742AD4}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{99B2C7A0-5423-48F2-B367-60646F1ABF14}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{0B25295F-D655-4566-A87C-54207282C1D8}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A1CA17E1-AE18-49B4-B7CD-8643DE1F3B8D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{13630DB7-8FD8-45C4-94AA-6AA029E34FEC}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{66F86D91-04EB-4A43-8610-5435F400D02E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{611DF003-A6F1-486D-8224-F1A25B7F228C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD7349A0-9BDA-4FD0-9E46-5811652D3A2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65552AF8-4B9D-4AA0-8263-48F19B59E0BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61D4D1D5-E11E-4BF2-9E45-0ECC9FACD320}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7CA3AEF0-AC56-4290-B77B-728290BBBF8C}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{BAAC68CB-0038-454D-BC37-D625E03ACED9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{3599EA9F-4662-4077-80BD-1CB99D368F26}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{2FEDFEBF-3240-47E6-AF11-2DA7AB517838}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [UDP Query User{D5424493-FF5D-4AA4-B99E-9E3DFCC935DA}C:\program files (x86)\slimjet\slimjet.exe] => (Allow) C:\program files (x86)\slimjet\slimjet.exe
FirewallRules: [{343BAA04-2B52-4D8B-9353-6F9D42EA5D41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{347CFD67-D1B1-4483-9A58-F3DC02795CBF}] => (Block) %ProgramFiles% (x86)\Red Giant Link\Red Giant Link.exe
FirewallRules: [{CB08EF86-FBD8-42C1-91CD-82475110A0DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

16-11-2016 20:25:55 Scheduled Checkpoint
17-11-2016 23:51:23 Installed Cepstral Allison 6.2.3
20-11-2016 12:59:34 Revo Uninstaller Pro's restore point - Twixtor v6 for After Effects and Premiere Pro
23-11-2016 12:58:17 JRT Pre-Junkware Removal
23-11-2016 13:06:10 JRT Pre-Junkware Removal
23-11-2016 13:24:54 JRT Pre-Junkware Removal
23-11-2016 15:13:17 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2016 09:57:26 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (11/23/2016 09:56:13 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/23/2016 09:53:44 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (11/23/2016 09:52:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/23/2016 09:43:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3502860

Error: (11/23/2016 09:43:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3502860

Error: (11/23/2016 09:43:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2016 09:43:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3501516

Error: (11/23/2016 09:43:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3501516

Error: (11/23/2016 09:43:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/23/2016 09:56:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 09:56:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 09:56:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 09:55:49 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (11/23/2016 09:55:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/23/2016 09:55:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/23/2016 09:55:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (11/23/2016 09:55:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M0IAP3C)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (11/23/2016 09:55:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M0IAP3C)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (11/23/2016 09:55:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-11-23 17:34:11.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 17:34:11.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 16:36:00.131
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-23 16:33:34.313
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 16:33:34.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 14:51:06.834
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_1690e1309a521ecf\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 14:51:06.619
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 14:47:44.617
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-23 12:00:53.898
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 12:00:53.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 26%
Total physical RAM: 16282.52 MB
Available physical RAM: 11943.53 MB
Total Virtual: 18714.52 MB
Available Virtual: 13498.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.75 GB) (Free:780.7 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 28E314CD)

Partition: GPT.

==================== End of Addition.txt ============================
 

Attachments

Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.
 
Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type KMS-R@1n.exe into to search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.


ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
 
Malnutrition said:
Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.
Click to expand...


Here's the log. I'm running the other suggested tools now...

Zemana AntiMalware 2.60.2.1 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016-11-23
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 127E8B8E3272164F82A836
Scan Type : Custom Scan
Duration : 48m 7s
Scanned Objects : 372554
Detected Objects : 22
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

NFC_Driver.sys
Status : Scanned
Object : %systemroot%\system32\drivers\nfc_driver.sys
MD5 : 14297AC0C63F0C5F7DE77018856C71E7
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 53440
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\system32\drivers\nfc_driver.sys

nfapi.dll
Status : Scanned
Object : %programfiles%\asus\gamefirst iv\nfapi.dll
MD5 : D8305B5C2810E2E135F87BB32D62810E
Publisher : -
Size : 118784
Version : -
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\asus\gamefirst iv\nfapi.dll

netfilter2.sys
Status : Scanned
Object : %programfiles%\asus\gamefirst iv\driver\wfp\i386\netfilter2.sys
MD5 : CCC2471F5269B612A0D1349E7DFE437B
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 44224
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\asus\gamefirst iv\driver\wfp\i386\netfilter2.sys

