Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

W7 and Firefox Trojan JS:Hide-me

Started by kevsim , Jan 05 2016 04:25 AM

Please log in to reply

#1
kevsim

Posted 05 January 2016 - 04:25 AM

New Member

Member
5 posts

I have been infected with Trojan JS:Hide-me.

I am running Firefox 43.03.0 on a Windows 7 computer.

I would appreciate some help in eliminating this pest.

kevsim

#2
RKinner

Posted 05 January 2016 - 09:19 AM

Malware Expert

Expert
24,624 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

click on the Addition.txt box.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
kevsim

Posted 05 January 2016 - 01:52 PM

New Member

Topic Starter
Member
5 posts

I tried running ADWcleaner but it did not find anything.

I tried again after your post, same thing.

See attached report.

I would appreciate further assistance.

kevsim

Attached Files

AdwCleanerS12.txt 676bytes 207 downloads

#4
kevsim

Posted 05 January 2016 - 02:21 PM

New Member

Topic Starter
Member
5 posts

Find JRT.txt file attached.

kevsim

Attached Files

JRT.txt 1.37KB 203 downloads

#5
RKinner

Posted 05 January 2016 - 02:29 PM

Malware Expert

Expert
24,624 posts

FRST logs?

#6
kevsim

Posted 05 January 2016 - 02:34 PM

New Member

Topic Starter
Member
5 posts

Find log files attached.

kevsim

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015

Ran by Owner (administrator) on OWNER-PC (06-01-2016 06:25:26)

Running from C:\Users\Owner\Desktop

Loaded Profiles: Owner (Available Profiles: Owner)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe

() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe

(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

() C:\Windows\System32\igfxTray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9174400 2015-12-29] (Emsisoft Ltd)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\MountPoints2: {14122047-2cc1-11e4-a924-806e6f6e6963} - D:\Bin\ASSETUP.exe

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\MountPoints2: {64d7484b-2cc4-11e4-b3f2-806e6f6e6963} - notepad SeaToolsDOSguide.EN.txt

HKU\S-1-5-18\...\Run: [] => 0

HKU\S-1-5-18\...\Run: [CustomwizKodi] => C:\Program Files (x86)\Customwiz For Kodi\Customwiz For Kodi\CustomwizKodi.exe [567808 2015-09-29] (Customwiz For Kodi)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-05] (AVAST Software)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk [2015-10-22]

ShortcutTarget: MailWasher.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe (Firetrust)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{224B95F3-1B0E-4840-BA00-57A57C2A2E59}: [DhcpNameServer] 10.0.0.138

Internet Explorer:

==================

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-au

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.news.com.au/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-26] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)

BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-26] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Bing

FF Homepage: hxxp://www.news.com.au/

FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-21] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\searchplugins\bing-.xml [2015-11-21]

FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\searchplugins\s-amazon-bymp.xml [2015-08-21]

FF Extension: Radio Online.FM - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\[email protected] [2015-08-21]

FF Extension: Media Stealer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\[email protected] [2015-10-20]

FF Extension: Flash and Video Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-23]

FF Extension: Bing Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\[email protected] [2016-01-06] [not signed]

FF Extension: Bing Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\[email protected] [2015-11-21]

FF Extension: Firebug - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\[email protected] [2015-10-24]

FF Extension: Gmail Notifier (restartless) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\[email protected] [2015-10-03]

FF Extension: Media Sniffer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\[email protected] [2015-08-19]

FF Extension: Video DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-18]

FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-21]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]

Chrome:

=======

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]

CHR HKU\S-1-5-21-103068557-1708720007-3558950971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-26]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-26]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10830816 2015-12-29] (Emsisoft Ltd)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-05] (AVAST Software)

R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]

R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]

R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ==========================

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-06 06:25 - 2016-01-06 06:25 - 00019630 _____ C:\Users\Owner\Desktop\FRST.txt

2016-01-06 06:25 - 2016-01-06 06:25 - 00000000 ____D C:\FRST

2016-01-06 06:24 - 2016-01-06 06:24 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2016-01-06 06:04 - 2016-01-06 06:04 - 00001401 _____ C:\Users\Owner\Desktop\Junkware Removal Report.txt

2016-01-06 06:03 - 2016-01-06 06:03 - 00001401 _____ C:\Users\Owner\Desktop\JRT.txt

2016-01-06 05:50 - 2016-01-06 05:50 - 00000676 _____ C:\Users\Owner\Desktop\AdwCleaner[S12].txt

2016-01-05 19:55 - 2016-01-05 19:55 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-01-05 19:54 - 2016-01-05 19:54 - 01134936 _____ (Download Assistant) C:\Users\Owner\Downloads\firefox_setup.exe

2016-01-05 18:50 - 2016-01-06 06:07 - 00012288 _____ C:\Windows\system32\umstartup.etl

2016-01-05 18:50 - 2016-01-06 06:05 - 00027648 _____ C:\Windows\system32\umstartup000.etl

2016-01-05 15:16 - 2016-01-05 15:16 - 00000000 ____D C:\ProgramData\Emsisoft

2016-01-05 15:12 - 2016-01-05 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2016-01-05 15:11 - 2016-01-06 06:11 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware

2016-01-05 15:04 - 2016-01-05 15:11 - 207240200 _____ (Emsisoft Ltd. ) C:\Users\Owner\Downloads\EmsisoftAntiMalwareSetup.exe

2016-01-05 14:00 - 2016-01-05 14:00 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-01-05 13:58 - 2016-01-05 13:59 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe

2016-01-05 12:39 - 2016-01-05 12:39 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-01-05 12:39 - 2016-01-05 12:39 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-01-05 12:36 - 2016-01-05 12:36 - 00679204 _____ C:\Users\Owner\Downloads\AIAS STUDENT HANDBOOK 23112015 V3(1).pdf

2016-01-05 12:34 - 2016-01-05 12:34 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(3).pdf

2016-01-05 12:34 - 2016-01-05 12:34 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(2).pdf

2016-01-05 12:34 - 2016-01-05 12:34 - 00160472 _____ C:\Users\Owner\Downloads\PSBA039MAY15-Identification-verification-by-a-prescribed-person.pdf

2016-01-05 12:33 - 2016-01-05 12:33 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(4).pdf

2016-01-05 12:33 - 2016-01-05 12:33 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD(2).pdf

2016-01-05 11:32 - 2016-01-05 11:32 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(3).pdf

2016-01-05 10:50 - 2016-01-05 10:50 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD.pdf

2016-01-05 10:50 - 2016-01-05 10:50 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD(1).pdf

2016-01-05 10:46 - 2016-01-05 10:46 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(2).pdf

2016-01-05 10:46 - 2016-01-05 10:46 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015.pdf

2016-01-05 10:46 - 2016-01-05 10:46 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(1).pdf

2016-01-05 10:32 - 2016-01-05 10:32 - 00878144 _____ (NoVirusThanks Company Srl ) C:\Users\Owner\Downloads\zbot_remover_setup.exe

2016-01-04 20:33 - 2016-01-04 20:33 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(1).pdf

2016-01-04 20:22 - 2016-01-04 20:23 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL.pdf

2016-01-04 19:45 - 2016-01-04 19:45 - 01745920 _____ C:\Users\Owner\Downloads\adwcleaner_5.027(1).exe

2016-01-04 12:32 - 2016-01-04 12:33 - 00363396 _____ C:\Users\Owner\Desktop\Mail - SIMPSON Kevin - Outlook.htm

2016-01-04 12:32 - 2016-01-04 12:33 - 00000000 ____D C:\Users\Owner\Desktop\Mail - SIMPSON Kevin - Outlook_files

2016-01-04 11:51 - 2016-01-04 11:51 - 00586731 _____ C:\Users\Owner\Downloads\IRIS_Beginner_1.pdf

