Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Very hard adware that wont remove from Google chrome [Solved]

Started by talkingtree , Feb 06 2016 05:37 AM

This topic is locked

#1
talkingtree

Posted 06 February 2016 - 05:37 AM

Member

Member
58 posts

Hi,

I have tried to remove this adware using many software, but it just wont go away. It only happen on Google Chrome, and ads will specific show up on websites such as Cnet. The scans will show up as nothing is infected or removal of some other programs, but not this particular one. Also tried resetting the Google Chrome settings.

Programs that I tried

-Avast (boot-time as well)

-Malwarebyte

-AdwCleaner

-Bitdefender

-Ad-aware

-Spybot

-HitmanPro

Edited by talkingtree, 06 February 2016 - 05:38 AM.

#2
LiquidTension

Posted 06 February 2016 - 06:50 AM

Expert

Expert
1,151 posts

Hello talkingtree, welcome to Geeks to Go Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean".
Ensure you are following this topic. Click at the top of the page.

======================================================

Please run the following diagnostic scan so I can ascertain the state of your computer.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe or FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

#3
talkingtree

Posted 06 February 2016 - 04:25 PM

Member

Topic Starter
Member
58 posts

Thanks for the reply. The followings are the scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Owner (administrator) on HP (07-02-2016 09:09:08)

Running from C:\Users\Owner\Downloads

Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)

Platform: Windows 8.1 Pro (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE

(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe

(Telenor SE) C:\Program Files (x86)\Emotum\Stay Connected\TelenorSEMobile.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-14] ()

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Telenor Stay Connected] => C:\Program Files (x86)\Emotum\Stay Connected\TelenorSEMobile.exe [339456 2010-08-03] (Telenor SE)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)

Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [291968 2015-11-02] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Policies\Explorer: []

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c339-237e-11e5-becd-240a64dea16d} - "E:\AutoRun.exe"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c35c-237e-11e5-becd-240a64dea16d} - "D:\AutoRun.exe"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {6a5ceecc-4af9-11e4-be82-240a64dea16d} - "D:\fscommand\LS_Start_Launch.cmd"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {768ddde3-8b4a-11e4-be95-240a64dea16d} - "D:\DSL-2750B.exe"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {c3e2e152-3940-11e4-be65-806e6f6e6963} - "F:\setup.EXE" /AUTORUN

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {f8f20a56-58ad-11e4-be88-a01d486f8ad3} - "D:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-24]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-12-24]

ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-12-24]

ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{3BB2ACE9-DB68-4D53-94A6-6F4E135ED1E0}: [DhcpNameServer] 199.203.131.151

Tcpip\..\Interfaces\{3D154E2D-CABD-454F-8BDC-16B3D78AEDAC}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{3D154E2D-CABD-454F-8BDC-16B3D78AEDAC}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130862720068145420&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130895977753687525&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {9F09F33C-419B-475C-8476-403EAD19E78C} URL = hxxps://se.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)

Toolbar: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> No Name - {7FCDA7E5-1475-4658-B845-53536A238E80} - No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mstehi7u.default

FF Homepage: hxxps://www.google.com.au/

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-26] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1952045502-1362136182-510965784-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-29] (Citrix Online)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-17] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-24]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-24]

Chrome:

=======

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-24]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]

CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]

CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-24]

CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-24]

CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-24]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-24]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)

S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

S4 ESCSvc; C:\Program Files (x86)\Emotum\Stay Connected\Service.exe [659752 2010-08-25] ()

S4 ESUSClient_B2; C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [358808 2011-03-07] (Telenor Sweden)

S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-29] (Citrix Online, LLC)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)

S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-23] ()

S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2745344 2015-06-02] (Lavasoft Limited) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()

S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-29] (SolidWorks) [File not signed]

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-21] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [9525936 2013-06-10] (Broadcom Corporation)

S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-31] ()

S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [651736 2012-11-03] (Intel Corporation)

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

S3 megasas2; C:\Windows\System32\drivers\megasas2.sys [53552 2012-10-02] (LSI Corporation)

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X]

S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]

S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]

S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 09:09 - 2016-02-07 09:09 - 00022325 _____ C:\Users\Owner\Downloads\FRST.txt

2016-02-07 09:08 - 2016-02-07 09:09 - 00000000 ____D C:\FRST

2016-02-07 09:07 - 2016-02-07 09:07 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe

2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi.ics

2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi (1).ics

2016-02-05 21:31 - 2016-02-05 21:31 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer (1).pdf

2016-02-05 21:17 - 2016-02-05 21:17 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer.pdf

2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000.pdf

2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000 (1).pdf

2016-02-05 21:15 - 2016-02-05 21:15 - 00646166 _____ C:\Users\Owner\Desktop\Boat Trailer.pdf

2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood.pdf

2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood (1).pdf

2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (2).pdf

2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (1).pdf

2016-02-04 23:06 - 2016-02-04 23:06 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003.pdf

2016-02-04 20:04 - 2016-02-04 20:04 - 00106188 _____ C:\Users\Owner\Downloads\Est_1669_from_Arrow_Roofing_Pty_Ltd.pdf

2016-02-04 16:53 - 2016-02-04 16:53 - 00412193 _____ C:\Users\Owner\Downloads\99185_TexasP_Weis.pdf

2016-02-04 16:49 - 2016-02-04 16:49 - 00015842 _____ C:\Users\Owner\Downloads\Spareparts list Wies 2016-02-03 (1).xlsx

2016-02-03 07:26 - 2016-02-03 07:26 - 00234836 _____ C:\Users\Owner\Downloads\80883 (1).pdf

2016-02-03 07:24 - 2016-02-03 07:24 - 00233822 _____ C:\Users\Owner\Downloads\80883.pdf

2016-02-02 21:21 - 2016-02-02 21:21 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

2016-02-02 21:21 - 2016-02-02 21:21 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Google

2016-02-02 21:20 - 2016-02-02 21:20 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup.exe

2016-02-01 20:30 - 2016-02-01 20:30 - 01840277 _____ C:\Users\Owner\Documents\PC issue 1-02-2016.pdf

2016-02-01 19:04 - 2016-02-01 19:04 - 00000000 ___DC C:\Users\Owner\AppData\Local\MigWiz

2016-02-01 16:51 - 2016-02-01 16:51 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (4).lnk

2016-01-31 18:17 - 2016-01-31 18:17 - 02085168 _____ C:\Users\Owner\Downloads\Adaware_Installer.exe

2016-01-31 18:16 - 2016-01-31 18:18 - 48831832 _____ C:\Users\Owner\Downloads\BDPUARLauncher.exe

2016-01-31 18:10 - 2016-01-31 18:13 - 00000000 ____D C:\AdwCleaner

2016-01-31 18:08 - 2016-01-31 18:08 - 01507840 _____ C:\Users\Owner\Downloads\adwcleaner_5.031.exe

2016-01-31 18:07 - 2016-01-31 18:07 - 01507840 _____ C:\Users\Owner\Downloads\AdwCleaner.exe

2016-01-31 17:37 - 2016-01-31 17:37 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

2016-01-31 17:35 - 2016-01-31 17:35 - 00027750 _____ C:\WINDOWS\system32\.crusader

2016-01-31 17:03 - 2016-01-31 17:35 - 00000000 ____D C:\ProgramData\HitmanPro

2016-01-31 16:32 - 2016-01-31 16:51 - 11323704 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe

2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\temp

2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\mbar

2016-01-31 15:30 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\DISKTOP TEMP 2

2016-01-31 15:30 - 2016-01-25 12:56 - 00000165 ____H C:\Users\peter\Desktop\~$SAKERHETSKODER.xlsx

2016-01-31 15:30 - 2016-01-25 09:53 - 00027669 _____ C:\Users\peter\Desktop\SAKERHETSKODER.xlsx

2016-01-31 15:30 - 2016-01-22 20:57 - 00000555 _____ C:\Users\peter\Desktop\JRT.txt

2016-01-31 15:30 - 2016-01-22 19:57 - 519004214 _____ C:\Users\peter\Desktop\MEMORY.DMP

2016-01-31 15:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\peter\Desktop\HUS PLAN.pdf

2016-01-31 15:30 - 2016-01-19 13:29 - 00303029 _____ C:\Users\peter\Desktop\HUS View.pdf

2016-01-31 15:30 - 2016-01-01 01:41 - 01455974 _____ C:\Users\peter\Desktop\163398_DNC-63-200-P-A.stp

2016-01-31 15:30 - 2015-12-24 15:47 - 00002403 _____ C:\Users\peter\Desktop\Word 2013.lnk

2016-01-31 15:30 - 2015-12-24 15:47 - 00002402 _____ C:\Users\peter\Desktop\PowerPoint 2013.lnk

2016-01-31 15:30 - 2015-12-24 15:47 - 00002359 _____ C:\Users\peter\Desktop\Outlook 2013.lnk

2016-01-31 15:30 - 2015-12-24 15:47 - 00001418 _____ C:\Users\peter\Desktop\GoToAssist Customer.lnk

2016-01-31 15:30 - 2015-12-24 15:47 - 00000870 _____ C:\Users\peter\Desktop\Documents - Shortcut.lnk

2016-01-31 15:30 - 2015-12-24 15:47 - 00000146 _____ C:\Users\peter\Desktop\Windows Defender - Shortcut.lnk

2016-01-31 15:30 - 2015-12-21 14:17 - 00000165 ____H C:\Users\peter\Desktop\~$Leeds AUS 2015.xlsx

2016-01-31 15:30 - 2015-12-09 14:55 - 02748635 _____ C:\Users\peter\Desktop\WC203905.pdf

2016-01-31 15:30 - 2015-11-13 19:02 - 00010165 ____H C:\Users\peter\Desktop\~WRL0005.tmp

2016-01-31 15:30 - 2015-10-01 14:45 - 00023415 _____ C:\Users\peter\Desktop\Leeds AUS 2015.xlsx

2016-01-31 15:30 - 2015-09-29 12:50 - 00464002 _____ C:\Users\peter\Desktop\Jury Medical Sept 2015.pdf

2016-01-31 15:30 - 2015-08-16 18:55 - 00000061 _____ C:\Users\peter\Desktop\GMail.url

2016-01-31 15:30 - 2015-06-11 11:43 - 00818697 _____ C:\Users\peter\Desktop\ESRF supporting documents .pdf

2016-01-31 01:31 - 2016-01-31 19:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1004

2016-01-31 01:26 - 2016-01-31 01:26 - 00000000 ____D C:\Users\peter\AppData\Local\GWX

2016-01-30 17:05 - 2016-01-31 17:24 - 00000000 ____D C:\Users\peter\AppData\Local\Google

2016-01-30 17:05 - 2016-01-30 17:05 - 00001442 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-01-30 17:05 - 2016-01-30 17:05 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-01-30 17:05 - 2016-01-30 17:05 - 00000020 ___SH C:\Users\peter\ntuser.ini

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\My Documents

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Videos

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Pictures

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Music

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 __SHD C:\Users\peter\IntelGraphicsProfiles

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Synaptics

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Macromedia

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\AVAST Software

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Adobe

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\VirtualStore

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\Packages

2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter

2016-01-30 17:05 - 2014-09-24 15:50 - 00002112 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

2016-01-30 17:05 - 2014-09-22 08:42 - 00000000 ____D C:\Users\peter\AppData\Local\Microsoft Help

2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2016-01-30 17:00 - 2016-01-30 17:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX

2016-01-30 10:19 - 2016-01-30 10:19 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full846.exe

2016-01-30 10:13 - 2016-01-30 10:13 - 00001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2016-01-30 10:13 - 2016-01-30 10:13 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ____D C:\WINDOWS\en

2016-01-30 10:12 - 2016-01-30 10:12 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2016-01-30 10:12 - 2016-01-30 10:12 - 00001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files\Windows Live

2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Live

2016-01-30 10:12 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll

2016-01-30 10:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll

2016-01-30 10:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll

2016-01-30 10:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll

2016-01-30 10:11 - 2016-02-05 21:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live

2016-01-30 10:11 - 2016-01-30 10:11 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe

2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (4).pdf

2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (3).pdf

2016-01-29 13:54 - 2016-01-29 13:54 - 00000000 ____D C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f

2016-01-29 13:51 - 2016-01-29 13:51 - 00005034 _____ C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f.zip

2016-01-28 10:01 - 2016-01-28 10:01 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (2).pdf

2016-01-28 07:14 - 2016-01-28 07:14 - 00032637 _____ C:\Users\Owner\Downloads\ANZ Receipt - Ref 1157179914.pdf

2016-01-28 07:07 - 2016-01-28 07:07 - 00232765 _____ C:\Users\Owner\Downloads\Invoice_126937.PDF

2016-01-27 23:14 - 2016-01-27 23:15 - 05826048 _____ C:\Users\Owner\Downloads\sample-marketing1-deutschland-20000.xls

2016-01-27 18:37 - 2016-01-27 18:37 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (1).pdf

2016-01-27 18:36 - 2016-01-27 18:36 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker.pdf

2016-01-27 16:22 - 2016-01-27 16:22 - 00490984 _____ C:\Users\Owner\Downloads\Machine 26.pdf

2016-01-27 14:17 - 2016-01-27 14:17 - 00018033 _____ C:\Users\Owner\Downloads\in-sydney (2).gz

2016-01-27 14:17 - 2016-01-27 14:17 - 00018026 _____ C:\Users\Owner\Downloads\in-sydney (1).gz

2016-01-27 14:16 - 2016-01-27 14:16 - 00018022 _____ C:\Users\Owner\Downloads\in-sydney.gz

2016-01-27 11:58 - 2016-01-27 11:58 - 00116048 _____ C:\Users\Owner\Downloads\Siemens Quotation IQRY160125004 - Packovation .pdf

2016-01-26 22:02 - 2016-01-26 22:02 - 00025150 _____ C:\Users\Owner\Downloads\INV-000037.pdf

2016-01-25 23:14 - 2016-01-25 23:14 - 01565585 _____ C:\Users\Owner\Downloads\OLD T-Bar - Cross runner.pdf

2016-01-25 23:14 - 2016-01-25 23:14 - 00339874 _____ C:\Users\Owner\Downloads\Mark 2 mainrunner machine for T-Bar-packer.pdf

2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New WA 200Cross runner 1.PDF

2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New WA 200Cross runner 1 (1).PDF

2016-01-25 12:56 - 2016-01-25 12:56 - 00000165 ____H C:\Users\Owner\Desktop\~$SAKERHETSKODER.xlsx