netfilter2.sys
Status : Scanned
Object : %programfiles%\asus\gamefirst iv\driver\tdi\i386\netfilter2.sys
MD5 : CCC2471F5269B612A0D1349E7DFE437B
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 44224
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\asus\gamefirst iv\driver\tdi\i386\netfilter2.sys

netfilter2.sys
Status : Scanned
Object : %programfiles%\asus\gamefirst iv\driver\wfp\amd64\netfilter2.sys
MD5 : C2F01E084DD48741F1BD5F023881C95A
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 51904
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\asus\gamefirst iv\driver\wfp\amd64\netfilter2.sys

netfilter2.sys
Status : Scanned
Object : %programfiles%\asus\gamefirst iv\driver\tdi\amd64\netfilter2.sys
MD5 : C2F01E084DD48741F1BD5F023881C95A
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 51904
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\asus\gamefirst iv\driver\tdi\amd64\netfilter2.sys

Tremolator.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\tremolator.dll
MD5 : 704AB5B650D44019F81E040B77A18A13
Publisher : -
Size : 10608128
Version : 5.0.1.10839
Detection : Malware:Win64/Looper.A!Tlae
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\tremolator.dll

Radiator.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\radiator.dll
MD5 : 3CF692BFAD8F41F2DB5F3BE67F670F8E
Publisher : -
Size : 14149120
Version : 5.0.1.10839
Detection : Heur.Malicious!Pd
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\radiator.dll

PhaseMistress.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\phasemistress.dll
MD5 : 83043707F7930A86F965F4FFD0781E35
Publisher : -
Size : 10784768
Version : 5.0.1.10839
Detection : Malware:Win64/Looper.A!Rkke
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\phasemistress.dll

PanMan.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\panman.dll
MD5 : B270400463C55719A5D5542CDBF25616
Publisher : -
Size : 11187200
Version : 5.0.1.10839
Detection : Malware:Win64/Looper.A!Trte
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\panman.dll

MicroShift.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\microshift.dll
MD5 : 32D733BC34EB99C7B22C77D9E15600B6
Publisher : -
Size : 15406592
Version : 5.0.1.10839
Detection : Heur.Malicious!Pd
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\microshift.dll

LittleRadiator.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\littleradiator.dll
MD5 : 15C436B6AD5779BB94CFD320D4A9BC8B
Publisher : -
Size : 10404352
Version : 5.0.1.10839
Detection : Malware:Win64/Qardaq.A!Rrie
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\littleradiator.dll

LittleAlterBoy.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\littlealterboy.dll
MD5 : AE966CB150CC0C74FBBCF0AA42A06339
Publisher : -
Size : 14167552
Version : 5.0.1.10839
Detection : Heur.Malicious!Pd
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\littlealterboy.dll

FilterFreak2.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\filterfreak2.dll
MD5 : BA61D60FF2FE288F2C49F05E9C426FD8
Publisher : -
Size : 11221504
Version : 5.0.1.10839
Detection : Malware:Win64/Imprezz.A!Elrl
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\filterfreak2.dll

FilterFreak1.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\filterfreak1.dll
MD5 : 8B4FF06261CF0593F6978C2F8D142130
Publisher : -
Size : 10812416
Version : 5.0.1.10839
Detection : Malware:Win64/Looper.A!Eeia
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\filterfreak1.dll

EchoBoy.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\echoboy.dll
MD5 : 9BB97994F5F0C97036B6EDB35FE4014C
Publisher : -
Size : 11402752
Version : 5.0.1.10839
Detection : Malware:Win64/Imprezz.A!Rerr
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\echoboy.dll

DevilLoc.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\devilloc.dll
MD5 : DBE812E64C42D30FA0C49B94AEB07084
Publisher : -
Size : 10042368
Version : 5.0.1.10839
Detection : Malware:Win64/Qardaq.A!Reem
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\devilloc.dll

DevilLocDeluxe.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\devillocdeluxe.dll
MD5 : EB1EF7346991C303B34E78B08FF10243
Publisher : -
Size : 10592768
Version : 5.0.1.10839
Detection : Malware:Win64/Fortif.A!Trar
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\devillocdeluxe.dll

Crystallizer.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\crystallizer.dll
MD5 : 9178BCC9462B7B4B46783EB97AE9C9D2
Publisher : -
Size : 11645440
Version : 5.0.1.10839
Detection : Malware:Win64/Thracia.A!Ermr
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\crystallizer.dll