2016-01-04 11:51 - 2016-01-04 11:51 - 00586731 _____ C:\Users\Owner\Downloads\IRIS_Beginner_1(1).pdf

2016-01-04 11:22 - 2016-01-04 11:30 - 00000000 ____D C:\Users\Owner\Desktop\Te

2016-01-04 11:21 - 2016-01-04 11:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\XnConvert

2016-01-04 11:19 - 2016-01-04 11:20 - 20285571 _____ (Gougelet Pierre-e ) C:\Users\Owner\Downloads\XnConvert-win-x64.exe

2016-01-04 11:04 - 2016-01-04 12:25 - 00000000 ____D C:\Users\Owner\Desktop\Iris

2016-01-04 10:51 - 2016-01-04 10:51 - 00000959 _____ C:\Windows\ODBCINST.INI

2016-01-04 10:51 - 2016-01-04 10:51 - 00000000 ____D C:\AIGAL

2016-01-04 10:51 - 1999-06-02 18:55 - 00074000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrclr40.dll

2016-01-04 10:51 - 1999-06-02 18:55 - 00028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrecr40.dll

2016-01-04 09:40 - 2016-01-04 09:41 - 23873160 _____ (AIGALIRIS.COM ) C:\Users\Owner\Downloads\AIGAL.exe

2016-01-04 09:09 - 2016-01-04 09:09 - 02643144 _____ C:\Users\Owner\Downloads\Free+printable+iridology(1).zip

2016-01-04 09:07 - 2016-01-04 09:07 - 00218534 _____ C:\Users\Owner\Downloads\Iridology_Study_of_Eyes_to_Diagnoses_Health_Problems_2010.pdf

2016-01-04 09:02 - 2016-01-04 09:02 - 02673152 _____ C:\Users\Owner\Downloads\Free+printable+iridology.zip

2016-01-04 08:37 - 2016-01-04 08:37 - 00273563 _____ C:\Users\Owner\Downloads\Note.76.pdf

2016-01-03 19:23 - 2016-01-03 19:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Kodi

2016-01-03 19:19 - 2016-01-03 19:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi

2016-01-03 19:18 - 2016-01-03 19:19 - 00000000 ____D C:\Program Files (x86)\Kodi

2016-01-03 14:34 - 2016-01-03 14:36 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(3).exe

2016-01-02 08:32 - 2016-01-02 08:32 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(5).pdf

2016-01-02 08:29 - 2016-01-02 08:29 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(4).pdf

2016-01-02 08:29 - 2016-01-02 08:29 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(3).pdf

2016-01-01 15:40 - 2016-01-01 15:40 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(2).pdf

2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide.pdf

2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide(2).pdf

2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide(1).pdf

2016-01-01 15:24 - 2016-01-01 15:24 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(4).pdf

2016-01-01 15:23 - 2016-01-01 15:23 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(3).pdf

2016-01-01 14:44 - 2016-01-01 14:45 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(2).exe

2016-01-01 14:38 - 2016-01-01 14:38 - 03537032 _____ C:\Users\Owner\Downloads\plugin.video.phstreams-2.7.4.zip

2016-01-01 09:37 - 2016-01-01 09:37 - 00019893 _____ C:\Users\Owner\Downloads\integrated-iridology-textbook-by-toni-miller-joyfullivingservices-com-pdf-book.pdf

2016-01-01 08:49 - 2016-01-01 08:49 - 03404855 _____ C:\Users\Owner\Downloads\020164.iridology.sharan.pdf

2016-01-01 08:45 - 2016-01-01 08:45 - 00000000 ____D C:\Users\Owner\Desktop\New folder

2015-12-31 11:29 - 2015-12-31 11:29 - 00000000 ____D C:\ProgramData\Skype

2015-12-31 11:29 - 2015-12-31 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-12-31 11:27 - 2015-12-31 11:28 - 46863488 _____ (Skype Technologies S.A.) C:\Users\Owner\Downloads\SkypeSetupFull.exe

2015-12-31 08:49 - 2015-12-31 08:49 - 00500159 _____ C:\Users\Owner\Downloads\SUNTUF-Corro-installation.pdf

2015-12-30 07:28 - 2015-12-30 07:28 - 02950353 _____ C:\Users\Owner\Downloads\slaves_fatwa.pdf

2015-12-29 19:49 - 2015-12-29 19:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software

2015-12-29 19:49 - 2015-12-29 19:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Opera Software

2015-12-29 19:48 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\pendis

2015-12-29 19:44 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Owner\Desktop\New folder (3)

2015-12-29 12:38 - 2015-12-29 12:38 - 00000000 ____D C:\Users\Owner\Desktop\New folder (2)

2015-12-29 12:21 - 2015-12-29 12:22 - 55516683 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard-x86_64.dmg

2015-12-29 09:01 - 2015-12-29 09:01 - 00000000 ____D C:\Users\Owner\Tracing

2015-12-29 08:41 - 2016-01-06 06:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2015-12-29 08:40 - 2015-12-31 11:29 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-12-29 08:33 - 2015-12-29 08:33 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6(2).pdf

2015-12-29 08:31 - 2015-12-29 08:31 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(6).pdf

2015-12-29 08:27 - 2015-12-29 08:27 - 00519706 _____ C:\Users\Owner\Downloads\Iridology – IR(1).pdf

2015-12-29 08:19 - 2015-12-29 08:19 - 00287655 _____ C:\Users\Owner\Downloads\MT1.pdf

2015-12-29 08:18 - 2015-12-29 08:18 - 00368357 _____ C:\Users\Owner\Downloads\Assessment Task 3 Written Responses (MT1).pdf

2015-12-29 08:17 - 2015-12-29 08:17 - 00437805 _____ C:\Users\Owner\Downloads\Assessment Task 2 Fully Body Massage Online Study Mode (MT1).pdf

2015-12-29 08:17 - 2015-12-29 08:17 - 00437805 _____ C:\Users\Owner\Downloads\Assessment Task 2 Fully Body Massage Online Study Mode (MT1)(1).pdf

2015-12-29 08:03 - 2015-12-29 08:03 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(2).pdf

2015-12-29 07:59 - 2015-12-29 07:59 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide.pdf

2015-12-29 07:59 - 2015-12-29 07:59 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(1).pdf

2015-12-29 07:51 - 2015-12-29 07:52 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(5).pdf

2015-12-29 07:49 - 2015-12-29 07:49 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6(1).pdf

2015-12-29 07:48 - 2015-12-29 07:48 - 00519706 _____ C:\Users\Owner\Downloads\Iridology – IR.pdf

2015-12-29 07:47 - 2015-12-29 07:47 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(1).pdf

2015-12-29 07:45 - 2015-12-29 07:45 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(4).pdf

2015-12-29 07:21 - 2015-12-29 07:23 - 107374644 _____ C:\Users\Owner\Downloads\635738785218712088_6221374.mp4

2015-12-28 16:18 - 2015-12-28 16:18 - 23622883 _____ C:\Users\Owner\Downloads\Seas0nPass-win.zip

2015-12-28 12:36 - 2015-12-28 12:36 - 02973710 _____ C:\Users\Owner\Downloads\MoboMarket(1).apk

2015-12-28 12:35 - 2015-12-28 12:35 - 02973710 _____ C:\Users\Owner\Downloads\MoboMarket.apk

2015-12-28 10:24 - 2015-12-29 20:19 - 00000000 ____D C:\Program Files\iTunes

2015-12-28 10:24 - 2015-12-29 13:18 - 00000000 ____D C:\Program Files\iPod

2015-12-28 10:24 - 2015-12-29 13:18 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-12-28 10:14 - 2015-12-31 11:38 - 00000000 ____D C:\Users\Owner\Documents\Mobo

2015-12-28 10:14 - 2015-12-28 10:14 - 00000000 ____D C:\Users\Public\Documents\Baidu