2016-01-25 11:32 - 2016-01-25 12:38 - 00002243 _____ C:\Users\Owner\Documents\starburn.txt

2016-01-25 11:31 - 2016-01-25 12:05 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Filmora

2016-01-25 11:31 - 2016-01-25 11:31 - 00001119 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk

2016-01-25 11:31 - 2016-01-25 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2016-01-25 11:30 - 2016-01-25 11:30 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full1901.exe

2016-01-25 09:53 - 2016-01-25 09:53 - 00027669 _____ C:\Users\Owner\Desktop\SAKERHETSKODER.xlsx

2016-01-24 20:48 - 2016-01-30 17:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-500

2016-01-24 20:45 - 2016-01-24 20:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Razer_Inc

2016-01-24 20:44 - 2016-01-25 07:38 - 00000000 ____D C:\Program Files (x86)\Razer

2016-01-24 20:44 - 2016-01-24 20:44 - 00000000 ____D C:\ProgramData\Razer

2016-01-24 20:43 - 2016-01-24 20:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages

2016-01-24 20:43 - 2016-01-24 20:43 - 00001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe

2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2016-01-24 18:19 - 2016-01-25 17:04 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat

2016-01-24 18:05 - 2016-01-24 18:05 - 00000046 _____ C:\WINDOWS\wininit.ini

2016-01-24 16:11 - 2016-01-24 16:11 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe

2016-01-24 16:10 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator

2016-01-24 16:10 - 2016-01-24 16:10 - 00000020 ___SH C:\Users\Administrator\ntuser.ini

2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\My Documents

2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos

2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures

2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music

2016-01-24 16:10 - 2014-09-24 15:50 - 00002112 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

2016-01-24 16:10 - 2014-09-22 08:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help

2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO

2016-01-24 15:42 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Comodo

2016-01-24 15:31 - 2016-02-05 08:41 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-01-24 15:31 - 2016-02-05 08:41 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-24 15:30 - 2016-02-07 09:06 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-24 15:30 - 2016-02-07 08:40 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-24 15:30 - 2016-02-02 13:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-01-24 15:30 - 2016-02-02 13:35 - 00003648 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-01-24 15:26 - 2016-01-24 15:26 - 00000000 ____D C:\ProgramData\Synaptics

2016-01-24 15:16 - 2016-01-24 15:16 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements

2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf

2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf

2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2016-01-24 15:10 - 2016-01-24 15:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard

2016-01-24 15:09 - 2016-01-24 15:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard

2016-01-24 14:49 - 2016-01-22 19:57 - 519004214 _____ C:\Users\Owner\Desktop\MEMORY.DMP

2016-01-24 13:46 - 2016-01-24 13:46 - 00000000 ____D C:\Users\Owner\Documents\Add-in Express

2016-01-24 13:40 - 2016-01-24 13:40 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2016-01-24 13:40 - 2015-12-13 11:13 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\Macromedia

2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\AVAST Software

2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\PDFConverter.com

2016-01-24 13:16 - 2016-01-24 13:39 - 00000000 ____D C:\Users\terry

2016-01-24 13:16 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\Packages

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\My Documents

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Videos

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Pictures

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Music

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 __SHD C:\Users\terry\IntelGraphicsProfiles

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Roaming\Adobe

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\VirtualStore

2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\Google

2016-01-24 13:16 - 2014-09-22 08:42 - 00000000 ____D C:\Users\terry\AppData\Local\Microsoft Help

2016-01-22 20:58 - 2016-01-22 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2016-01-22 20:57 - 2016-01-22 20:57 - 00000555 _____ C:\Users\Owner\Desktop\JRT.txt

2016-01-22 20:54 - 2016-01-24 13:38 - 00000000 ____D C:\Users\Owner\Desktop\mbar

2016-01-22 20:21 - 2016-01-24 15:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-01-22 20:21 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-22 20:21 - 2016-01-22 20:21 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-01-22 20:21 - 2016-01-22 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-22 20:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-01-22 20:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-01-22 20:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-01-22 19:57 - 2016-01-22 19:57 - 00293904 _____ C:\WINDOWS\Minidump\012216-7609-02.dmp

2016-01-22 19:36 - 2016-01-22 19:36 - 00297232 _____ C:\WINDOWS\Minidump\012216-7828-01.dmp

2016-01-22 16:06 - 2016-01-22 16:06 - 00000863 _____ C:\Users\Owner\Documents\Pictures - Shortcut.lnk

2016-01-22 15:47 - 2016-01-22 15:47 - 00295944 _____ C:\WINDOWS\Minidump\012216-8109-01.dmp

2016-01-22 11:28 - 2016-01-22 11:28 - 00295272 _____ C:\WINDOWS\Minidump\012216-8000-01.dmp

2016-01-22 11:26 - 2016-01-22 11:26 - 00294016 _____ C:\WINDOWS\Minidump\012216-7609-01.dmp

2016-01-22 11:06 - 2016-01-22 11:06 - 00294592 _____ C:\WINDOWS\Minidump\012216-7625-01.dmp

2016-01-22 10:58 - 2016-01-22 10:58 - 00300488 _____ C:\WINDOWS\Minidump\012216-7718-01.dmp

2016-01-22 07:49 - 2016-01-22 07:49 - 00300376 _____ C:\WINDOWS\Minidump\012216-8718-01.dmp

2016-01-21 21:12 - 2016-01-21 21:12 - 00302240 _____ C:\WINDOWS\Minidump\012116-7734-01.dmp

2016-01-21 10:01 - 2016-01-21 10:01 - 00296232 _____ C:\WINDOWS\Minidump\012116-8156-01.dmp

2016-01-21 08:16 - 2016-01-21 08:16 - 00294352 _____ C:\WINDOWS\Minidump\012116-7546-01.dmp

2016-01-20 23:05 - 2016-01-20 23:05 - 00299264 _____ C:\WINDOWS\Minidump\012016-8593-01.dmp

2016-01-20 22:21 - 2016-01-20 22:21 - 00296232 _____ C:\WINDOWS\Minidump\012016-7656-01.dmp

2016-01-20 21:42 - 2016-01-20 21:42 - 00299832 _____ C:\WINDOWS\Minidump\012016-8437-01.dmp

2016-01-20 16:38 - 2016-01-20 16:38 - 00295880 _____ C:\WINDOWS\Minidump\012016-7578-01.dmp

2016-01-20 12:48 - 2016-01-20 12:48 - 00299840 _____ C:\WINDOWS\Minidump\012016-7546-01.dmp

2016-01-20 11:30 - 2016-01-20 11:30 - 00300512 _____ C:\WINDOWS\Minidump\012016-7718-01.dmp

2016-01-20 08:55 - 2016-01-20 08:55 - 00296360 _____ C:\WINDOWS\Minidump\012016-7671-01.dmp

2016-01-19 20:55 - 2016-01-19 20:55 - 00299072 _____ C:\WINDOWS\Minidump\011916-7609-01.dmp

2016-01-19 19:21 - 2016-01-19 19:21 - 00299360 _____ C:\WINDOWS\Minidump\011916-7515-01.dmp

2016-01-19 18:19 - 2016-01-19 18:19 - 00300736 _____ C:\WINDOWS\Minidump\011916-7578-01.dmp

2016-01-19 13:40 - 2016-01-19 13:40 - 00299936 _____ C:\WINDOWS\Minidump\011916-7640-01.dmp