Decapitator.dll
Status : Scanned
Object : %programw6432%\steinberg\vstplugins\soundtoys\decapitator.dll
MD5 : FC7CAF1CD1BDB69BE8FF8C5A299142AC
Publisher : -
Size : 16053248
Version : 5.0.1.10839
Detection : Heur.Malicious!Pd
Cleaning Action : Quarantine
Related Objects :
File - %programw6432%\steinberg\vstplugins\soundtoys\decapitator.dll

umbjbgvelxexswpspkunzfcvrmtsphoc.back
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\umbjbgvelxexswpspkunzfcvrmtsphoc.back
MD5 : C2F01E084DD48741F1BD5F023881C95A
Publisher : TITAN ARC CORP. TAIWAN BRANCH (SAMOA)
Size : 51904
Version : 1.4.5.9
Detection : Adware:Win32/BulkHeur2.2d6b5c!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\umbjbgvelxexswpspkunzfcvrmtsphoc.back

KMS-R@1n.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\windows\kms-r@1n.exe.xbad
MD5 : 0F9FD9565E6EB157FA9BE11ED9C1DC9F
Publisher : -
Size : 26112
Version : -
Detection : PUA:Win32/HackTool.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\windows\kms-r@1n.exe.xbad

棔ͮ棼ͮ�͢椤ͮ楌ͮͤ楴ͮ榜ͮ槄ͮ�͢�͢ͤ셬ͱͫͤͤͮͤ槬ͮͤͤ�͢︜ͬ솴ͱͫ�͢樔ͮ튼ͬ틼ͬ팼ͬ쇼ͱͫͫ퍼ͬ펼ͬͤͤ∌Ͳ쉄ͱ樼ͮͤͤͤͤ橤ͮ檌ͮͫͫ�͢�͢�͢檴ͮ听ͫ폼ͬ�͢ͮͤ�͢ͫ櫜ͮ欄ͮͫ퐼ͬͤ欬ͮͤ�͢�͢ͤͫ奈ͫ�͢�͢�͢�͢ͤ�͢ͤ�͢ͤ歔ͮ歼ͮ籠ͫͤͤͤ殤ͮ毌ͮ�͢�͢�͢�͢毴ͮ�͢�͢氜ͮ�͢良ͫ領ͫ汄ͮ汬ͮ沔ͮ沼ͮ�͢푼ͬ泤ͮ洌ͮ�͢洴ͮ�͢�͢浜ͮͤ�͢涄ͮͮ涬ͮ淔ͮ淼ͮ渤ͮͤ湌ͮ湴ͮ溺ͫ﨤ͫͤͤͤͤͤͤͤͤͤͤͤͤͤͤͤͤ溜ͮͤͮͤͤ滄ͮ滬ͮ
 
I ran the search and ZHPCleaner respectively, here are their results.


C:\FRST\Quarantine\C\Windows\KMS-R@1n.exe.xBAD


~ ZHPCleaner v2016.11.23.200 by Nicolas Coolman (2016/11/23)
~ Run by Kadence (Administrator) (23/11/2016 23:41:53)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Kadence\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Kadence\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (28)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (19)
MOVED file: C:\Windows\prefetch\KMS-R@1NHOOK.EXE-572109D9.pf =>HackTool.AutoKMS
MOVED file: C:\Windows\Installer\wix{7D84E343-A23D-451C-B123-0195B2D903A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Windows\Installer\MSI1157.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI40D7.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI4A62.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI506F.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI51C8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5311.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI544B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5576.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5681.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI632D.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI875D.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIB48E.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIE96.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIEED5.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIF128.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Summary of the elements found (3)
https://www.anti-malware.top/2016/05/04/hacktool-autokms/ =>HackTool.AutoKMS
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime


---\\ Other deletions. (19)
~ Registry Keys Tracing deleted (19)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 546
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 19


~ End of clean in 00h00mn08s
~====================
ZHPCleaner-[R]-23112016-23_42_01.txt
ZHPCleaner--23112016-23_41_04.txt
 
I am working on a FRST fix for your machine, but it looks like the tools have gotten the issue. Can you confirm?
 
It would appear as if the problem is solved, however I searched for "R@1n" in the EverywhereSearch and got some results.

C:\FRST\Quarantine\C\Windows\System32\Tasks\R@1n-KMS
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_fwclw0tgpndfthm1i44rt0terirw2mb4
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_nk0qrlcvhgpzjd34en22smkud20ti05c
C:\Users\Kadence\AppData\Roaming\ZHP\Quarantine\KMS-R@1NHOOK.EXE-572109D9.pf

I should mention; before writing this post I received a fix for FRST from another forum. That one is the reason for the .exe being in the FRST quarantine. But, does that mean that the threat has been removed?
 