2015-12-28 10:14 - 2015-12-28 10:14 - 00000000 ____D C:\MoboUserData

2015-12-28 10:13 - 2015-12-31 11:38 - 00000000 ____D C:\Program Files (x86)\Mobo

2015-12-28 09:38 - 2015-12-28 10:24 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-12-28 09:07 - 2015-12-28 09:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2015-12-27 13:55 - 2015-12-27 13:55 - 01892936 _____ C:\Users\Owner\Downloads\MoboMarketV1.1.1.apk

2015-12-27 12:37 - 2015-12-27 12:37 - 01323810 _____ C:\Users\Owner\Downloads\apple_tv_3rd_gen_setup.pdf

2015-12-27 10:27 - 2015-12-27 10:27 - 00054543 _____ C:\Users\Owner\Downloads\wireless-add-7.pdf

2015-12-27 10:27 - 2015-12-27 10:27 - 00054543 _____ C:\Users\Owner\Downloads\wireless-add-7(1).pdf

2015-12-27 10:16 - 2015-12-29 10:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer

2015-12-27 10:16 - 2015-12-27 10:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer

2015-12-27 10:15 - 2015-12-28 14:54 - 00000000 ____D C:\Windows\System32\Tasks\Apple

2015-12-27 10:15 - 2015-12-28 14:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2015-12-27 10:15 - 2015-12-27 10:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-12-27 10:15 - 2015-12-27 10:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple

2015-12-27 10:14 - 2015-12-28 14:53 - 00000000 ____D C:\ProgramData\Apple

2015-12-27 10:14 - 2015-12-28 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple

2015-12-27 10:14 - 2015-12-27 10:14 - 00000000 ____D C:\Program Files\Bonjour

2015-12-27 10:14 - 2015-12-27 10:14 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-12-27 10:10 - 2015-12-27 10:13 - 167583000 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes6464Setup(1).exe

2015-12-27 10:00 - 2015-12-27 10:04 - 167583000 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes6464Setup.exe.part

2015-12-27 09:06 - 2015-12-27 09:06 - 01211614 _____ C:\Users\Owner\Downloads\Stormwater_pit_installation_guide_Humes_02.pdf

2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L3 MT1(1).pdf

2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L2 MT1(1).pdf

2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L11 MT1(3).pdf

2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L11 MT1(1).pdf

2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L10 MT1(1).pdf

2015-12-24 12:47 - 2015-12-24 12:47 - 00449532 _____ C:\Users\Owner\Downloads\Assessment Task 1 Back Sequence Online Mode (MT1)(1).pdf

2015-12-24 10:53 - 2015-12-24 10:53 - 00709260 _____ C:\Users\Owner\Downloads\L11 MT1(2).pdf

2015-12-24 09:46 - 2015-12-24 09:46 - 01704830 _____ C:\Users\Owner\Downloads\APA Referencing Guide.pdf

2015-12-24 09:43 - 2015-12-24 09:43 - 00556694 _____ C:\Users\Owner\Downloads\AIAS Student Information Handout_VET_141.pdf

2015-12-24 09:42 - 2015-12-24 09:42 - 00068553 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT61012_Adv_Dip_Nutritional Medicine_2014_v2.pdf

2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2.pdf

2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2(2).pdf

2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2(1).pdf

2015-12-24 09:17 - 2015-12-24 09:17 - 00975003 _____ C:\Users\Owner\Downloads\Lesson 1. Introduction to Iridology and the Eye.pdf

2015-12-24 09:01 - 2015-12-24 09:01 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide.pdf

2015-12-24 08:57 - 2015-12-24 08:57 - 00679204 _____ C:\Users\Owner\Downloads\AIAS STUDENT HANDBOOK 23112015 V3.pdf

2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne.pdf

2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne(2).pdf

2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne(1).pdf

2015-12-24 08:49 - 2015-12-24 08:49 - 00297643 _____ C:\Users\Owner\Downloads\Biochemistry - Subject Guide.pdf

2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(3).pdf

2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(2).pdf

2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(1).pdf

2015-12-24 08:39 - 2015-12-24 08:39 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6.pdf

2015-12-24 08:37 - 2015-12-24 08:37 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology.pdf

2015-12-23 12:16 - 2015-12-23 12:17 - 00000174 _____ C:\Users\Owner\Desktop\Seeing is believing.url

2015-12-21 08:28 - 2015-11-06 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-12-21 08:28 - 2015-11-06 05:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2015-12-21 08:28 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-12-21 08:28 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-12-21 08:28 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-12-21 08:28 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-12-21 08:28 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-12-21 08:28 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-12-21 08:28 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-12-21 08:28 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-12-21 08:28 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-12-21 08:28 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-12-21 08:28 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-12-21 08:28 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-12-21 08:27 - 2015-11-21 04:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-12-21 08:27 - 2015-11-21 04:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-12-21 08:27 - 2015-11-21 04:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-12-21 08:27 - 2015-11-21 04:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-12-21 08:27 - 2015-11-21 04:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-12-21 08:27 - 2015-11-21 04:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-12-21 08:27 - 2015-11-21 04:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-12-21 08:27 - 2015-11-21 04:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-12-21 08:27 - 2015-11-21 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-12-21 08:27 - 2015-11-11 04:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-12-21 08:27 - 2015-11-11 04:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-12-21 08:27 - 2015-11-11 04:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2015-12-21 08:27 - 2015-11-11 04:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-12-21 08:27 - 2015-11-11 04:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2015-12-21 08:27 - 2015-11-11 03:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-12-21 08:27 - 2015-11-06 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll

2015-12-21 08:27 - 2015-11-06 05:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll

2015-12-21 08:27 - 2015-11-05 19:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

2015-12-21 08:27 - 2015-11-04 05:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2015-12-21 08:27 - 2015-11-04 04:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2015-12-21 08:27 - 2015-09-19 05:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-12-21 08:27 - 2015-09-19 05:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-12-21 08:27 - 2015-09-19 05:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-12-21 08:27 - 2015-09-19 05:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-12-21 08:27 - 2015-09-19 05:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-12-21 08:27 - 2015-09-19 05:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-12-21 08:27 - 2015-09-19 05:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-12-21 08:27 - 2015-07-10 03:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2015-12-21 08:27 - 2015-07-10 03:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll

2015-12-21 08:27 - 2015-07-10 03:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2015-12-21 08:27 - 2015-07-10 03:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll

2015-12-21 08:27 - 2015-06-04 06:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-12-21 08:27 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-12-21 08:27 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-12-21 08:27 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-12-21 08:27 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-12-21 08:27 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-12-21 08:27 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-12-21 08:27 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-12-21 08:27 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-12-21 08:26 - 2015-11-12 07:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-12-21 08:26 - 2015-11-12 06:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-12-21 08:26 - 2015-11-12 04:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

2015-12-21 08:26 - 2015-11-12 04:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2015-12-21 08:26 - 2015-11-12 04:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

2015-12-21 08:26 - 2015-11-12 04:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