2016-01-19 13:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\Owner\Desktop\HUS PLAN.pdf

2016-01-19 13:29 - 2016-01-19 13:29 - 00303029 _____ C:\Users\Owner\Desktop\HUS View.pdf

2016-01-19 13:27 - 2016-01-19 13:27 - 00297672 _____ C:\WINDOWS\Minidump\011916-7703-01.dmp

2016-01-19 08:39 - 2016-01-19 08:39 - 00296040 _____ C:\WINDOWS\Minidump\011916-8484-01.dmp

2016-01-18 22:15 - 2016-01-18 22:15 - 00296704 _____ C:\WINDOWS\Minidump\011816-7656-01.dmp

2016-01-18 16:43 - 2016-01-18 16:43 - 00301320 _____ C:\WINDOWS\Minidump\011816-7625-01.dmp

2016-01-18 10:12 - 2016-01-18 10:12 - 00295984 _____ C:\WINDOWS\Minidump\011816-7593-01.dmp

2016-01-18 08:01 - 2016-01-18 08:01 - 00295400 _____ C:\WINDOWS\Minidump\011816-7796-01.dmp

2016-01-17 21:36 - 2016-01-17 21:36 - 00299400 _____ C:\WINDOWS\Minidump\011716-8234-01.dmp

2016-01-16 22:26 - 2016-01-16 22:26 - 00299304 _____ C:\WINDOWS\Minidump\011616-7750-01.dmp

2016-01-16 13:26 - 2016-01-16 13:26 - 00295784 _____ C:\WINDOWS\Minidump\011616-8375-01.dmp

2016-01-16 10:25 - 2016-01-16 10:25 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (3).lnk

2016-01-16 10:08 - 2016-01-16 10:08 - 00294920 _____ C:\WINDOWS\Minidump\011616-7500-01.dmp

2016-01-16 06:54 - 2016-01-16 06:54 - 00296272 _____ C:\WINDOWS\Minidump\011616-7625-01.dmp

2016-01-15 17:35 - 2016-01-15 17:35 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF

2016-01-15 17:23 - 2016-01-15 17:23 - 00295696 _____ C:\WINDOWS\Minidump\011516-7609-01.dmp

2016-01-15 15:47 - 2016-01-15 15:47 - 00296792 _____ C:\WINDOWS\Minidump\011516-8781-01.dmp

2016-01-15 11:06 - 2016-01-15 11:06 - 00294736 _____ C:\WINDOWS\Minidump\011516-8406-01.dmp

2016-01-15 11:04 - 2016-01-15 11:04 - 00299776 _____ C:\WINDOWS\Minidump\011516-7781-01.dmp

2016-01-15 08:29 - 2016-01-15 08:29 - 00295656 _____ C:\WINDOWS\Minidump\011516-7593-01.dmp

2016-01-14 11:32 - 2016-01-14 11:32 - 00296520 _____ C:\WINDOWS\Minidump\011416-7703-01.dmp

2016-01-14 09:23 - 2016-01-14 09:23 - 00295936 _____ C:\WINDOWS\Minidump\011416-7765-01.dmp

2016-01-14 08:09 - 2016-01-14 08:09 - 00296808 _____ C:\WINDOWS\Minidump\011416-7953-01.dmp

2016-01-13 21:25 - 2016-01-16 22:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-01-13 21:25 - 2016-01-13 21:25 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-01-13 21:25 - 2016-01-13 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-01-13 21:15 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2016-01-13 21:15 - 2016-01-13 21:15 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk

2016-01-13 21:15 - 2016-01-13 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-01-13 21:10 - 2016-01-13 21:10 - 00299680 _____ C:\WINDOWS\Minidump\011316-8390-01.dmp

2016-01-13 15:28 - 2016-01-13 15:28 - 00296928 _____ C:\WINDOWS\Minidump\011316-7625-01.dmp

2016-01-13 11:07 - 2016-01-13 11:07 - 00296136 _____ C:\WINDOWS\Minidump\011316-8031-01.dmp

2016-01-13 11:03 - 2016-01-13 11:03 - 00631808 _____ C:\WINDOWS\mta.dat

2016-01-13 10:59 - 2016-01-13 11:03 - 00000000 _____ C:\WINDOWS\mmta.exe

2016-01-13 10:53 - 2016-01-13 10:58 - 00000000 _____ C:\WINDOWS\mta.exe

2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-5825-1

2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-1343-0

2016-01-13 10:52 - 2016-01-24 13:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Setup Wizard

2016-01-13 10:39 - 2016-01-13 10:39 - 00300032 _____ C:\WINDOWS\Minidump\011316-7562-01.dmp

2016-01-13 08:25 - 2016-01-13 08:25 - 00295128 _____ C:\WINDOWS\Minidump\011316-11203-01.dmp

2016-01-13 06:56 - 2016-01-13 06:56 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2016-01-13 06:56 - 2016-01-13 06:56 - 00001003 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk

2016-01-13 06:54 - 2015-12-31 06:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-01-13 06:54 - 2015-12-31 06:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-01-13 06:54 - 2015-12-31 06:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-01-13 06:54 - 2015-12-11 15:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-01-13 06:54 - 2015-12-11 15:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-01-13 06:54 - 2015-12-11 14:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-01-13 06:54 - 2015-12-11 14:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-01-13 06:54 - 2015-12-11 14:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-01-13 06:54 - 2015-12-11 14:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-01-13 06:54 - 2015-12-11 14:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-01-13 06:54 - 2015-12-11 14:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-01-13 06:54 - 2015-12-11 14:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-01-13 06:54 - 2015-12-11 14:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-01-13 06:54 - 2015-12-11 13:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-01-13 06:54 - 2015-12-11 13:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-01-13 06:54 - 2015-12-11 13:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet(98).dll

2016-01-13 06:54 - 2015-12-11 13:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-01-13 06:54 - 2015-12-11 13:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon(94).dll

2016-01-13 06:54 - 2015-12-11 13:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-01-13 06:54 - 2015-12-11 13:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-01-13 06:54 - 2015-12-11 13:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-01-13 06:54 - 2015-12-11 13:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-01-13 06:54 - 2015-12-10 11:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32(38).dll

2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32(109).dll

2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32(57).dll

2016-01-13 06:54 - 2015-12-05 16:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL

2016-01-13 06:54 - 2015-12-05 16:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll

2016-01-13 06:54 - 2015-12-05 16:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll

2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32(118).dll

2016-01-13 06:54 - 2015-12-04 06:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-01-13 06:54 - 2015-12-04 06:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2016-01-13 06:54 - 2015-12-04 06:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll

2016-01-13 06:54 - 2015-12-04 06:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2016-01-13 06:54 - 2015-12-04 06:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2016-01-13 06:54 - 2015-12-04 05:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2016-01-13 06:54 - 2015-12-04 05:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll

2016-01-13 06:54 - 2015-12-04 05:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2016-01-13 06:54 - 2015-12-04 05:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2016-01-13 06:54 - 2015-12-04 05:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2016-01-13 06:54 - 2015-12-04 05:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll

2016-01-13 06:54 - 2015-12-04 05:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax

2016-01-13 06:54 - 2015-12-04 05:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL

2016-01-13 06:54 - 2015-12-04 05:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL

2016-01-13 06:54 - 2015-12-04 05:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL

2016-01-13 06:54 - 2015-12-04 04:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll

2016-01-13 06:54 - 2015-12-04 04:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2016-01-13 06:54 - 2015-12-04 04:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2016-01-13 06:54 - 2015-12-04 04:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL

2016-01-13 06:54 - 2015-12-04 04:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll

2016-01-13 06:54 - 2015-12-04 04:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax

2016-01-13 06:54 - 2015-12-04 04:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL

2016-01-13 06:54 - 2015-12-04 04:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL

2016-01-13 06:54 - 2015-12-04 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL

2016-01-13 06:54 - 2015-12-04 04:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2016-01-13 06:54 - 2015-12-04 04:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-01-13 06:54 - 2015-12-04 04:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2016-01-13 06:54 - 2015-12-04 04:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2016-01-13 06:54 - 2015-12-04 04:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL

2016-01-13 06:54 - 2015-12-04 03:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2016-01-13 06:54 - 2015-12-04 03:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL

2016-01-13 06:54 - 2015-12-04 03:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL

2016-01-13 06:54 - 2015-12-03 02:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2016-01-13 06:54 - 2015-12-03 02:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2016-01-13 06:54 - 2015-11-18 08:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-01-13 06:51 - 2016-01-13 06:51 - 00294248 _____ C:\WINDOWS\Minidump\011316-7437-01.dmp

2016-01-13 00:33 - 2016-01-13 00:33 - 00295304 _____ C:\WINDOWS\Minidump\011316-7828-01.dmp

2016-01-13 00:25 - 2016-01-13 00:25 - 00294344 _____ C:\WINDOWS\Minidump\011316-7531-01.dmp

2016-01-12 22:10 - 2016-01-12 22:10 - 00293928 _____ C:\WINDOWS\Minidump\011216-7578-01.dmp

2016-01-12 20:58 - 2016-01-12 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-01-12 20:08 - 2016-01-12 20:08 - 00226118 _____ C:\WINDOWS\ntbtlog.txt

2016-01-11 22:08 - 2016-01-11 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\PDFConverter.com

2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\COMODO

2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\Program Files\COMODO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 09:06 - 2014-09-30 20:04 - 00000000 __RDO C:\Users\Owner\OneDrive

2016-02-07 08:39 - 2014-09-11 11:36 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1001

2016-02-07 08:36 - 2015-07-20 19:10 - 00003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7536DEC7-60B9-4FC1-9054-C98CBA6F09FD}

2016-02-06 23:27 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\tracing

2016-02-06 21:43 - 2015-10-18 21:58 - 00000000 ____D C:\Users\Owner\Desktop\temp

2016-02-05 15:06 - 2015-09-03 03:39 - 00000000 ____D C:\ProgramData\CanonIJPLM

2016-02-05 13:28 - 2014-09-11 11:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages

2016-02-05 10:11 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\Inf

2016-02-05 08:50 - 2015-08-18 05:32 - 00000000 ____D C:\Users\Owner\Documents\15-16

2016-02-04 16:55 - 2014-09-16 23:24 - 00169312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

2016-02-04 07:59 - 2014-09-29 17:39 - 00000000 ____D C:\Users\Owner\AppData\Local\TempSWBackupDirectory

2016-02-02 21:21 - 2014-09-13 00:42 - 00000000 ____D C:\Program Files (x86)\Google

2016-02-01 18:24 - 2015-04-19 22:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc

2016-02-01 16:07 - 2014-09-12 04:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-02-01 11:35 - 2014-03-18 21:04 - 01167230 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-02-01 11:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-02-01 11:30 - 2015-09-21 13:50 - 00065536 _____ C:\WINDOWS\system32\Ikeext.etl

2016-02-01 11:30 - 2013-08-23 01:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-01-31 19:16 - 2015-06-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2016-01-31 19:16 - 2015-06-02 14:48 - 00000000 ____D C:\ProgramData\Lavasoft

2016-01-31 18:14 - 2013-08-23 00:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-01-31 18:13 - 2015-05-07 11:18 - 00000000 ____D C:\WINDOWS\system32\log

2016-01-31 17:38 - 2015-12-13 11:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2016-01-31 01:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-01-30 10:51 - 2015-07-17 19:55 - 00000000 ____D C:\Users\Owner\Tracing

2016-01-30 10:12 - 2015-01-22 13:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2016-01-25 17:18 - 2014-09-13 15:53 - 00000000 ____D C:\Users\Owner

2016-01-25 16:56 - 2014-09-29 17:38 - 00000000 ____D C:\Users\Owner\AppData\Local\SolidWorks

2016-01-25 11:31 - 2014-09-13 15:54 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2016-01-25 11:28 - 2015-11-24 14:44 - 00000000 ____D C:\Users\Owner\Downloads\SM C113_11056eng (1)

2016-01-25 11:12 - 2015-05-28 17:20 - 00000000 ____D C:\Program Files (x86)\Wondershare

2016-01-25 11:12 - 2015-05-28 16:56 - 00000000 ____D C:\Users\Public\Documents\Wondershare

2016-01-25 10:24 - 2013-08-23 02:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-01-24 20:44 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll

2016-01-24 15:31 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

2016-01-24 15:13 - 2014-09-12 05:01 - 00000000 ____D C:\swsetup

2016-01-24 15:09 - 2014-09-12 04:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2016-01-24 13:46 - 2015-05-29 16:20 - 00000000 ____D C:\ProgramData\WinZip

2016-01-24 13:39 - 2015-12-13 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-01-24 13:39 - 2015-12-08 15:15 - 00000000 ____D C:\WINDOWS\Minidump

2016-01-24 13:39 - 2015-12-06 19:52 - 00000000 ____D C:\Users\Public\Desktop\Microsoft IntelliPoint

2016-01-24 13:39 - 2015-12-05 11:45 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Video Editor

2016-01-24 13:39 - 2015-12-03 23:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software

2016-01-24 13:39 - 2015-10-07 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam

2016-01-24 13:39 - 2015-09-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-01-24 13:39 - 2015-09-13 19:48 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle

2016-01-24 13:39 - 2015-09-03 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5

2016-01-24 13:39 - 2015-07-16 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telenor

2016-01-24 13:39 - 2015-06-09 23:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2016-01-24 13:39 - 2015-06-02 14:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Lavasoft

2016-01-24 13:39 - 2015-06-02 14:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft

2016-01-24 13:39 - 2015-05-29 15:01 - 00000000 ____D C:\Users\Owner\Downloads\29-5-15

2016-01-24 13:39 - 2015-05-28 20:08 - 00000000 ____D C:\Users\Owner\Documents\TEST

2016-01-24 13:39 - 2015-05-21 17:43 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters

2016-01-24 13:39 - 2015-05-03 18:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software

2016-01-24 13:39 - 2015-04-30 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss

2016-01-24 13:39 - 2015-04-19 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2016-01-24 13:39 - 2015-03-16 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

2016-01-24 13:39 - 2015-03-16 19:35 - 00000000 ____D C:\Users\Owner\XP700_WW_WIN_3795_42

2016-01-24 13:39 - 2015-03-16 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2016-01-24 13:39 - 2015-03-16 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother

2016-01-24 13:39 - 2015-01-24 16:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installers

2016-01-24 13:39 - 2015-01-24 16:34 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2016-01-24 13:39 - 2015-01-22 12:53 - 00000000 ____D C:\Users\Owner\AppData\Local\FlexLink