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Kadence (24-11-2016 00:15:46) Run:3
Running from C:\Users\Kadence\Desktop\fix
Loaded Profiles: Kadence (Available Profiles: defaultuser0 & Kadence)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\MountPoints2: E - "E:\setup.exe"
HKU\S-1-5-21-4061130887-767355613-478329729-1001\...\MountPoints2: F - "F:\Autorun.exe"
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_fwclw0tgpndfthm1i44rt0terirw2mb4
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_nk0qrlcvhgpzjd34en22smkud20ti05c
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b5eb688e-0b01-4f96-b086-c6126b0ae269}: [DhcpNameServer] 192.168.168.1
Tcpip\..\Interfaces\{d244dffb-258b-46c7-9ec4-b4af66fa4f28}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{e06735e6-51ae-4e90-8ad9-ebe6563411ca}: [DhcpNameServer] 192.168.0.1
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
GroupPolicy: Restriction <======= ATTENTION
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2016-11-23 16:33 - 2016-11-23 16:33 - 00001229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00001206 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2016-11-20 16:11 - 2016-11-22 14:24 - 00000000 ____D C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64
2016-11-20 16:10 - 2016-11-20 16:10 - 00004337 _____ C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64 [IPT].torrent
2016-11-06 16:52 - 2016-11-06 16:52 - 00000000 __HDC C:\ProgramData\{1C1EDD4B-9BC5-4A46-93AF-0D31E608815E}
2016-11-06 13:08 - 2016-11-08 11:12 - 00003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-06 03:50 - 2016-11-06 03:50 - 00000568 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-11-06 13:05 - 2016-11-23 21:56 - 0000165 _____ () C:\Users\Kadence\AppData\Roaming\sp_data.sys
2016-11-20 13:47 - 2016-11-20 13:51 - 0000081 _____ () C:\Users\Kadence\AppData\Local\FILM_AE_LogFile.txt
2016-11-20 23:09 - 2016-11-20 23:09 - 0000218 _____ () C:\Users\Kadence\AppData\Local\recently-used.xbel
Task: {03B942DB-FAD8-4BBC-B3B6-21113ABEA5E2} - \ATK Package A22126881260 -> No File <==== ATTENTION
Task: {06EA6836-6698-41D2-93D0-3FB57C44CD47} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
Task: {23343450-5F24-4126-ACB4-FBCE09431456} - \ROG Gaming Center -> No File <==== ATTENTION
Task: {4955193E-6CDD-41EC-81FA-B2C097BBAFA8} - \ASUS USB Charger Plus -> No File <==== ATTENTION
Task: {65EC842C-BF78-4B87-AB64-FB998611EE91} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - \DropboxOEM -> No File <==== ATTENTION
Task: {6FB62EEC-B0E3-4C58-9FC6-8E2AE189D6AF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {7830106E-EC5F-44F4-9215-6D18A2D70D99} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {8F8FF97D-87A7-4942-B7C9-FF5338660692} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {D5AC1847-4F65-4383-87E0-EE9ADE5D665D} - \ATK Package 36D18D69AFC3 -> No File <==== ATTENTION
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Kadence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk -> C:\Program Files (x86)\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default
AlternateDataStreams: C:\Users\Kadence\Desktop\Screenshot 2016-11-23 14.42.56.png:com.dropbox.attributes [168]
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
CMD: ipconfig /flushdns
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4061130887-767355613-478329729-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-4061130887-767355613-478329729-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_fwclw0tgpndfthm1i44rt0terirw2mb4 => moved successfully
C:\Users\Kadence\AppData\Local\mpress\Re-LoaderByR@1n.exe_Url_nk0qrlcvhgpzjd34en22smkud20ti05c => moved successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b5eb688e-0b01-4f96-b086-c6126b0ae269}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d244dffb-258b-46c7-9ec4-b4af66fa4f28}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e06735e6-51ae-4e90-8ad9-ebe6563411ca}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
ibtsiva => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk => moved successfully
C:\Users\Public\Desktop\Security Task Manager.lnk => moved successfully
C:\Program Files (x86)\Security Task Manager => moved successfully
C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64 => moved successfully
C:\Users\Kadence\Downloads\NOD 32 9.0.375.x64 [IPT].torrent => moved successfully
C:\ProgramData\{1C1EDD4B-9BC5-4A46-93AF-0D31E608815E} => moved successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat => moved successfully
C:\Users\Kadence\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Kadence\AppData\Local\FILM_AE_LogFile.txt => moved successfully
C:\Users\Kadence\AppData\Local\recently-used.xbel => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03B942DB-FAD8-4BBC-B3B6-21113ABEA5E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03B942DB-FAD8-4BBC-B3B6-21113ABEA5E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ATK Package A22126881260" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06EA6836-6698-41D2-93D0-3FB57C44CD47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06EA6836-6698-41D2-93D0-3FB57C44CD47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23343450-5F24-4126-ACB4-FBCE09431456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23343450-5F24-4126-ACB4-FBCE09431456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROG Gaming Center" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4955193E-6CDD-41EC-81FA-B2C097BBAFA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4955193E-6CDD-41EC-81FA-B2C097BBAFA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65EC842C-BF78-4B87-AB64-FB998611EE91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65EC842C-BF78-4B87-AB64-FB998611EE91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{674DE2B8-3DF6-40FC-A861-233598B0BF9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{674DE2B8-3DF6-40FC-A861-233598B0BF9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxOEM" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FB62EEC-B0E3-4C58-9FC6-8E2AE189D6AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FB62EEC-B0E3-4C58-9FC6-8E2AE189D6AF}" => key removed successfully
C:\Windows\System32\Tasks\ASUS Live Update1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7830106E-EC5F-44F4-9215-6D18A2D70D99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7830106E-EC5F-44F4-9215-6D18A2D70D99}" => key removed successfully
C:\Windows\System32\Tasks\ASUS Live Update2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F8FF97D-87A7-4942-B7C9-FF5338660692}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F8FF97D-87A7-4942-B7C9-FF5338660692}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\Intel Telemetry 2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5AC1847-4F65-4383-87E0-EE9ADE5D665D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5AC1847-4F65-4383-87E0-EE9ADE5D665D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ATK Package 36D18D69AFC3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3743588-7A16-4C43-8C71-1C01151FD07B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3743588-7A16-4C43-8C71-1C01151FD07B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6010D43-6AE7-4B59-8E67-EC78FD8E8E96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => key removed successfully
C:\Users\Kadence\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk => Shortcut argument removed successfully.
C:\Users\Kadence\Desktop\Screenshot 2016-11-23 14.42.56.png => ":com.dropbox.attributes" ADS removed successfully.
"HKU\S-1-5-21-4061130887-767355613-478329729-1001\Software\Classes\regfile" => key removed successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state off =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15069743 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 483973 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
defaultuser0 => 0 B
Kadence => 16241931 B
UpdatusUser => 0 B

RecycleBin => 244146 B
EmptyTemp: => 30.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:16:01 ====
 
Alright, I would update all of the software on your machine with Patch My PC
https://patchmypc.net/download
Then give me a Security Check log, and tell me what issues you have on your computer.... Or would you consider this issue resolved?


Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 24.11.2016 00:32:29
Path starting: C:\Users\Kadence\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Kadence
VersionXML: 3.53is-23.11.2016
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 06.11.2016 18:02:33
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProPlusVL_KMS_Client edition Volume activation will expire : 258598 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Slimjet\slimjet.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.8 Gb] Used: [148.9 Gb] Free: [781.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.447.14393.0
User Account Control enabled

Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2016 x64 v.16.0.4266.1001
---------------------------- [ Antivirus_WMI ] ----------------------------
Kaspersky Internet Security (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Kaspersky Internet Security (enabled)
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Kaspersky Internet Security (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Kaspersky Internet Security v.17.0.0.611
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.60.1
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
VLC media player v.2.2.4
--------------------------------- [ P2P ] ---------------------------------
Deluge 1.3.13 Warning! P2P-client.
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.1.0.4880 Warning! Download Update
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
FlashPeak Slimjet v.12.0.6.0
------------------ [ AntivirusFirewallProcessServices ] -------------------
Kaspersky Anti-Virus Service 17.0.0 (AVP17.0.0) - The service is running
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe v.17.0.0.611
klvssbrigde64 (klvssbrigde64) - The service has stopped
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe v.17.0.0.643
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.173.0
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------


If there are no other issues you can see, we can mark this resolved. Thank you very much by the way!
 
  • Like
Reactions: jmarket and Malnutrition
Johnathon Patterson said:
If there are no other issues you can see, we can mark this resolved. Thank you very much by the way!
Click to expand...

Glad to have helped!! Please tell a friend ...... or two about us.
smile.png


Optimize your internet connection.

Click here for instructions.


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.


Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.


Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore



Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
Last edited:
Status
Not open for further replies.
Top Bottom