2015-12-21 08:26 - 2015-11-12 02:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-12-21 08:26 - 2015-11-12 01:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-12-21 08:26 - 2015-11-12 01:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-12-21 08:26 - 2015-11-12 01:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-12-21 08:26 - 2015-11-12 01:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-12-21 08:26 - 2015-11-12 00:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-12-21 08:26 - 2015-11-10 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-12-21 08:26 - 2015-11-10 10:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-12-21 08:26 - 2015-11-10 10:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-12-21 08:26 - 2015-11-10 10:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-12-21 08:26 - 2015-11-10 10:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-12-21 08:26 - 2015-11-10 10:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-12-21 08:26 - 2015-11-10 10:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-12-21 08:26 - 2015-11-10 10:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-12-21 08:26 - 2015-11-10 10:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-12-21 08:26 - 2015-11-10 10:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-12-21 08:26 - 2015-11-10 10:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-12-21 08:26 - 2015-11-10 10:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-12-21 08:26 - 2015-11-10 10:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-12-21 08:26 - 2015-11-10 09:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-12-21 08:26 - 2015-11-10 09:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-12-21 08:26 - 2015-11-10 09:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-12-21 08:26 - 2015-11-10 09:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2015-12-21 08:26 - 2015-11-10 09:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-12-21 08:26 - 2015-11-10 09:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-12-21 08:26 - 2015-11-10 09:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-12-21 08:26 - 2015-11-10 09:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-12-21 08:26 - 2015-11-10 09:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-12-21 08:26 - 2015-11-10 09:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-12-21 08:26 - 2015-11-10 09:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-12-21 08:26 - 2015-11-09 08:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-12-21 08:26 - 2015-11-09 08:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-12-21 08:26 - 2015-11-09 08:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-12-21 08:26 - 2015-11-09 08:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-12-21 08:26 - 2015-11-09 08:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-12-21 08:26 - 2015-11-09 08:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-12-21 08:26 - 2015-11-09 08:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-12-21 08:26 - 2015-11-09 08:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-12-21 08:26 - 2015-11-09 08:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-12-21 08:26 - 2015-11-09 08:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-12-21 08:26 - 2015-11-09 08:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-12-21 08:26 - 2015-11-09 08:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-12-21 08:26 - 2015-11-09 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-12-21 08:26 - 2015-11-09 08:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-12-21 08:26 - 2015-11-09 07:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-12-21 08:26 - 2015-11-09 07:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-12-21 08:26 - 2015-11-09 07:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-12-21 08:26 - 2015-11-09 07:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-12-21 08:26 - 2015-11-09 07:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-12-21 08:26 - 2015-11-09 07:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-12-21 08:26 - 2015-11-09 07:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-12-21 08:26 - 2015-11-09 07:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-12-21 08:26 - 2015-11-09 07:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-12-21 08:26 - 2015-11-09 07:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-12-21 08:26 - 2015-11-09 07:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-12-21 08:26 - 2015-11-09 06:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-12-21 08:26 - 2015-11-09 06:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-12-21 08:26 - 2015-11-09 06:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-12-21 08:26 - 2015-10-30 03:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-12-21 08:26 - 2015-10-30 03:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-12-21 08:26 - 2015-10-30 03:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-12-21 08:26 - 2015-10-30 03:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-12-21 08:26 - 2015-10-30 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-12-21 08:26 - 2015-10-30 03:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-12-21 08:26 - 2015-10-30 03:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-12-21 08:26 - 2015-08-28 04:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-12-21 08:26 - 2015-08-28 04:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-12-21 08:26 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-12-21 08:26 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-12-21 08:26 - 2015-08-28 03:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2015-12-21 08:26 - 2015-08-28 03:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-12-21 08:26 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2015-12-21 08:26 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-12-21 08:26 - 2015-07-23 10:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-12-21 08:26 - 2015-07-23 10:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-12-21 08:26 - 2015-07-23 10:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-12-21 08:26 - 2015-07-23 03:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-12-21 08:26 - 2015-07-23 03:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-12-21 08:26 - 2015-07-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll

2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

2015-12-21 08:26 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2015-12-21 08:26 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe

2015-12-21 08:26 - 2015-07-10 03:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

2015-12-21 08:26 - 2015-06-25 20:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-12-21 08:26 - 2015-06-25 20:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-12-21 08:26 - 2015-06-25 20:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-12-21 08:26 - 2015-06-25 19:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-12-21 08:26 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys

2015-12-21 08:25 - 2015-11-12 02:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-12-21 08:25 - 2015-11-09 08:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-12-21 08:25 - 2015-11-09 08:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-12-21 08:25 - 2015-11-09 07:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-12-21 08:24 - 2015-12-21 08:25 - 00000000 ____D C:\Users\Owner\Desktop\Sample Kodi

2015-12-21 08:24 - 2015-11-04 05:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll

2015-12-21 08:24 - 2015-11-04 04:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll

2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles.pdf

2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles(2).pdf

2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles(1).pdf

2015-12-20 19:23 - 2015-12-20 19:23 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl(2).exe

2015-12-20 19:20 - 2015-12-20 19:21 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl(1).exe

2015-12-20 19:16 - 2015-12-20 19:16 - 00000000 ____D C:\Program Files (x86)\Windows Live

2015-12-20 19:14 - 2015-12-20 19:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live

2015-12-20 19:13 - 2015-12-20 19:14 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe

2015-12-20 13:23 - 2015-12-20 13:23 - 00000133 _____ C:\Users\Owner\Desktop\Mirror kodi.url

2015-12-20 13:07 - 2015-12-20 13:08 - 00000133 _____ C:\Users\Owner\Desktop\Kodi Setup.url

2015-12-20 10:18 - 2015-12-20 10:20 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(1).exe

2015-12-20 09:49 - 2015-12-20 09:49 - 00000020 _____ C:\Users\Owner\AppData\Roaming\explorersys.txt

2015-12-20 09:49 - 2015-12-20 09:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Customwiz For Kodi

2015-12-20 09:49 - 2015-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Customwiz For Kodi

2015-12-20 09:48 - 2015-12-20 09:48 - 01374720 _____ C:\Users\Owner\Downloads\Customwiz For Kodi.msi

2015-12-19 14:00 - 2015-12-19 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader

2015-12-19 13:45 - 2015-12-19 13:45 - 00000000 ____D C:\Program Files (x86)\Vitzo

2015-12-19 13:44 - 2015-12-19 13:44 - 01984712 _____ C:\Users\Owner\Downloads\FreeYouTubeDownloader.exe

2015-12-19 13:44 - 2015-12-19 13:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftCDN

2015-12-18 12:27 - 2015-12-18 12:27 - 00704762 _____ C:\Users\Owner\Downloads\MediaBrowser.Kodi-master.zip

2015-12-18 11:34 - 2015-12-18 11:35 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard.exe

2015-12-18 09:53 - 2015-12-18 09:53 - 00583627 _____ C:\Users\Owner\Downloads\aoa08-c06.pdf

2015-12-18 09:20 - 2015-12-18 09:21 - 09911138 _____ C:\Users\Owner\Downloads\Chapter 8B.pdf

2015-12-17 13:57 - 2015-12-17 14:00 - 10405677 _____ C:\Users\Owner\Downloads\ankle-muscles.pdf

2015-12-17 05:29 - 2015-12-17 05:29 - 00871136 _____ C:\Users\Owner\Downloads\InTech-Muscular_performance_assessment_of_trunk_extensors_a_critical_appraisal_of_the_literature.pdf

2015-12-17 05:29 - 2015-12-17 05:29 - 00871136 _____ C:\Users\Owner\Downloads\InTech-Muscular_performance_assessment_of_trunk_extensors_a_critical_appraisal_of_the_literature(1).pdf

2015-12-16 12:54 - 2015-12-16 12:55 - 55109304 _____ C:\Users\Owner\Downloads\tvmc-14.2-helix.apk

2015-12-16 11:49 - 2015-12-16 11:53 - 00000000 ____D C:\Users\Owner\Desktop\Files from USB drive

2015-12-16 07:57 - 2015-12-16 07:57 - 00000000 ____D C:\Users\Owner\Desktop\Heart

2015-12-15 07:58 - 2015-12-15 07:58 - 01446327 _____ C:\Users\Owner\Downloads\Circulation Research-1991-Lew-1139-45.pdf

2015-12-14 13:25 - 2015-12-20 19:20 - 00013312 _____ C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-12-14 08:05 - 2015-12-14 08:05 - 00426196 _____ C:\Users\Owner\Downloads\Digital TV Reception - Panasonic.pdf

2015-12-14 08:05 - 2015-12-14 08:05 - 00426196 _____ C:\Users\Owner\Downloads\Digital TV Reception - Panasonic(1).pdf

2015-12-13 20:06 - 2015-12-13 20:06 - 01480562 _____ C:\Users\Owner\Downloads\3-17-08 Whitehill.pdf

2015-12-13 20:03 - 2015-12-13 20:03 - 00107601 _____ C:\Users\Owner\Downloads\Blood-Clotting.pdf

2015-12-12 19:25 - 2015-12-12 19:25 - 00089078 _____ C:\Users\Owner\Downloads\roi-factsheet-your-medical-record.pdf

2015-12-12 19:21 - 2015-12-12 19:21 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf(2).pdf

2015-12-12 19:15 - 2015-12-12 19:16 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf(1).pdf

2015-12-12 19:15 - 2015-12-12 19:15 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf.pdf

2015-12-12 19:03 - 2015-12-12 19:06 - 136977018 _____ C:\Users\Owner\Downloads\catalyst_15_16_21.mp4

2015-12-12 13:05 - 2015-12-12 13:05 - 00999305 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 6(2).pdf

2015-12-12 12:42 - 2015-12-12 12:42 - 00148298 _____ C:\Users\Owner\Downloads\ReviewSheet10a.pdf

2015-12-12 11:40 - 2015-12-12 11:40 - 00595608 _____ C:\Users\Owner\Downloads\chapter-3-pp-text-notes.pdf

2015-12-12 09:36 - 2015-12-12 09:36 - 00615098 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 8(1).pdf

2015-12-12 09:36 - 2015-12-12 09:36 - 00521549 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 9.pdf

2015-12-12 09:28 - 2015-12-12 09:28 - 00155240 _____ C:\Users\Owner\Downloads\pestmanagement.pdf

2015-12-12 09:28 - 2015-12-12 09:28 - 00155240 _____ C:\Users\Owner\Downloads\pestmanagement(1).pdf

2015-12-12 08:57 - 2015-12-12 08:57 - 01223110 _____ C:\Users\Owner\Downloads\Lemon Balm Guide.pdf

2015-12-10 07:56 - 2015-12-10 07:56 - 00286713 _____ C:\Users\Owner\Downloads\Anatomy and Physiology 2(9).pdf

2015-12-10 07:56 - 2015-12-10 07:56 - 00286713 _____ C:\Users\Owner\Downloads\Anatomy and Physiology 2(10).pdf

2015-12-10 07:54 - 2015-12-10 07:54 - 00286928 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy(5).pdf

2015-12-10 07:54 - 2015-12-10 07:54 - 00286928 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy(4).pdf

2015-12-09 09:09 - 2015-12-09 09:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\VDownloader

2015-12-09 09:09 - 2015-12-09 09:09 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\VDownloader

2015-12-09 09:08 - 2015-12-09 11:01 - 00000000 ____D C:\Users\Owner\AppData\Local\VDownloader

2015-12-09 09:08 - 2015-12-09 09:09 - 00000000 ____D C:\Program Files\VDownloader

2015-12-09 09:08 - 2015-12-09 09:08 - 21366572 _____ (Vitzo Limited ) C:\Users\Owner\Downloads\VDownloaderSetup.exe

2015-12-09 09:08 - 2015-12-09 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader

2015-12-09 09:08 - 2015-08-27 15:48 - 00444283 _____ C:\Program Files\Common Files\WinPcapNmap.exe

2015-12-09 09:04 - 2015-12-09 09:04 - 01167360 _____ (Vitzo Limited) C:\Users\Owner\Downloads\VDownloader4OC.exe

2015-12-09 09:01 - 2015-12-09 09:01 - 00617888 _____ (33download.com ) C:\Users\Owner\Downloads\VDFree_soft.exe

2015-12-09 08:17 - 2015-12-09 08:18 - 13916540 _____ (HOW Inc. ) C:\Users\Owner\Downloads\FYTDSetup (2).exe

2015-12-09 08:17 - 2015-12-09 08:17 - 01180672 _____ (How, Inc) C:\Users\Owner\Downloads\FYTD_Setup_2(2).exe

2015-12-08 15:38 - 2015-12-08 15:38 - 00923994 _____ C:\Users\Owner\Downloads\raven06_57.pdf

2015-12-08 15:38 - 2015-12-08 15:38 - 00923994 _____ C:\Users\Owner\Downloads\raven06_57(1).pdf

2015-12-07 15:40 - 2015-12-07 15:42 - 106247336 _____ C:\Users\Owner\Downloads\catalyst_s14_ep14_pheremoneparty.mp4

2015-12-07 14:11 - 2015-12-07 14:11 - 05096022 _____ C:\Users\Owner\Downloads\Module-UpperLimb.pdf

2015-12-07 14:10 - 2015-12-07 14:10 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(3).pdf

2015-12-07 14:09 - 2015-12-07 14:09 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(2).pdf

2015-12-07 14:09 - 2015-12-07 14:09 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-06 06:25 - 2009-07-14 13:20 - 00000000 ____D C:\Windows

2016-01-06 06:17 - 2009-07-14 14:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-06 06:17 - 2009-07-14 14:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-06 06:16 - 2014-08-26 15:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-06 06:08 - 2014-08-26 15:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-06 06:07 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-06 06:04 - 2015-05-20 13:05 - 00000000 ___RD C:\Users\Owner\Desktop\Cleaners

2016-01-06 05:43 - 2015-05-20 13:08 - 00000000 ____D C:\AdwCleaner

2016-01-06 05:13 - 2009-07-14 15:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-01-05 20:52 - 2015-05-20 17:00 - 00000000 ___RD C:\Users\Owner\Desktop\Sound

2016-01-05 19:55 - 2015-11-04 08:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-01-05 19:37 - 2015-05-20 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-05 19:04 - 2015-05-22 20:10 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files

2016-01-05 15:22 - 2015-07-25 09:22 - 00000364 _____ C:\Windows\Tasks\AutoBeam.job

2016-01-05 13:52 - 2015-06-19 09:18 - 00000000 ____D C:\Program Files\Common Files\AV

2016-01-05 13:52 - 2015-06-13 08:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2016-01-05 12:40 - 2015-07-18 21:44 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-01-05 12:40 - 2015-07-18 21:44 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-01-05 12:39 - 2015-07-18 21:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-01-05 12:39 - 2015-07-18 20:21 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-01-04 19:52 - 2015-05-20 15:04 - 00000000 ____D C:\Users\Owner\Documents\My PSP8 Files

2016-01-04 19:40 - 2015-05-20 13:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-04 15:26 - 2015-05-20 14:37 - 00000000 ___RD C:\Users\Owner\Desktop\Graphics

2016-01-04 14:59 - 2015-06-04 11:21 - 00000000 ___RD C:\Users\Owner\Podcasts

2016-01-04 14:59 - 2014-08-26 11:38 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-01-04 14:56 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\schemas

2016-01-04 14:53 - 2014-08-26 11:37 - 00000000 ____D C:\Users\Owner

2016-01-04 10:51 - 2015-05-21 07:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2016-01-04 10:51 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2016-01-03 19:23 - 2015-05-22 10:59 - 00000000 ___RD C:\Users\Owner\Desktop\Applications

2016-01-03 19:16 - 2015-05-25 08:22 - 00000000 ___RD C:\Users\Owner\Desktop\Health Nutrition

2016-01-03 15:31 - 2009-07-14 15:13 - 00800420 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-03 15:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf

2015-12-29 20:19 - 2015-12-04 07:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

2015-12-29 20:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration

2015-12-29 19:26 - 2015-10-25 08:09 - 00000000 ____D C:\Users\Owner\dwhelper

2015-12-28 15:28 - 2015-09-24 12:32 - 00000000 ____D C:\ProgramData\Apple Computer

2015-12-28 15:17 - 2015-07-30 15:30 - 00018432 _____ C:\Windows\system32\umstartup(16).etl

2015-12-28 14:54 - 2015-07-18 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-12-28 14:38 - 2011-04-12 18:28 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-12-28 10:59 - 2015-06-29 08:28 - 00000000 ____D C:\Users\Owner\.cache

2015-12-27 06:25 - 2015-07-30 15:30 - 00003072 _____ C:\Windows\system32\umstartup(75).etl

2015-12-22 18:25 - 2015-11-29 08:12 - 00000000 ____D C:\Users\Owner\Desktop\X For Printing

2015-12-22 08:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache

2015-12-21 18:57 - 2009-07-14 14:45 - 00354280 _____ C:\Windows\system32\FNTCACHE.DAT

2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ___SD C:\Windows\system32\GWX

2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ____D C:\Windows\system32\appraiser

2015-12-21 18:55 - 2014-08-26 14:22 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-12-21 09:55 - 2015-05-20 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-12-21 09:54 - 2015-05-20 11:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-12-21 09:54 - 2015-05-20 11:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-12-21 09:52 - 2014-08-26 11:51 - 00784286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2015-12-21 09:47 - 2014-08-26 14:43 - 00000000 ____D C:\Windows\system32\MRT

2015-12-21 09:43 - 2014-08-26 14:43 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-12-20 10:22 - 2015-11-29 08:13 - 00000000 ____D C:\Users\Owner\Desktop\X For sorting

2015-12-19 15:58 - 2015-05-20 13:14 - 00000000 ___RD C:\Users\Owner\Desktop\Video Tools

2015-12-16 05:06 - 2015-05-21 12:41 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2015-12-16 05:06 - 2015-05-21 12:34 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-12-14 12:57 - 2015-05-19 14:05 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles

2015-12-12 07:57 - 2015-06-14 14:51 - 00000000 ____D C:\Program Files (x86)\Freemake

2015-12-08 11:23 - 2015-12-05 04:32 - 00000000 ____D C:\Users\Owner\Desktop\Freemake Joins

==================== Files in the root of some directories =======

2015-12-09 09:08 - 2015-08-27 15:48 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe

2015-06-12 12:22 - 2015-08-01 14:54 - 0000103 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini

2015-06-12 12:22 - 2015-08-01 14:54 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini

2015-06-12 12:22 - 2015-08-01 14:54 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini

2015-06-12 12:01 - 2015-08-01 15:46 - 0004536 _____ () C:\Users\Owner\AppData\Roaming\CamStudio.cfg

2015-12-20 09:49 - 2015-12-20 09:49 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\explorersys.txt

2015-09-25 11:53 - 2015-09-25 12:14 - 0000131 _____ () C:\Users\Owner\AppData\Roaming\GPACgpac_pl.m3u

2015-06-12 12:00 - 2015-08-01 14:51 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml

2015-12-14 13:25 - 2015-12-20 19:20 - 0013312 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-05-22 15:27 - 2015-07-25 14:27 - 0007597 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg

2014-08-26 11:46 - 2014-08-26 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2015-08-17 12:12 - 2015-08-17 12:12 - 0004154 _____ () C:\ProgramData\vczcspay.tpu

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-30 08:05

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015

Ran by Owner (2016-01-06 06:26:14)

Running from C:\Users\Owner\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2014-08-26 01:37:50)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-103068557-1708720007-3558950971-500 - Administrator - Disabled)

Guest (S-1-5-21-103068557-1708720007-3558950971-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-103068557-1708720007-3558950971-1002 - Limited - Enabled)

Owner (S-1-5-21-103068557-1708720007-3558950971-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Emsisoft Anti-Malware (Enabled - Up to date) {9C1B43E7-A69A-E012-4F20-AD6C27446402}

AS: Emsisoft Anti-Malware (Enabled - Up to date) {277AA203-80A0-EF9C-7590-961E5CC32EBF}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.4.1795 - Open Media LLC)

7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden

Acrok HD Video Converter Ver 4.0.37.595 (HKLM-x32\...\{C5338CAA-5760-4A1C-9E8D-DA4D63085177}_is1) (Version: - )

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)

Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )

Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - )

ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )

Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.13.0 - Asmedia Technology)

Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)

AVerMedia A835 USB DVB-T 8.2.64.64 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 8.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)

AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.14 - AVerMedia Technologies, Inc.)

AVerTV 3D (x32 Version: 6.5.2.14 - AVerMedia Technologies, Inc.) Hidden

AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)

CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)

CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)

Canon DR-5010C Driver (HKLM-x32\...\{A9DB83DB-A9FD-11D0-BFD1-444553540000}) (Version: 1.11.11111.10001 - Canon Electronics)

CanoScan Toolbox Ver4.1 (HKLM-x32\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)

CLOX 2000 (HKLM-x32\...\ST5UNST #1) (Version: - )

ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)

Cursor Attention (HKLM-x32\...\Cursor Attention) (Version: - )

Customwiz For Kodi (HKLM-x32\...\{16801E38-3E91-44A3-9049-DF5D34D037E9}) (Version: 45.45.45 - Customwiz For Kodi)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delete Doctor 2.3 (HKLM-x32\...\Delete Doctor) (Version: 2.3 - )

Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)

DuckCapture Standard 2.7 (HKLM-x32\...\DuckCapture_is1) (Version: 2.7 - DuckLink)

DVDFab Decrypter 2.9.2.2 (HKLM-x32\...\DVDFab Decrypter_is1) (Version: - Fengtao Software Inc.)

Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Free Flash to MP4 Converter (2.3.2.1) (HKLM-x32\...\Free Flash to MP4 Converter_is1) (Version: 2.3.2.1 - Amazing Studio)

Free MP4 Video Converter version 5.0.63.913 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.63.913 - DVDVideoSoft Ltd.)

Free PDF Converter Utilities 8.6.4 (HKLM-x32\...\Free PDF Converter Utilities_is1) (Version: - FreeAudioVideoSoftTech, Inc.)

Free PDF To PPT Converter (HKLM-x32\...\{F0712F9D-4B28-4AED-9AA5-BEE9B0B533D5}) (Version: 1.0.0 - Free PDF Solutions)

Free PDF to Word Converter 2.0 (HKLM-x32\...\Free PDF to Word Converter_is1) (Version: - Free-PDF-to-Word.com)

Free Video Capture 7.8.5 (HKLM-x32\...\Free Video Capture_is1) (Version: - SightFiesta Co., Ltd.)

Free Video Cutter Joiner 10.4 (HKLM-x32\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 10.4 - DVDVideoMedia, Inc.)

Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)

Free YouTube Download version 3.2.56.324 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)

Free YouTube Downloader 4.1.448 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)

Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

iWisoft Flash SWF to Video Converter 3.5 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)

Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)

Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)

K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )

Kodi (HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\Kodi) (Version: - XBMC-Foundation)

Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )

Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.0.568.0 - Logitech Europe S.A.)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

LP Ripper (HKLM-x32\...\LP Ripper) (Version: - )

Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)

MailWasher (HKLM-x32\...\{8D4426EF-E37B-4B1B-B061-546D7172C67D}) (Version: 7.5 - Firetrust)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Manual CanoScan 3000,3000F (HKLM-x32\...\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}) (Version: - )

MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)

Movavi Screen Capture Studio 6 (HKLM-x32\...\Movavi Screen Capture Studio 6) (Version: 6.3.0 - Movavi)

Moyea Free Flash Downloader version 1.4.0.0 (HKLM-x32\...\{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1) (Version: 1.4.0.0 - Moyea Software Co., LTD)

Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)

MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)

Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)

Multifit_Elearning (x32 Version: 1.9 - UNKNOWN) Hidden

My MP4Box GUI 0.5.5.4 (HKLM\...\{470F4A33-DA87-4CF5-9E5A-42BD4F218B39}_is1) (Version: 0.5.5.4 - Matt Bodin)

MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)

Nero 6 (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )

Nero Media Player (HKLM-x32\...\NMPUninstallKey) (Version: - )

NeroVision Express 2 (HKLM-x32\...\NeroVision!UninstallKey) (Version: - )

Network Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Netg) (Version: - )

NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

Paragon Backup and Recovery™ 14 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)

PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)

PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )

PowerDVDPoint Lite (HKLM-x32\...\{C9CD97C8-AFED-447F-9663-24DD150A08E9}) (Version: 3.6.00 - DigitalOfficePro)

QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)

RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)

Recoveryfix for Outlook Evaluation ver 14.09 (HKLM-x32\...\Recoveryfix for Outlook Evaluation ver_is1) (Version: - Lepide Software Pvt.Ltd.)

Remo Repair Outlook [PST] (HKLM\...\{9F198151-82C8-4AE0-9290-4248B416BDF4}_is1) (Version: 3.0.0.11 - Remo Software)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)

Screen Recorder 1.0 (HKLM-x32\...\{4CEC58D7-3667-4C30-8AB1-13ED2A5487FA}_is1) (Version: 1.0.0.4 - hxxp://freerecorders.com)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TechUtilities (HKLM\...\TechUtilities_is1) (Version: 1.1.1.7 - Seven Servos Software Pvt Ltd.)

TEncoder Video Converter version 3.7.0 (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 3.7.0 - ozok)

TurboCAD Professional v6 (HKLM-x32\...\TurboCAD Professional v6) (Version: - )

TurboCAD v6 Symbols (HKLM-x32\...\TurboCAD v6 Symbols) (Version: - )

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

User's Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Useg) (Version: - )

VDownloader 4.1.1650 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)

Video Download Capture version 5.0.8 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.8 - APOWERSOFT LIMITED)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

WinX DVD Author 6.3.5 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)

Wondershare Video Converter Ultimate(Build 8.1.3.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.1.3.0 - Wondershare Software)

Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.4 - Xvid Team)

YouTube Free Downloader 1.6.0.0 (HKLM-x32\...\YouTube Free Downloader_is1) (Version: 1.6.0.0 - AbyssMedia.com)

YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.3 - Abelssoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-103068557-1708720007-3558950971-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14837160-8641-4FC8-8704-1054E3D24F56} - System32\Tasks\{F155F973-60F2-4C9A-92F2-2CB6649E3AC0} => pcalua.exe -a C:\Users\Owner\Desktop\swftools-0.9.0.exe -d C:\Users\Owner\Desktop

Task: {2C17A2BA-F809-433A-9D0B-7B024C944C32} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {37D38D12-3512-468B-B74C-AB1D175AB4F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-05] (AVAST Software)

Task: {405F0640-8375-41A1-A7AD-3B1DBC5F3A57} - System32\Tasks\{61DB53B8-411F-4170-9B78-66551CEAC354} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)

Task: {40881B30-88D3-4C15-AE1F-937929D83132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {5A301AA5-1C4D-4A36-8043-5BE5A0A32BA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {643C3088-5024-49C9-9CCA-16AE4D0BE962} - System32\Tasks\{6B920768-D4CE-4B48-B719-65B26164B307} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)

Task: {726BD754-BDF4-4036-B3BD-C07B6ECC7AC5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)

Task: {7FB15E48-2D88-4CC3-8159-42D8DD9B346B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {8407B92C-3DDF-4CE7-A93C-7F390D94F580} - \DNSBEECHER -> No File <==== ATTENTION

Task: {931CFBFE-4689-437C-BB07-B943000D2165} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-20] (Piriform Ltd)

Task: {A0ADEF3D-46E9-47E9-A304-769849B71686} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)

Task: {BD14D4BA-476F-4E62-ACE3-45EE80DC0AB1} - System32\Tasks\AutoBeam => c:\programdata\{0ea02cd9-fb24-36c1-0ea0-02cd9fb2b367}\pdfescape free pdf editor.exe <==== ATTENTION

Task: {CB1F23FC-30D1-4628-BBCB-2CA5C9455908} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)

Task: {CB7BB823-62A4-4D0E-8631-D51ABCE49ECD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {D2517DEB-6F86-40E4-BA59-4FCCD6E0BA79} - System32\Tasks\{38BF66B8-0000-4949-8462-C68637CE56AB} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

Task: {E82DF0E5-0EB2-4319-9A79-B42ECEB4B933} - System32\Tasks\{65BF7A87-0144-4BAB-BCFB-C51A446716E5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\Setup.exe"

Task: {F367B9D1-B2A0-4AAB-B7E4-99229D3B4EE4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {FFC676CD-567A-41DF-8E40-31699982A7D3} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe [2015-08-28] (Seven Servos Software, Pvt Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoBeam.job => c:\programdata\{0ea02cd9-fb24-36c1-0ea0-02cd9fb2b367}\pdfescape free pdf editor.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t1C:\Program Files\TechUtilities\TechUtilities.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-16 09:15 - 2015-09-02 02:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-07-15 14:44 - 2010-07-15 14:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll

2015-06-17 09:56 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll

2015-11-14 10:43 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll

2015-03-20 18:12 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-26 11:42 - 2013-05-07 17:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

2015-08-14 09:41 - 2011-04-01 16:52 - 00403456 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe

2015-08-14 09:42 - 2012-10-17 17:24 - 00163840 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

2015-05-21 12:34 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-08-26 11:47 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\system32\igfxTray.exe

2016-01-05 12:39 - 2016-01-05 12:39 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-01-05 12:39 - 2016-01-05 12:39 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-01-06 04:45 - 2016-01-06 04:45 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010501\algo.dll

2016-01-05 12:39 - 2016-01-05 12:39 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll

2015-02-18 15:19 - 2015-02-18 15:19 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll

2015-02-18 15:19 - 2015-02-18 15:19 - 04647424 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll

2014-10-12 02:41 - 2014-10-12 02:41 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll

2014-10-12 02:41 - 2014-10-12 02:41 - 00272384 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll

2014-08-26 11:42 - 2016-01-06 06:07 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2014-08-26 11:42 - 2013-05-07 17:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2015-08-14 09:42 - 2012-06-09 20:33 - 00053248 ____R () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL

2015-06-13 08:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2015-06-13 08:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2015-06-13 08:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2015-06-13 08:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2015-06-13 08:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2016-01-05 12:39 - 2016-01-05 12:39 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-10-22 11:28 - 2015-10-22 11:28 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

2015-03-12 10:05 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4DF56F2E

AlternateDataStreams: C:\ProgramData\TEMP:E5A9D792

AlternateDataStreams: C:\ProgramData\TEMP:F169C698

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2016-01-04 11:21 - 00000967 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com

127.0.0.1 123.sogou.com

127.0.0.1 www.czzsyzgm.com

127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 10.0.0.138

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CursorAttention.lnk => C:\Windows\pss\CursorAttention.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus => "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun

MSCONFIG\startupreg: BingSvc => C:\Users\Owner\AppData\Local\Microsoft\BingSvc\BingSvc.exe

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide

MSCONFIG\startupreg: CustomwizKodi => C:\Program Files (x86)\Customwiz For Kodi\Customwiz For Kodi\CustomwizKodi.exe

MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe

MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60

MSCONFIG\startupreg: EPLTarget =>

MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

MSCONFIG\startupreg: FreeVideoDownloader => C:\Program Files (x86)\33download.com\Free Video Downloader\FreeVideoDownloader.exe

MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"

MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"

MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe

MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

MSCONFIG\startupreg: PicPick Start => "C:\Program Files (x86)\PicPick\picpick.exe" /startup

MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe

MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU

MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader4.exe" /silent

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD2F89EC-C489-4A7D-8390-7D2B7CF6A539}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe

FirewallRules: [{D9428D1E-A1CF-461E-871C-6D1C39FAC9C7}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe

FirewallRules: [{FF7FB93B-B27B-445B-9A2A-4A41B34FA3E2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe

FirewallRules: [{D292585E-371D-4524-9B5D-BA187F865E44}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe

FirewallRules: [TCP Query User{8555A467-C1BC-42A0-ABB4-21162E515C5C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{3837B596-0F7E-4F2F-B11D-69D1E95435AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [TCP Query User{B63AD94F-D970-42A9-8218-14AE7C915B4D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{05DBD726-9FB8-46EB-B9CA-E4108BA92022}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{72440CCC-5E29-4E14-9C02-E066CCB7A69B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{DF47B85B-233B-4ED2-A0F7-D9CB3BAD6833}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe

FirewallRules: [{9C6ABA63-E0E6-473A-851E-73C985AE2B60}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe

FirewallRules: [{D53F1F8C-3E9C-481A-8CB2-CB639113ABA8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe

FirewallRules: [{F04BB80C-029B-4A03-A906-7C33D7E87647}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll

FirewallRules: [{4634CD24-150C-4664-8899-4C5699EC1B71}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll

FirewallRules: [{04BF6590-4DDF-47BF-A55A-EB13656DA90D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll

FirewallRules: [{667A7A05-7CCE-4BB8-80D1-19B37266E742}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll

FirewallRules: [{6FE81F43-1DE4-4B31-B1C2-7B0B8491C52C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll

FirewallRules: [{06BB9ADB-79F5-4F11-BFB7-68015EC31FAC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll

FirewallRules: [{F60C4E43-F7D1-493F-80CB-76B465490397}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll

FirewallRules: [{6DEE0F71-8B8D-4D11-90F1-D3799334F10A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll

FirewallRules: [{349389FC-F879-4F8D-9273-7090E5957CDC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll

FirewallRules: [{5C139F52-DE7F-4C73-9B0D-8C84A59B0C97}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll

FirewallRules: [{127F9465-B9BA-47F8-BE87-689C170D1B45}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll

FirewallRules: [{DBAF86E5-A293-422D-8CEC-B339E083291F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll

FirewallRules: [{7B8463DE-B162-42C8-A9AD-391A5E3B2B23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{4AB0227E-7847-469E-AB85-BB094570773A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{42BE6F3C-3884-4273-AA01-497854DEB169}] => (Allow) LPort=2869

FirewallRules: [{65AB828A-A678-40FB-8D6C-F30258E6B167}] => (Allow) LPort=1900

FirewallRules: [{B04FA27D-1A77-4D5C-997E-3BA086B78D7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6DD07E70-CC5A-4C29-A707-196CBB496BE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D441E783-3BE3-480E-9D1D-744FA23A5FA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{2BFCEA28-108B-4ACC-8EDA-FB0303DEAD55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B256FF26-C568-489C-ABA7-B5FD460660E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{436A18D0-C7A8-4C7C-9F6D-1E18F2390B0D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{4A4005BB-2DDD-4BDB-8AE6-30111CB316FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [{B77BA49C-6B3E-4760-BB13-F4910B48B19B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9EC2C753-5C39-42EF-8836-5321BC29B866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-01-2016 05:59:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/06/2016 06:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 05:22:18 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program adwcleaner_5.028.exe version 5.0.2.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2cc

Start Time: 01d147ee29c3195f

Termination Time: 4

Application Path: C:\Users\Owner\Desktop\Cleaners\adwcleaner_5.028.exe

Report Id:

Error: (01/06/2016 05:14:25 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 04:44:49 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 07:48:09 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 06:51:58 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 06:18:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 03:21:27 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 02:39:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2016 08:35:37 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (01/06/2016 06:09:59 AM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (01/06/2016 06:09:59 AM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (01/06/2016 06:09:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:

%%-2140993535

Error: (01/06/2016 06:09:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error:

%%-2140993535

Error: (01/06/2016 06:09:50 AM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630801

Error: (01/06/2016 06:07:50 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)

Description: Encrypted volume check: Volume information on \\?\Volume{a9ba8646-fde1-11e4-af1b-806e6f6e6963} cannot be read.

CodeIntegrity:

===================================

Date: 2015-10-16 10:12:19.042

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 10:12:18.698

Date: 2015-10-16 10:12:18.340

Date: 2015-10-16 10:12:17.965

Date: 2015-10-16 10:12:17.341

Date: 2015-10-16 10:11:50.150

Date: 2015-10-16 10:11:49.807

Date: 2015-10-16 10:11:49.417

Date: 2015-10-16 10:11:49.043

Date: 2015-10-16 10:11:48.419

==================== Memory info ===========================

Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz

Percentage of memory in use: 63%

Total physical RAM: 3965.6 MB

Available physical RAM: 1465.28 MB

Total Virtual: 7929.41 MB

Available Virtual: 4450.79 MB

==================== Drives ================================

Drive c: (Windows 7 Drive) (Fixed) (Total:931.41 GB) (Free:719.1 GB) NTFS

Drive f: (XP-Data) (Fixed) (Total:71.22 GB) (Free:32.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97BE5B6A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: CB210205)

Partition 1: (Not Active) - (Size=71.2 GB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=394.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

Addition.txt 48.02KB 293 downloads
FRST.txt 75.37KB 227 downloads

#7
RKinner

Posted 05 January 2016 - 03:01 PM

Malware Expert

Expert
24,624 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that. Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.

Tonight while you sleep have Avast run a boot-time scan (Takes about 6 hours) as follows:

Mute the speakers so Windows won't wake you up when it boots.

Click on the Avast ball in systray or the Avast shortcut on your desktop or All Programs, Avast Software, Avast Free Anti-virus.

Click on Scan then Scan for Viruses. In the box under the monitor icon, click on the down arrow and select Boot-time Scan.

Click on Scan Settings

Change System Drive to All hard drives

Under Heuristics click on the gray box to the left of Normal. It should turn Orange and now say High

Make sure the two boxes are checked. Where it says

When a threat is found... change it to Move to Chest. OK. Start.

The next time you reboot the scan will start. I usually let it run while I sleep because it can take 6 hours. (Good idea to mute the speakers so windows won't wake you when it finally boots up)

It normally stores its log in C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change but last time I ran it it told you where to look for the log when it first started up.

Once it finishes copy and paste the log into a replay. (if it says it found anything)

#8
kevsim

Posted 06 January 2016 - 07:08 PM

New Member

Topic Starter
Member
5 posts

R Kinner,

Thank you for your ongoing support, since running the fix file Firefox running OK and no more Avast virus warnings.

I scanned the computer last night, "C" drive took around 1 1/2 hours, "F" drive had been running for 12 hours and was only 51% finished.

I had to abort at this time as I needed to access to computer.

I have attached the report of what Avast recorded.

kevsim

Attached Files

aswBoot.txt 506bytes 263 downloads

#9
RKinner

Posted 06 January 2016 - 08:38 PM

Malware Expert

Expert
24,624 posts

Looks like F: isn't a system drive so not that important. Don't know why it was taking so long. Perhaps a slow interface.

We usually clean up with Delfix. This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Follow the instructions and ignore the picture since it doesn't show the correct options as checked.

Download Delfix from http://general-chang...xplode/9-delfix

Ensure Remove disinfection tools is ticked

Also tick:

Create registry backup

Purge system restore

Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash is now the most malware targeted program so it must be kept up to date. Be careful with Adobe. They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan. Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on. (It's actually a program for IE)

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.

http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize. You can run it any time that Chrome/Firefox seems slow starting..

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.combefore you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

Last time I downloaded it you had to give them your IP address and they would send you the link to download it. When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running. The free version does not update on its own so you should check for updated versions once in a while. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:

http://www.java.com/...lugin_cache.xml

Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm

(The name means something like "clean place" in one of the local native-American dialects)

Ron