2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2015

2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015

2016-01-24 13:39 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support

2016-01-24 13:39 - 2014-12-13 12:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\help_images_otherUI

2016-01-24 13:39 - 2014-12-12 11:45 - 00000000 ____D C:\Users\Owner\Desktop\DISKTOP TEMP 2

2016-01-24 13:39 - 2014-11-14 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2014 - English

2016-01-24 13:39 - 2014-11-14 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk

2016-01-24 13:39 - 2014-09-29 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005

2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix

2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix

2016-01-24 13:39 - 2014-09-27 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager

2016-01-24 13:39 - 2014-09-25 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

2016-01-24 13:39 - 2014-09-25 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110

2016-01-24 13:39 - 2014-09-24 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2016-01-24 13:39 - 2014-09-13 15:53 - 00000000 ____D C:\Users\UpdatusUser

2016-01-24 13:39 - 2014-09-13 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2016-01-24 13:39 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\ALLA FOTO

2016-01-24 13:39 - 2014-09-13 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2016-01-24 13:39 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0

2016-01-24 13:39 - 2014-09-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network

2016-01-24 13:39 - 2014-09-12 04:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dg

2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\WinStore

2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\FileManager

2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\Camera

2016-01-24 13:38 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla

2016-01-24 13:38 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Wondershare

2016-01-24 13:38 - 2015-01-06 11:13 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Sun

2016-01-24 13:38 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters

2016-01-24 13:38 - 2014-11-14 17:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Autodesk

2016-01-24 13:38 - 2014-09-27 13:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SolidWorks

2016-01-24 13:38 - 2014-09-26 12:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Canon

2016-01-24 13:38 - 2014-09-19 13:55 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Brother

2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\TomTom

2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\SolidWorks Downloads

2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\BUSSINESS

2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\2 Machines

2016-01-24 13:38 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\14-15

2016-01-24 13:38 - 2014-09-11 11:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe

2016-01-24 13:38 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\registration

2016-01-24 13:37 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla

2016-01-24 13:37 - 2014-11-14 17:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Autodesk

2016-01-24 13:37 - 2014-09-15 20:40 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet

2016-01-22 20:36 - 2014-03-18 20:46 - 00000000 ____D C:\WINDOWS\SKB

2016-01-22 20:10 - 2015-01-25 11:19 - 00000364 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job

2016-01-22 20:08 - 2015-08-07 20:06 - 00003084 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001

2016-01-22 20:08 - 2015-01-25 11:19 - 00003010 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner)

2016-01-22 20:08 - 2015-01-06 12:11 - 00003042 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe

2016-01-22 20:07 - 2014-12-25 23:24 - 00004314 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMScan

2016-01-22 20:07 - 2014-12-25 23:24 - 00003740 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater

2016-01-22 20:07 - 2014-12-25 23:24 - 00003734 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMRules

2016-01-22 20:07 - 2014-12-25 23:24 - 00003532 _____ C:\WINDOWS\System32\Tasks\Driver Support

2016-01-22 19:57 - 2015-12-08 15:15 - 519004214 _____ C:\WINDOWS\MEMORY.DMP

2016-01-21 08:34 - 2014-09-24 15:47 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-01-21 08:34 - 2013-08-23 02:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-21 08:20 - 2015-12-13 11:13 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2016-01-21 08:20 - 2015-12-13 11:13 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2016-01-20 21:57 - 2015-05-03 14:50 - 00000000 ____D C:\Users\Owner\Documents\1 SALES

2016-01-19 13:30 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2016-01-16 22:46 - 2014-12-26 11:29 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-01-15 17:35 - 2014-09-13 14:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe

2016-01-15 17:07 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(48)

2016-01-13 21:25 - 2014-09-13 14:03 - 00000000 ____D C:\ProgramData\Adobe

2016-01-13 21:15 - 2015-06-09 22:37 - 00000000 ____D C:\ProgramData\Skype

2016-01-13 16:20 - 2015-01-06 11:16 - 00000000 ____D C:\ProgramData\Oracle

2016-01-13 16:18 - 2015-09-13 20:11 - 00000000 ____D C:\Program Files (x86)\Java

2016-01-13 16:01 - 2015-04-15 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-01-13 16:01 - 2015-03-16 21:16 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2016-01-13 16:00 - 2012-07-26 18:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-01-13 15:58 - 2014-09-11 15:29 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-01-13 15:55 - 2014-09-11 15:29 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-01-13 08:25 - 2013-08-23 01:44 - 00592776 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-01-13 06:56 - 2015-04-08 20:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer

2016-01-13 06:56 - 2014-09-25 12:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-01-12 22:27 - 2015-12-12 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\NV

2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\system32\NV

2016-01-11 22:11 - 2015-12-12 12:50 - 00000000 ____D C:\Program Files\PeerBlock

2016-01-09 21:46 - 2014-11-17 13:03 - 00000000 ____D C:\Users\Owner\AppData\Local\cache

2016-01-08 10:02 - 2015-06-02 10:06 - 00000000 ____D C:\Users\Owner\Documents\COPY QUOTATIONS

2016-01-08 08:41 - 2014-09-13 01:32 - 00000000 ____D C:\QUOTATIONS

==================== Files in the root of some directories =======

2014-09-13 01:23 - 2014-09-13 01:23 - 0000030 _____ () C:\Users\Owner\AppData\Roaming\fixcfg.ini

2014-11-14 17:29 - 2014-11-14 17:29 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

Some zero byte size files/folders:

==========================

C:\Windows\jmc.exe

C:\Windows\mmta.exe

C:\Windows\mta.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-16 10:04

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Owner (2016-02-07 09:09:31)

Running from C:\Users\Owner\Downloads

Windows 8.1 Pro (X64) (2014-09-13 04:57:48)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1952045502-1362136182-510965784-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-1952045502-1362136182-510965784-501 - Limited - Disabled)

Owner (S-1-5-21-1952045502-1362136182-510965784-1001 - Administrator - Enabled) => C:\Users\Owner

UpdatusUser (S-1-5-21-1952045502-1362136182-510965784-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)

ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)

AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden

AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden

Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)

Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)

Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)

Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)

Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden

Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden

Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)

Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)

Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)

Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )

Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )

CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - Canon Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delcam for SolidWorks (x64) (HKLM\...\Delcam for SolidWorks) (Version: 21.7.0.20 - Delcam)

Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)

Driver Support Active Optimization (x32 Version: 1.0.4.7977 - PC Drivers HeadQuarters LP) Hidden

Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)

Epson Network Guide XP-700 Series (HKLM-x32\...\XP-700 Series Netg) (Version: - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)

EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)

HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)

HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)

HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)

Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )

Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden

Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)

SOLIDWORKS 2015 x64 Edition SP01.1 (HKLM-x32\...\SolidWorks Installation Manager 20150-40101-1100-100) (Version: 23.1.1.2 - SolidWorks Corporation)

SOLIDWORKS 2015 x64 Edition SP01.1 (Version: 23.111.2 - Dassault Systemes SolidWorks Corp) Hidden

SOLIDWORKS Composer Player 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden

SOLIDWORKS eDrawings 2015 x64 Edition SP01.1 (Version: 15.1.0044 - Dassault Systèmes SolidWorks Corp) Hidden

SOLIDWORKS Explorer 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden

Stay Connected (HKLM-x32\...\StayConnected) (Version: 2.1.1.324 - Telenor)

Stay Connected (x32 Version: 2.1.1.324 - Emotum Pty. Ltd.) Hidden

Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)

Telenor Sweden Software Update Service (x32 Version: 1.0.3.123 - Telenor Sweden) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Driver Package - Hewlett-Packard Development Company, L.P. HP Mobile Data Protection Sensor (02/26/2013 6.0.5.1) (HKLM\...\0CBD0BD267F8698191082DC9246612D35DB83232) (Version: 02/26/2013 6.0.5.1 - Hewlett-Packard Development Company, L.P.)

Windows Driver Package - Realtek Semiconduct Corp. (RTSPER) MTD (12/20/2013 6.3.9600.21245) (HKLM\...\211F31EEA7D7C573DBEB0DA809E8938B169D26F8) (Version: 12/20/2013 6.3.9600.21245 - Realtek Semiconduct Corp.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Wondershare Filmora(Build 6.8.2) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C6E1620-B4DE-43CD-9C02-415671381780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

Task: {194232E7-D88D-4CFA-BFD0-D71D8C99E76A} - \MixVideoPlayer Update -> No File <==== ATTENTION

Task: {1DE2B273-841A-4331-B2A1-78BCE19B1635} - \ProPCCleaner_Popup -> No File <==== ATTENTION

Task: {238908BE-4C55-43FD-94AF-04BCF7AD0389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-25] (Hewlett-Packard Company)

Task: {2F972427-523B-41B1-8FE2-CE101F7B0737} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

Task: {31E4F653-DEB2-48B7-99E4-418FE6D35FFF} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)

Task: {34A5814F-52A0-4DAF-AA6E-9FAD4C9CDE81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)

Task: {3AE73733-3EB9-464F-A1B0-74B5A9EA2A7F} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)

Task: {4135FC49-BDAF-424D-89BE-AF1A753A94CC} - \One System Care Task -> No File <==== ATTENTION

Task: {4D816FB0-1CB5-4543-B34F-5B5244AD06C3} - \ProPCCleaner_Start -> No File <==== ATTENTION

Task: {5C1571F3-0D0D-4ABF-B7AC-5CB1DA1135A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)

Task: {62C94D6F-7147-415A-9387-7C6A87649AFF} - \ReimageUpdater -> No File <==== ATTENTION

Task: {638C7376-1F77-44CF-A05E-290AAD57FC54} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)

Task: {6A9EA775-4081-41BD-BB64-C359BB7CA7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)

Task: {76858884-5641-45B1-BB5D-2217AFF450BE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)

Task: {7D24329C-158A-4F79-835E-ED8B9E86DE18} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe

Task: {8A120D88-5F33-48AE-87BA-598263E112B7} - \One System Care Monitor -> No File <==== ATTENTION

Task: {90F149F8-27DC-46E1-94DD-C7B49C8EBFDE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)

Task: {9600102C-3AF9-4F72-A8EC-33803D4D1AE4} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)

Task: {AD220E3C-24C8-4C95-97DD-EC019221396C} - \One System Care Run Delay -> No File <==== ATTENTION

Task: {B46D710D-AEF0-4954-9E76-C2D5F8B84E55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {C165A186-1F6D-4A53-B92A-793048C690D2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {CFB346C8-343E-4707-9400-ED4F7498AC04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

Task: {D27B9465-09CB-4A5D-A837-066887D77C16} - \{0F040547-080F-0A7E-0B11-7E0F0B08110C} -> No File <==== ATTENTION

Task: {D78F1B19-B1D1-4371-94BE-7916C4BE52CB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)

Task: {D9AAEE63-CF77-4B64-95DD-98F49688B11E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)

Task: {E106FB3C-2CC5-44CF-928A-A7AE976C0D61} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-13] (AVAST Software)

Task: {EFE0DA00-DCB5-4AD4-BBA8-27A71706A356} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-15] (Microsoft Corporation)

Task: {F0C70684-0FEE-41D9-B4AC-2B03EE2DF0A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {F88B749C-CB95-4250-9068-5C4A2A855440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe

Task: {F9BB948D-49E6-4280-B711-836B22AFE21D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {FAB4E219-C1B7-4E21-922B-F77AAF5B165A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {FCB0372C-3A32-4C91-934F-5D29E1AD813B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 10:45 - 2015-07-01 10:45 - 00022528 _____ () C:\WINDOWS\System32\us005lm.dll

2014-09-24 18:20 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll

2014-09-13 15:50 - 2013-10-23 19:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-10-27 14:40 - 2015-09-02 03:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-12-15 07:11 - 2014-12-15 07:11 - 00268280 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll

2015-12-13 11:13 - 2015-12-13 11:13 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-12-13 11:13 - 2015-12-13 11:13 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-02-01 09:05 - 2016-02-01 09:05 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16013101\algo.dll

2015-12-13 11:13 - 2015-12-13 11:13 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-02-07 08:51 - 2016-02-07 08:51 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020601\algo.dll

2014-11-20 09:40 - 2014-11-20 09:40 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-11-20 09:31 - 2014-11-20 09:31 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

2011-06-02 17:43 - 2011-06-02 17:43 - 04302200 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\core.dll

2011-06-02 17:43 - 2011-06-02 17:43 - 01842080 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\custom.dll

2011-05-27 11:41 - 2011-05-27 11:41 - 00779152 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\mobile.dll

2011-04-13 14:33 - 2011-04-13 14:33 - 01097728 _____ () C:\Program Files (x86)\Emotum\Stay Connected\NDISAPI.dll

2015-12-13 11:13 - 2015-12-13 11:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\RazerCoinstaller.dll:$CmdTcID

AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID

AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdTcID

AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: Autodesk Content Service => 2

MSCONFIG\Services: BcmBtRSupport => 2

MSCONFIG\Services: becldr3Service => 3

MSCONFIG\Services: BrYNSvc => 3

MSCONFIG\Services: btwdins => 2

MSCONFIG\Services: EpsonScanSvc => 2

MSCONFIG\Services: ESCSvc => 2

MSCONFIG\Services: ESUSClient_B2 => 2

MSCONFIG\Services: GoToAssist Remote Support Customer => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hpsrv => 2

MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2

MSCONFIG\Services: IJPLMSVC => 2

MSCONFIG\Services: Mobile Broadband HL Service => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: WsAppService => 3

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"

HKLM\...\StartupApproved\Run: => "HotKeysCmds"

HKLM\...\StartupApproved\Run: => "Persistence"

HKLM\...\StartupApproved\Run: => "IgfxTray"

HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "BrStsMon00"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Autodesk Sync"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C244AB0A-F12C-4AEB-A436-48335980BDC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{63DFE80C-578D-47D9-BB0D-860BCC9E03B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{19F04507-D3F9-41D2-91A8-AEEA3E126D3E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{A94CC178-BB98-48B5-9AB8-3D9A4E124C98}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{FB45E8F3-E19F-4CA7-88EA-2E10F366F00F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{A8333C35-7228-4164-AF62-F4CA24FCB1A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{7EBDE2A1-B644-408D-826C-F989CE3442D9}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe

FirewallRules: [UDP Query User{6C8D3B42-E140-46CC-99D8-F43BDFECF5D0}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe

FirewallRules: [{B1659F75-98C4-4C13-9326-26231C65F658}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe

FirewallRules: [{F64962D0-51A6-4D02-A652-859CF8900544}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{9B37123E-209C-46F2-9F6E-D0D24031862E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{ECFCB69B-B73C-435C-8B96-897A23C55E68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{72969A91-9807-4063-A769-99D791C58519}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{3A04985D-D2A7-44F0-BC9F-A9675682DC55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{FCFDFD20-5A4E-4521-9095-4A0EEA4229D7}] => (Allow) LPort=2869

FirewallRules: [{DD3E877D-20C6-4E2E-A464-72C3985ADB3A}] => (Allow) LPort=1900

FirewallRules: [{5111B4FC-21C4-4C90-A811-1970AE4F0A0D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{C20D69E8-AACE-4499-A0E9-2477FC859CF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-01-2016 13:36:45 Restore Operation

28-01-2016 10:05:53 Windows Update

30-01-2016 10:11:59 Windows Live Essentials

30-01-2016 10:12:09 Installed DirectX

30-01-2016 10:12:17 Installed DirectX

30-01-2016 10:12:26 Installed DirectX

31-01-2016 17:33:02 Checkpoint by HitmanPro

05-02-2016 10:11:46 Windows Update

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Device

Description: High Definition Audio Device

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HdAudAddService

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HID-compliant touch screen

Description: HID-compliant touch screen

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (02/07/2016 09:06:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/07/2016 09:06:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)

Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)

Error: (02/07/2016 08:44:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)

System errors:

=============

Error: (02/03/2016 10:10:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3119142).

Error: (02/01/2016 11:32:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (02/01/2016 11:32:49 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/31/2016 07:17:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/31/2016 06:16:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (01/31/2016 06:16:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/31/2016 06:14:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2016 06:14:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2016 06:14:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (01/31/2016 06:14:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

CodeIntegrity:

===================================

Date: 2016-01-24 17:57:04.302

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-24 17:49:47.455

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-24 16:13:28.799

Date: 2015-12-21 18:31:17.166

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.

Date: 2015-12-21 18:31:17.057

Date: 2015-12-21 18:31:16.947

Date: 2015-12-21 18:31:16.822

Date: 2015-12-21 18:31:16.713

Date: 2015-12-21 18:31:15.213

Date: 2015-11-19 17:45:43.429

==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz

Percentage of memory in use: 24%

Total physical RAM: 8124.02 MB

Available physical RAM: 6132.3 MB

Total Virtual: 16316.02 MB

Available Virtual: 14149.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.62 GB) (Free:42.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 02AA02AA)

Partition: GPT.

========================================================

Disk: 1 (Size: 3.8 GB) (Disk ID: B8AAE178)

Partition: GPT.

==================== End of Addition.txt ============================

#4
LiquidTension

Posted 07 February 2016 - 01:33 PM

Expert

Expert
1,151 posts

Hello,

Before proceeding, please tell me if you purposely installed the following programme: Driver Support Active Optimization.

Thank you.

#5
talkingtree

Posted 07 February 2016 - 01:59 PM

Member

Topic Starter
Member
58 posts

I dont recall installing that

It seems ok though

http://www.shouldire...26-program.aspx

Edited by talkingtree, 07 February 2016 - 02:04 PM.

#6
LiquidTension

Posted 07 February 2016 - 03:01 PM

Expert

Expert
1,151 posts

Hello,

Driver Support Active Optimization is not the type of software I recommend having installed. Optimization software such as this is unnecessary, may cause issues and could be regarded as a Potentially Unwanted Programme (PUP). To uninstall, the programme will need to be unhidden. Please let me know if you wish for this to be done.

You have a number of COMODO and Lavasoft remnants present on your computer. These can be addressed afterwards. Your computer appears to have blue screened recently (many times). This could be indicative of a hardware or a software issue, and can also be addressed.

For now, please do the following:

STEP 1
Revo Uninstaller

Please download and install Revo Uninstaller.
Double-Click Revo Uninstaller to run the programme.
From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
- HiDef Media Player 1.1.12
Double-Click the programme.
When prompted if you want to uninstall click Yes.
Ensure the Moderate option is selected and click Next.
The programme uninstaller will run. If prompted again click Yes.
Work your way through the uninstaller, ensuring you read each page thoroughly.
Note: If you are offered the choice to install additional software, ensure you decline.
Once the built-in uninstaller is finished click Next.
Once the programme has searched for leftovers click Next.
Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
When prompted click Yes, followed by Next.
Click Select all, followed by Delete.
When prompted click Yes, followed by Next.
Upon completion, click Finish.
In your next reply, confirm you were successful in uninstalling all programmes listed above.

STEP 2
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
CreateRestorePoint:
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c339-237e-11e5-becd-240a64dea16d} - "E:\AutoRun.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c35c-237e-11e5-becd-240a64dea16d} - "D:\AutoRun.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {6a5ceecc-4af9-11e4-be82-240a64dea16d} - "D:\fscommand\LS_Start_Launch.cmd"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {768ddde3-8b4a-11e4-be95-240a64dea16d} - "D:\DSL-2750B.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {c3e2e152-3940-11e4-be65-806e6f6e6963} - "F:\setup.EXE" /AUTORUN
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {f8f20a56-58ad-11e4-be88-a01d486f8ad3} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> No Name - {7FCDA7E5-1475-4658-B845-53536A238E80} -  No File
2016-01-24 13:39 - 2014-09-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
Folder: C:\Users\Owner\AppData\Roaming\dg
Folder: C:\ProgramData\323486fe-5825-1
Folder: C:\ProgramData\323486fe-1343-0
Task: {194232E7-D88D-4CFA-BFD0-D71D8C99E76A} - \MixVideoPlayer Update -> No File <==== ATTENTION
Task: {1DE2B273-841A-4331-B2A1-78BCE19B1635} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {4135FC49-BDAF-424D-89BE-AF1A753A94CC} - \One System Care Task -> No File <==== ATTENTION
Task: {4D816FB0-1CB5-4543-B34F-5B5244AD06C3} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {62C94D6F-7147-415A-9387-7C6A87649AFF} - \ReimageUpdater -> No File <==== ATTENTION
Task: {8A120D88-5F33-48AE-87BA-598263E112B7} - \One System Care Monitor -> No File <==== ATTENTION
Task: {AD220E3C-24C8-4C95-97DD-EC019221396C} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {D27B9465-09CB-4A5D-A837-066887D77C16} - \{0F040547-080F-0A7E-0B11-7E0F0B08110C} -> No File <==== ATTENTION
C:\Windows\jmc.exe
C:\Windows\mmta.exe
C:\Windows\mta.exe
C:\WINDOWS\mta.dat
CMD: ipconfig /flushdns
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 3
RogueKiller Scan

Please download RogueKiller and save the file to your Desktop.
Close any running programmes.
Right-Click RogueKiller.exe and select Run as administrator to run the programme.
Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
A browser window may open. Close the browser window.
Click . Upon completion, click .
Close the programme. Do not fix anything!
A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Did the programme uninstall OK?
Fixlog.txt
RKreport.txt

#7
talkingtree

Posted 08 February 2016 - 03:56 AM

Member

Topic Starter
Member
58 posts

Did the programme uninstall OK?

Yes it seems like it's gone

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Owner (2016-02-08 20:12:26) Run:1

Running from C:\Users\Owner\Downloads

Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint: