Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Very hard adware that wont remove from Google chrome [Solved]


  • This topic is locked This topic is locked

#1
talkingtree

talkingtree

    Member

  • Member
  • PipPip
  • 53 posts

Hi,

 

I have tried to remove this adware using many software, but it just wont go away. It only happen on Google Chrome, and ads will specific show up on websites such as Cnet. The scans will show up as nothing is infected or removal of some other programs, but not this particular one. Also tried resetting the Google Chrome settings.

 

Programs that I tried

-Avast (boot-time as well)

-Malwarebyte

-AdwCleaner

-Bitdefender

-Ad-aware

-Spybot

-HitmanPro

 

Untitled.jpg

Untitled2.jpg


Edited by talkingtree, 06 February 2016 - 05:38 AM.

  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello talkingtree, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please run the following diagnostic scan so I can ascertain the state of your computer.
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

  • 0

#3
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Thanks for the reply. The followings are the scan.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Owner (administrator) on HP (07-02-2016 09:09:08)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Telenor SE) C:\Program Files (x86)\Emotum\Stay Connected\TelenorSEMobile.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-14] ()
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Telenor Stay Connected] => C:\Program Files (x86)\Emotum\Stay Connected\TelenorSEMobile.exe [339456 2010-08-03] (Telenor SE)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [291968 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c339-237e-11e5-becd-240a64dea16d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c35c-237e-11e5-becd-240a64dea16d} - "D:\AutoRun.exe" 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {6a5ceecc-4af9-11e4-be82-240a64dea16d} - "D:\fscommand\LS_Start_Launch.cmd" 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {768ddde3-8b4a-11e4-be95-240a64dea16d} - "D:\DSL-2750B.exe" 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {c3e2e152-3940-11e4-be65-806e6f6e6963} - "F:\setup.EXE" /AUTORUN
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {f8f20a56-58ad-11e4-be88-a01d486f8ad3} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-12-24]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-12-24]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3BB2ACE9-DB68-4D53-94A6-6F4E135ED1E0}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{3D154E2D-CABD-454F-8BDC-16B3D78AEDAC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3D154E2D-CABD-454F-8BDC-16B3D78AEDAC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130862720068145420&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130895977753687525&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {9F09F33C-419B-475C-8476-403EAD19E78C} URL = hxxps://se.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> No Name - {7FCDA7E5-1475-4658-B845-53536A238E80} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mstehi7u.default
FF Homepage: hxxps://www.google.com.au/
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1952045502-1362136182-510965784-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-29] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 ESCSvc; C:\Program Files (x86)\Emotum\Stay Connected\Service.exe [659752 2010-08-25] ()
S4 ESUSClient_B2; C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [358808 2011-03-07] (Telenor Sweden)
S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-29] (Citrix Online, LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-23] ()
S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2745344 2015-06-02] (Lavasoft Limited) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-29] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [9525936 2013-06-10] (Broadcom Corporation)
S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-31] ()
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [651736 2012-11-03] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 megasas2; C:\Windows\System32\drivers\megasas2.sys [53552 2012-10-02] (LSI Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X]
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 09:09 - 2016-02-07 09:09 - 00022325 _____ C:\Users\Owner\Downloads\FRST.txt
2016-02-07 09:08 - 2016-02-07 09:09 - 00000000 ____D C:\FRST
2016-02-07 09:07 - 2016-02-07 09:07 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi.ics
2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi (1).ics
2016-02-05 21:31 - 2016-02-05 21:31 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer (1).pdf
2016-02-05 21:17 - 2016-02-05 21:17 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer.pdf
2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000.pdf
2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000 (1).pdf
2016-02-05 21:15 - 2016-02-05 21:15 - 00646166 _____ C:\Users\Owner\Desktop\Boat Trailer.pdf
2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood.pdf
2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood (1).pdf
2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (2).pdf
2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (1).pdf
2016-02-04 23:06 - 2016-02-04 23:06 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003.pdf
2016-02-04 20:04 - 2016-02-04 20:04 - 00106188 _____ C:\Users\Owner\Downloads\Est_1669_from_Arrow_Roofing_Pty_Ltd.pdf
2016-02-04 16:53 - 2016-02-04 16:53 - 00412193 _____ C:\Users\Owner\Downloads\99185_TexasP_Weis.pdf
2016-02-04 16:49 - 2016-02-04 16:49 - 00015842 _____ C:\Users\Owner\Downloads\Spareparts list Wies 2016-02-03 (1).xlsx
2016-02-03 07:26 - 2016-02-03 07:26 - 00234836 _____ C:\Users\Owner\Downloads\80883 (1).pdf
2016-02-03 07:24 - 2016-02-03 07:24 - 00233822 _____ C:\Users\Owner\Downloads\80883.pdf
2016-02-02 21:21 - 2016-02-02 21:21 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-02 21:21 - 2016-02-02 21:21 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Google
2016-02-02 21:20 - 2016-02-02 21:20 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup.exe
2016-02-01 20:30 - 2016-02-01 20:30 - 01840277 _____ C:\Users\Owner\Documents\PC issue 1-02-2016.pdf
2016-02-01 19:04 - 2016-02-01 19:04 - 00000000 ___DC C:\Users\Owner\AppData\Local\MigWiz
2016-02-01 16:51 - 2016-02-01 16:51 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (4).lnk
2016-01-31 18:17 - 2016-01-31 18:17 - 02085168 _____ C:\Users\Owner\Downloads\Adaware_Installer.exe
2016-01-31 18:16 - 2016-01-31 18:18 - 48831832 _____ C:\Users\Owner\Downloads\BDPUARLauncher.exe
2016-01-31 18:10 - 2016-01-31 18:13 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:08 - 2016-01-31 18:08 - 01507840 _____ C:\Users\Owner\Downloads\adwcleaner_5.031.exe
2016-01-31 18:07 - 2016-01-31 18:07 - 01507840 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2016-01-31 17:37 - 2016-01-31 17:37 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-31 17:35 - 2016-01-31 17:35 - 00027750 _____ C:\WINDOWS\system32\.crusader
2016-01-31 17:03 - 2016-01-31 17:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-31 16:32 - 2016-01-31 16:51 - 11323704 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\temp
2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\mbar
2016-01-31 15:30 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\DISKTOP TEMP 2
2016-01-31 15:30 - 2016-01-25 12:56 - 00000165 ____H C:\Users\peter\Desktop\~$SAKERHETSKODER.xlsx
2016-01-31 15:30 - 2016-01-25 09:53 - 00027669 _____ C:\Users\peter\Desktop\SAKERHETSKODER.xlsx
2016-01-31 15:30 - 2016-01-22 20:57 - 00000555 _____ C:\Users\peter\Desktop\JRT.txt
2016-01-31 15:30 - 2016-01-22 19:57 - 519004214 _____ C:\Users\peter\Desktop\MEMORY.DMP
2016-01-31 15:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\peter\Desktop\HUS PLAN.pdf
2016-01-31 15:30 - 2016-01-19 13:29 - 00303029 _____ C:\Users\peter\Desktop\HUS View.pdf
2016-01-31 15:30 - 2016-01-01 01:41 - 01455974 _____ C:\Users\peter\Desktop\163398_DNC-63-200-P-A.stp
2016-01-31 15:30 - 2015-12-24 15:47 - 00002403 _____ C:\Users\peter\Desktop\Word 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00002402 _____ C:\Users\peter\Desktop\PowerPoint 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00002359 _____ C:\Users\peter\Desktop\Outlook 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00001418 _____ C:\Users\peter\Desktop\GoToAssist Customer.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00000870 _____ C:\Users\peter\Desktop\Documents - Shortcut.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00000146 _____ C:\Users\peter\Desktop\Windows Defender - Shortcut.lnk
2016-01-31 15:30 - 2015-12-21 14:17 - 00000165 ____H C:\Users\peter\Desktop\~$Leeds AUS 2015.xlsx
2016-01-31 15:30 - 2015-12-09 14:55 - 02748635 _____ C:\Users\peter\Desktop\WC203905.pdf
2016-01-31 15:30 - 2015-11-13 19:02 - 00010165 ____H C:\Users\peter\Desktop\~WRL0005.tmp
2016-01-31 15:30 - 2015-10-01 14:45 - 00023415 _____ C:\Users\peter\Desktop\Leeds AUS 2015.xlsx
2016-01-31 15:30 - 2015-09-29 12:50 - 00464002 _____ C:\Users\peter\Desktop\Jury Medical Sept 2015.pdf
2016-01-31 15:30 - 2015-08-16 18:55 - 00000061 _____ C:\Users\peter\Desktop\GMail.url
2016-01-31 15:30 - 2015-06-11 11:43 - 00818697 _____ C:\Users\peter\Desktop\ESRF supporting documents .pdf
2016-01-31 01:31 - 2016-01-31 19:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1004
2016-01-31 01:26 - 2016-01-31 01:26 - 00000000 ____D C:\Users\peter\AppData\Local\GWX
2016-01-30 17:05 - 2016-01-31 17:24 - 00000000 ____D C:\Users\peter\AppData\Local\Google
2016-01-30 17:05 - 2016-01-30 17:05 - 00001442 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 17:05 - 2016-01-30 17:05 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-30 17:05 - 2016-01-30 17:05 - 00000020 ___SH C:\Users\peter\ntuser.ini
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\My Documents
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Videos
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Pictures
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Music
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 __SHD C:\Users\peter\IntelGraphicsProfiles
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Synaptics
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\AVAST Software
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\Packages
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter
2016-01-30 17:05 - 2014-09-24 15:50 - 00002112 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2016-01-30 17:05 - 2014-09-22 08:42 - 00000000 ____D C:\Users\peter\AppData\Local\Microsoft Help
2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-30 17:00 - 2016-01-30 17:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2016-01-30 10:19 - 2016-01-30 10:19 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full846.exe
2016-01-30 10:13 - 2016-01-30 10:13 - 00001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-01-30 10:13 - 2016-01-30 10:13 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ____D C:\WINDOWS\en
2016-01-30 10:12 - 2016-01-30 10:12 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-01-30 10:12 - 2016-01-30 10:12 - 00001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files\Windows Live
2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-01-30 10:12 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-01-30 10:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-01-30 10:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-01-30 10:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-01-30 10:11 - 2016-02-05 21:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2016-01-30 10:11 - 2016-01-30 10:11 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe
2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (4).pdf
2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (3).pdf
2016-01-29 13:54 - 2016-01-29 13:54 - 00000000 ____D C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f
2016-01-29 13:51 - 2016-01-29 13:51 - 00005034 _____ C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f.zip
2016-01-28 10:01 - 2016-01-28 10:01 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (2).pdf
2016-01-28 07:14 - 2016-01-28 07:14 - 00032637 _____ C:\Users\Owner\Downloads\ANZ Receipt - Ref 1157179914.pdf
2016-01-28 07:07 - 2016-01-28 07:07 - 00232765 _____ C:\Users\Owner\Downloads\Invoice_126937.PDF
2016-01-27 23:14 - 2016-01-27 23:15 - 05826048 _____ C:\Users\Owner\Downloads\sample-marketing1-deutschland-20000.xls
2016-01-27 18:37 - 2016-01-27 18:37 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (1).pdf
2016-01-27 18:36 - 2016-01-27 18:36 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker.pdf
2016-01-27 16:22 - 2016-01-27 16:22 - 00490984 _____ C:\Users\Owner\Downloads\Machine 26.pdf
2016-01-27 14:17 - 2016-01-27 14:17 - 00018033 _____ C:\Users\Owner\Downloads\in-sydney (2).gz
2016-01-27 14:17 - 2016-01-27 14:17 - 00018026 _____ C:\Users\Owner\Downloads\in-sydney (1).gz
2016-01-27 14:16 - 2016-01-27 14:16 - 00018022 _____ C:\Users\Owner\Downloads\in-sydney.gz
2016-01-27 11:58 - 2016-01-27 11:58 - 00116048 _____ C:\Users\Owner\Downloads\Siemens Quotation  IQRY160125004  - Packovation .pdf
2016-01-26 22:02 - 2016-01-26 22:02 - 00025150 _____ C:\Users\Owner\Downloads\INV-000037.pdf
2016-01-25 23:14 - 2016-01-25 23:14 - 01565585 _____ C:\Users\Owner\Downloads\OLD T-Bar - Cross runner.pdf
2016-01-25 23:14 - 2016-01-25 23:14 - 00339874 _____ C:\Users\Owner\Downloads\Mark 2 mainrunner machine for T-Bar-packer.pdf
2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New  WA 200Cross runner 1.PDF
2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New  WA 200Cross runner 1 (1).PDF
2016-01-25 12:56 - 2016-01-25 12:56 - 00000165 ____H C:\Users\Owner\Desktop\~$SAKERHETSKODER.xlsx
2016-01-25 11:32 - 2016-01-25 12:38 - 00002243 _____ C:\Users\Owner\Documents\starburn.txt
2016-01-25 11:31 - 2016-01-25 12:05 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Filmora
2016-01-25 11:31 - 2016-01-25 11:31 - 00001119 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2016-01-25 11:31 - 2016-01-25 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-01-25 11:30 - 2016-01-25 11:30 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full1901.exe
2016-01-25 09:53 - 2016-01-25 09:53 - 00027669 _____ C:\Users\Owner\Desktop\SAKERHETSKODER.xlsx
2016-01-24 20:48 - 2016-01-30 17:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-500
2016-01-24 20:45 - 2016-01-24 20:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Razer_Inc
2016-01-24 20:44 - 2016-01-25 07:38 - 00000000 ____D C:\Program Files (x86)\Razer
2016-01-24 20:44 - 2016-01-24 20:44 - 00000000 ____D C:\ProgramData\Razer
2016-01-24 20:43 - 2016-01-24 20:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-01-24 20:43 - 2016-01-24 20:43 - 00001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-01-24 18:19 - 2016-01-25 17:04 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-01-24 18:05 - 2016-01-24 18:05 - 00000046 _____ C:\WINDOWS\wininit.ini
2016-01-24 16:11 - 2016-01-24 16:11 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2016-01-24 16:10 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator
2016-01-24 16:10 - 2016-01-24 16:10 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-24 16:10 - 2014-09-24 15:50 - 00002112 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2016-01-24 16:10 - 2014-09-22 08:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-01-24 15:42 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Comodo
2016-01-24 15:31 - 2016-02-05 08:41 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-24 15:31 - 2016-02-05 08:41 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-24 15:30 - 2016-02-07 09:06 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-24 15:30 - 2016-02-07 08:40 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 15:30 - 2016-02-02 13:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-24 15:30 - 2016-02-02 13:35 - 00003648 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-24 15:26 - 2016-01-24 15:26 - 00000000 ____D C:\ProgramData\Synaptics
2016-01-24 15:16 - 2016-01-24 15:16 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-01-24 15:10 - 2016-01-24 15:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2016-01-24 15:09 - 2016-01-24 15:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-01-24 14:49 - 2016-01-22 19:57 - 519004214 _____ C:\Users\Owner\Desktop\MEMORY.DMP
2016-01-24 13:46 - 2016-01-24 13:46 - 00000000 ____D C:\Users\Owner\Documents\Add-in Express
2016-01-24 13:40 - 2016-01-24 13:40 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-24 13:40 - 2015-12-13 11:13 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\Macromedia
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\AVAST Software
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\PDFConverter.com
2016-01-24 13:16 - 2016-01-24 13:39 - 00000000 ____D C:\Users\terry
2016-01-24 13:16 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\Packages
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\My Documents
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Videos
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Pictures
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Music
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 __SHD C:\Users\terry\IntelGraphicsProfiles
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Roaming\Adobe
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\VirtualStore
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\Google
2016-01-24 13:16 - 2014-09-22 08:42 - 00000000 ____D C:\Users\terry\AppData\Local\Microsoft Help
2016-01-22 20:58 - 2016-01-22 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-22 20:57 - 2016-01-22 20:57 - 00000555 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-22 20:54 - 2016-01-24 13:38 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2016-01-22 20:21 - 2016-01-24 15:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-22 20:21 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-22 20:21 - 2016-01-22 20:21 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-22 20:21 - 2016-01-22 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-22 20:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-22 20:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-22 20:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-22 19:57 - 2016-01-22 19:57 - 00293904 _____ C:\WINDOWS\Minidump\012216-7609-02.dmp
2016-01-22 19:36 - 2016-01-22 19:36 - 00297232 _____ C:\WINDOWS\Minidump\012216-7828-01.dmp
2016-01-22 16:06 - 2016-01-22 16:06 - 00000863 _____ C:\Users\Owner\Documents\Pictures - Shortcut.lnk
2016-01-22 15:47 - 2016-01-22 15:47 - 00295944 _____ C:\WINDOWS\Minidump\012216-8109-01.dmp
2016-01-22 11:28 - 2016-01-22 11:28 - 00295272 _____ C:\WINDOWS\Minidump\012216-8000-01.dmp
2016-01-22 11:26 - 2016-01-22 11:26 - 00294016 _____ C:\WINDOWS\Minidump\012216-7609-01.dmp
2016-01-22 11:06 - 2016-01-22 11:06 - 00294592 _____ C:\WINDOWS\Minidump\012216-7625-01.dmp
2016-01-22 10:58 - 2016-01-22 10:58 - 00300488 _____ C:\WINDOWS\Minidump\012216-7718-01.dmp
2016-01-22 07:49 - 2016-01-22 07:49 - 00300376 _____ C:\WINDOWS\Minidump\012216-8718-01.dmp
2016-01-21 21:12 - 2016-01-21 21:12 - 00302240 _____ C:\WINDOWS\Minidump\012116-7734-01.dmp
2016-01-21 10:01 - 2016-01-21 10:01 - 00296232 _____ C:\WINDOWS\Minidump\012116-8156-01.dmp
2016-01-21 08:16 - 2016-01-21 08:16 - 00294352 _____ C:\WINDOWS\Minidump\012116-7546-01.dmp
2016-01-20 23:05 - 2016-01-20 23:05 - 00299264 _____ C:\WINDOWS\Minidump\012016-8593-01.dmp
2016-01-20 22:21 - 2016-01-20 22:21 - 00296232 _____ C:\WINDOWS\Minidump\012016-7656-01.dmp
2016-01-20 21:42 - 2016-01-20 21:42 - 00299832 _____ C:\WINDOWS\Minidump\012016-8437-01.dmp
2016-01-20 16:38 - 2016-01-20 16:38 - 00295880 _____ C:\WINDOWS\Minidump\012016-7578-01.dmp
2016-01-20 12:48 - 2016-01-20 12:48 - 00299840 _____ C:\WINDOWS\Minidump\012016-7546-01.dmp
2016-01-20 11:30 - 2016-01-20 11:30 - 00300512 _____ C:\WINDOWS\Minidump\012016-7718-01.dmp
2016-01-20 08:55 - 2016-01-20 08:55 - 00296360 _____ C:\WINDOWS\Minidump\012016-7671-01.dmp
2016-01-19 20:55 - 2016-01-19 20:55 - 00299072 _____ C:\WINDOWS\Minidump\011916-7609-01.dmp
2016-01-19 19:21 - 2016-01-19 19:21 - 00299360 _____ C:\WINDOWS\Minidump\011916-7515-01.dmp
2016-01-19 18:19 - 2016-01-19 18:19 - 00300736 _____ C:\WINDOWS\Minidump\011916-7578-01.dmp
2016-01-19 13:40 - 2016-01-19 13:40 - 00299936 _____ C:\WINDOWS\Minidump\011916-7640-01.dmp
2016-01-19 13:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\Owner\Desktop\HUS PLAN.pdf
2016-01-19 13:29 - 2016-01-19 13:29 - 00303029 _____ C:\Users\Owner\Desktop\HUS View.pdf
2016-01-19 13:27 - 2016-01-19 13:27 - 00297672 _____ C:\WINDOWS\Minidump\011916-7703-01.dmp
2016-01-19 08:39 - 2016-01-19 08:39 - 00296040 _____ C:\WINDOWS\Minidump\011916-8484-01.dmp
2016-01-18 22:15 - 2016-01-18 22:15 - 00296704 _____ C:\WINDOWS\Minidump\011816-7656-01.dmp
2016-01-18 16:43 - 2016-01-18 16:43 - 00301320 _____ C:\WINDOWS\Minidump\011816-7625-01.dmp
2016-01-18 10:12 - 2016-01-18 10:12 - 00295984 _____ C:\WINDOWS\Minidump\011816-7593-01.dmp
2016-01-18 08:01 - 2016-01-18 08:01 - 00295400 _____ C:\WINDOWS\Minidump\011816-7796-01.dmp
2016-01-17 21:36 - 2016-01-17 21:36 - 00299400 _____ C:\WINDOWS\Minidump\011716-8234-01.dmp
2016-01-16 22:26 - 2016-01-16 22:26 - 00299304 _____ C:\WINDOWS\Minidump\011616-7750-01.dmp
2016-01-16 13:26 - 2016-01-16 13:26 - 00295784 _____ C:\WINDOWS\Minidump\011616-8375-01.dmp
2016-01-16 10:25 - 2016-01-16 10:25 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (3).lnk
2016-01-16 10:08 - 2016-01-16 10:08 - 00294920 _____ C:\WINDOWS\Minidump\011616-7500-01.dmp
2016-01-16 06:54 - 2016-01-16 06:54 - 00296272 _____ C:\WINDOWS\Minidump\011616-7625-01.dmp
2016-01-15 17:35 - 2016-01-15 17:35 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2016-01-15 17:23 - 2016-01-15 17:23 - 00295696 _____ C:\WINDOWS\Minidump\011516-7609-01.dmp
2016-01-15 15:47 - 2016-01-15 15:47 - 00296792 _____ C:\WINDOWS\Minidump\011516-8781-01.dmp
2016-01-15 11:06 - 2016-01-15 11:06 - 00294736 _____ C:\WINDOWS\Minidump\011516-8406-01.dmp
2016-01-15 11:04 - 2016-01-15 11:04 - 00299776 _____ C:\WINDOWS\Minidump\011516-7781-01.dmp
2016-01-15 08:29 - 2016-01-15 08:29 - 00295656 _____ C:\WINDOWS\Minidump\011516-7593-01.dmp
2016-01-14 11:32 - 2016-01-14 11:32 - 00296520 _____ C:\WINDOWS\Minidump\011416-7703-01.dmp
2016-01-14 09:23 - 2016-01-14 09:23 - 00295936 _____ C:\WINDOWS\Minidump\011416-7765-01.dmp
2016-01-14 08:09 - 2016-01-14 08:09 - 00296808 _____ C:\WINDOWS\Minidump\011416-7953-01.dmp
2016-01-13 21:25 - 2016-01-16 22:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 21:25 - 2016-01-13 21:25 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-13 21:25 - 2016-01-13 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-13 21:15 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-13 21:15 - 2016-01-13 21:15 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-13 21:15 - 2016-01-13 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-13 21:10 - 2016-01-13 21:10 - 00299680 _____ C:\WINDOWS\Minidump\011316-8390-01.dmp
2016-01-13 15:28 - 2016-01-13 15:28 - 00296928 _____ C:\WINDOWS\Minidump\011316-7625-01.dmp
2016-01-13 11:07 - 2016-01-13 11:07 - 00296136 _____ C:\WINDOWS\Minidump\011316-8031-01.dmp
2016-01-13 11:03 - 2016-01-13 11:03 - 00631808 _____ C:\WINDOWS\mta.dat
2016-01-13 10:59 - 2016-01-13 11:03 - 00000000 _____ C:\WINDOWS\mmta.exe
2016-01-13 10:53 - 2016-01-13 10:58 - 00000000 _____ C:\WINDOWS\mta.exe
2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-5825-1
2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-1343-0
2016-01-13 10:52 - 2016-01-24 13:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Setup Wizard
2016-01-13 10:39 - 2016-01-13 10:39 - 00300032 _____ C:\WINDOWS\Minidump\011316-7562-01.dmp
2016-01-13 08:25 - 2016-01-13 08:25 - 00295128 _____ C:\WINDOWS\Minidump\011316-11203-01.dmp
2016-01-13 06:56 - 2016-01-13 06:56 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-01-13 06:56 - 2016-01-13 06:56 - 00001003 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-01-13 06:54 - 2015-12-31 06:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 06:54 - 2015-12-31 06:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-13 06:54 - 2015-12-31 06:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-13 06:54 - 2015-12-11 15:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 06:54 - 2015-12-11 15:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 06:54 - 2015-12-11 14:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 06:54 - 2015-12-11 14:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 06:54 - 2015-12-11 14:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 06:54 - 2015-12-11 14:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 06:54 - 2015-12-11 14:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-13 06:54 - 2015-12-11 14:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-13 06:54 - 2015-12-11 14:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 06:54 - 2015-12-11 14:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-13 06:54 - 2015-12-11 13:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-13 06:54 - 2015-12-11 13:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 06:54 - 2015-12-11 13:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet(98).dll
2016-01-13 06:54 - 2015-12-11 13:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-13 06:54 - 2015-12-11 13:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon(94).dll
2016-01-13 06:54 - 2015-12-11 13:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-13 06:54 - 2015-12-11 13:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-13 06:54 - 2015-12-11 13:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-13 06:54 - 2015-12-11 13:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-13 06:54 - 2015-12-10 11:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32(38).dll
2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32(109).dll
2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32(57).dll
2016-01-13 06:54 - 2015-12-05 16:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32(118).dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-13 06:54 - 2015-12-04 06:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-13 06:54 - 2015-12-04 06:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-13 06:54 - 2015-12-04 05:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-13 06:54 - 2015-12-04 05:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-13 06:54 - 2015-12-04 05:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-13 06:54 - 2015-12-04 05:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-13 06:54 - 2015-12-04 05:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-13 06:54 - 2015-12-04 05:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 06:54 - 2015-12-04 05:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 06:54 - 2015-12-04 05:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 06:54 - 2015-12-04 05:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 06:54 - 2015-12-04 05:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-13 06:54 - 2015-12-04 04:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-13 06:54 - 2015-12-04 04:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 06:54 - 2015-12-04 04:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 06:54 - 2015-12-04 04:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 06:54 - 2015-12-04 04:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 06:54 - 2015-12-04 04:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 06:54 - 2015-12-04 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-13 06:54 - 2015-12-04 04:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-13 06:54 - 2015-12-04 04:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 06:54 - 2015-12-04 04:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 06:54 - 2015-12-04 04:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 06:54 - 2015-12-04 03:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 06:54 - 2015-12-04 03:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 06:54 - 2015-12-04 03:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 06:54 - 2015-12-03 02:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 06:54 - 2015-12-03 02:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-13 06:51 - 2016-01-13 06:51 - 00294248 _____ C:\WINDOWS\Minidump\011316-7437-01.dmp
2016-01-13 00:33 - 2016-01-13 00:33 - 00295304 _____ C:\WINDOWS\Minidump\011316-7828-01.dmp
2016-01-13 00:25 - 2016-01-13 00:25 - 00294344 _____ C:\WINDOWS\Minidump\011316-7531-01.dmp
2016-01-12 22:10 - 2016-01-12 22:10 - 00293928 _____ C:\WINDOWS\Minidump\011216-7578-01.dmp
2016-01-12 20:58 - 2016-01-12 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 20:08 - 2016-01-12 20:08 - 00226118 _____ C:\WINDOWS\ntbtlog.txt
2016-01-11 22:08 - 2016-01-11 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\PDFConverter.com
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\COMODO
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\Program Files\COMODO
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 09:06 - 2014-09-30 20:04 - 00000000 __RDO C:\Users\Owner\OneDrive
2016-02-07 08:39 - 2014-09-11 11:36 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1001
2016-02-07 08:36 - 2015-07-20 19:10 - 00003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7536DEC7-60B9-4FC1-9054-C98CBA6F09FD}
2016-02-06 23:27 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\tracing
2016-02-06 21:43 - 2015-10-18 21:58 - 00000000 ____D C:\Users\Owner\Desktop\temp
2016-02-05 15:06 - 2015-09-03 03:39 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-02-05 13:28 - 2014-09-11 11:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-02-05 10:11 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-05 08:50 - 2015-08-18 05:32 - 00000000 ____D C:\Users\Owner\Documents\15-16
2016-02-04 16:55 - 2014-09-16 23:24 - 00169312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-04 07:59 - 2014-09-29 17:39 - 00000000 ____D C:\Users\Owner\AppData\Local\TempSWBackupDirectory
2016-02-02 21:21 - 2014-09-13 00:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-01 18:24 - 2015-04-19 22:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-02-01 16:07 - 2014-09-12 04:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-01 11:35 - 2014-03-18 21:04 - 01167230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 11:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-01 11:30 - 2015-09-21 13:50 - 00065536 _____ C:\WINDOWS\system32\Ikeext.etl
2016-02-01 11:30 - 2013-08-23 01:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-31 19:16 - 2015-06-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-31 19:16 - 2015-06-02 14:48 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-31 18:14 - 2013-08-23 00:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-31 18:13 - 2015-05-07 11:18 - 00000000 ____D C:\WINDOWS\system32\log
2016-01-31 17:38 - 2015-12-13 11:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-31 01:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-30 10:51 - 2015-07-17 19:55 - 00000000 ____D C:\Users\Owner\Tracing
2016-01-30 10:12 - 2015-01-22 13:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-25 17:18 - 2014-09-13 15:53 - 00000000 ____D C:\Users\Owner
2016-01-25 16:56 - 2014-09-29 17:38 - 00000000 ____D C:\Users\Owner\AppData\Local\SolidWorks
2016-01-25 11:31 - 2014-09-13 15:54 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-25 11:28 - 2015-11-24 14:44 - 00000000 ____D C:\Users\Owner\Downloads\SM C113_11056eng (1)
2016-01-25 11:12 - 2015-05-28 17:20 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-01-25 11:12 - 2015-05-28 16:56 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-01-25 10:24 - 2013-08-23 02:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 20:44 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll
2016-01-24 15:31 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-01-24 15:13 - 2014-09-12 05:01 - 00000000 ____D C:\swsetup
2016-01-24 15:09 - 2014-09-12 04:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-01-24 13:46 - 2015-05-29 16:20 - 00000000 ____D C:\ProgramData\WinZip
2016-01-24 13:39 - 2015-12-13 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-24 13:39 - 2015-12-08 15:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-24 13:39 - 2015-12-06 19:52 - 00000000 ____D C:\Users\Public\Desktop\Microsoft IntelliPoint
2016-01-24 13:39 - 2015-12-05 11:45 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Video Editor
2016-01-24 13:39 - 2015-12-03 23:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-01-24 13:39 - 2015-10-07 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
2016-01-24 13:39 - 2015-09-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-24 13:39 - 2015-09-13 19:48 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2016-01-24 13:39 - 2015-09-03 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
2016-01-24 13:39 - 2015-07-16 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telenor
2016-01-24 13:39 - 2015-06-09 23:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-01-24 13:39 - 2015-06-02 14:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Lavasoft
2016-01-24 13:39 - 2015-06-02 14:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-01-24 13:39 - 2015-05-29 15:01 - 00000000 ____D C:\Users\Owner\Downloads\29-5-15
2016-01-24 13:39 - 2015-05-28 20:08 - 00000000 ____D C:\Users\Owner\Documents\TEST
2016-01-24 13:39 - 2015-05-21 17:43 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2016-01-24 13:39 - 2015-05-03 18:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-01-24 13:39 - 2015-04-30 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2016-01-24 13:39 - 2015-04-19 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-24 13:39 - 2015-03-16 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-01-24 13:39 - 2015-03-16 19:35 - 00000000 ____D C:\Users\Owner\XP700_WW_WIN_3795_42
2016-01-24 13:39 - 2015-03-16 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-01-24 13:39 - 2015-03-16 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-01-24 13:39 - 2015-01-24 16:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installers
2016-01-24 13:39 - 2015-01-24 16:34 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-01-24 13:39 - 2015-01-22 12:53 - 00000000 ____D C:\Users\Owner\AppData\Local\FlexLink
2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2015
2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015
2016-01-24 13:39 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2016-01-24 13:39 - 2014-12-13 12:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\help_images_otherUI
2016-01-24 13:39 - 2014-12-12 11:45 - 00000000 ____D C:\Users\Owner\Desktop\DISKTOP TEMP 2
2016-01-24 13:39 - 2014-11-14 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2014 - English
2016-01-24 13:39 - 2014-11-14 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-01-24 13:39 - 2014-09-29 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix
2016-01-24 13:39 - 2014-09-27 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
2016-01-24 13:39 - 2014-09-25 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-01-24 13:39 - 2014-09-25 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110
2016-01-24 13:39 - 2014-09-24 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-24 13:39 - 2014-09-13 15:53 - 00000000 ____D C:\Users\UpdatusUser
2016-01-24 13:39 - 2014-09-13 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-01-24 13:39 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\ALLA FOTO
2016-01-24 13:39 - 2014-09-13 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-24 13:39 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-01-24 13:39 - 2014-09-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
2016-01-24 13:39 - 2014-09-12 04:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dg
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\WinStore
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\Camera
2016-01-24 13:38 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-01-24 13:38 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Wondershare
2016-01-24 13:38 - 2015-01-06 11:13 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Sun
2016-01-24 13:38 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters
2016-01-24 13:38 - 2014-11-14 17:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Autodesk
2016-01-24 13:38 - 2014-09-27 13:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SolidWorks
2016-01-24 13:38 - 2014-09-26 12:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Canon
2016-01-24 13:38 - 2014-09-19 13:55 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Brother
2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\TomTom
2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\SolidWorks Downloads
2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\BUSSINESS
2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\2 Machines
2016-01-24 13:38 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\14-15
2016-01-24 13:38 - 2014-09-11 11:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-01-24 13:38 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\registration
2016-01-24 13:37 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-01-24 13:37 - 2014-11-14 17:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Autodesk
2016-01-24 13:37 - 2014-09-15 20:40 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2016-01-22 20:36 - 2014-03-18 20:46 - 00000000 ____D C:\WINDOWS\SKB
2016-01-22 20:10 - 2015-01-25 11:19 - 00000364 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
2016-01-22 20:08 - 2015-08-07 20:06 - 00003084 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001
2016-01-22 20:08 - 2015-01-25 11:19 - 00003010 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner)
2016-01-22 20:08 - 2015-01-06 12:11 - 00003042 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
2016-01-22 20:07 - 2014-12-25 23:24 - 00004314 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMScan
2016-01-22 20:07 - 2014-12-25 23:24 - 00003740 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater
2016-01-22 20:07 - 2014-12-25 23:24 - 00003734 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMRules
2016-01-22 20:07 - 2014-12-25 23:24 - 00003532 _____ C:\WINDOWS\System32\Tasks\Driver Support
2016-01-22 19:57 - 2015-12-08 15:15 - 519004214 _____ C:\WINDOWS\MEMORY.DMP
2016-01-21 08:34 - 2014-09-24 15:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 08:34 - 2013-08-23 02:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 08:20 - 2015-12-13 11:13 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-21 08:20 - 2015-12-13 11:13 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-01-20 21:57 - 2015-05-03 14:50 - 00000000 ____D C:\Users\Owner\Documents\1 SALES
2016-01-19 13:30 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-01-16 22:46 - 2014-12-26 11:29 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 17:35 - 2014-09-13 14:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-01-15 17:07 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(48)
2016-01-13 21:25 - 2014-09-13 14:03 - 00000000 ____D C:\ProgramData\Adobe
2016-01-13 21:15 - 2015-06-09 22:37 - 00000000 ____D C:\ProgramData\Skype
2016-01-13 16:20 - 2015-01-06 11:16 - 00000000 ____D C:\ProgramData\Oracle
2016-01-13 16:18 - 2015-09-13 20:11 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-13 16:01 - 2015-04-15 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 16:01 - 2015-03-16 21:16 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-13 16:00 - 2012-07-26 18:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 15:58 - 2014-09-11 15:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 15:55 - 2014-09-11 15:29 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 08:25 - 2013-08-23 01:44 - 00592776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-13 06:56 - 2015-04-08 20:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2016-01-13 06:56 - 2014-09-25 12:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-12 22:27 - 2015-12-12 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-11 22:11 - 2015-12-12 12:50 - 00000000 ____D C:\Program Files\PeerBlock
2016-01-09 21:46 - 2014-11-17 13:03 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
2016-01-08 10:02 - 2015-06-02 10:06 - 00000000 ____D C:\Users\Owner\Documents\COPY QUOTATIONS
2016-01-08 08:41 - 2014-09-13 01:32 - 00000000 ____D C:\QUOTATIONS
 
==================== Files in the root of some directories =======
 
2014-09-13 01:23 - 2014-09-13 01:23 - 0000030 _____ () C:\Users\Owner\AppData\Roaming\fixcfg.ini
2014-11-14 17:29 - 2014-11-14 17:29 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\jmc.exe
C:\Windows\mmta.exe
C:\Windows\mta.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-16 10:04
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Owner (2016-02-07 09:09:31)
Running from C:\Users\Owner\Downloads
Windows 8.1 Pro (X64) (2014-09-13 04:57:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1952045502-1362136182-510965784-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1952045502-1362136182-510965784-501 - Limited - Disabled)
Owner (S-1-5-21-1952045502-1362136182-510965784-1001 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-1952045502-1362136182-510965784-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delcam for SolidWorks (x64) (HKLM\...\Delcam for SolidWorks) (Version: 21.7.0.20 - Delcam)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Driver Support Active Optimization (x32 Version: 1.0.4.7977 - PC Drivers HeadQuarters LP) Hidden
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
Epson Network Guide XP-700 Series (HKLM-x32\...\XP-700 Series Netg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
SOLIDWORKS 2015 x64 Edition SP01.1 (HKLM-x32\...\SolidWorks Installation Manager 20150-40101-1100-100) (Version: 23.1.1.2 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP01.1 (Version: 23.111.2 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer Player 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP01.1 (Version: 15.1.0044 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden
Stay Connected (HKLM-x32\...\StayConnected) (Version: 2.1.1.324 - Telenor)
Stay Connected (x32 Version: 2.1.1.324 - Emotum Pty. Ltd.) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Telenor Sweden Software Update Service (x32 Version: 1.0.3.123 - Telenor Sweden) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Hewlett-Packard Development Company, L.P. HP Mobile Data Protection Sensor (02/26/2013 6.0.5.1) (HKLM\...\0CBD0BD267F8698191082DC9246612D35DB83232) (Version: 02/26/2013 6.0.5.1 - Hewlett-Packard Development Company, L.P.)
Windows Driver Package - Realtek Semiconduct Corp. (RTSPER) MTD  (12/20/2013 6.3.9600.21245) (HKLM\...\211F31EEA7D7C573DBEB0DA809E8938B169D26F8) (Version: 12/20/2013 6.3.9600.21245 - Realtek Semiconduct Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 6.8.2) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C6E1620-B4DE-43CD-9C02-415671381780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {194232E7-D88D-4CFA-BFD0-D71D8C99E76A} - \MixVideoPlayer Update -> No File <==== ATTENTION
Task: {1DE2B273-841A-4331-B2A1-78BCE19B1635} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {238908BE-4C55-43FD-94AF-04BCF7AD0389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-25] (Hewlett-Packard Company)
Task: {2F972427-523B-41B1-8FE2-CE101F7B0737} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {31E4F653-DEB2-48B7-99E4-418FE6D35FFF} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {34A5814F-52A0-4DAF-AA6E-9FAD4C9CDE81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {3AE73733-3EB9-464F-A1B0-74B5A9EA2A7F} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {4135FC49-BDAF-424D-89BE-AF1A753A94CC} - \One System Care Task -> No File <==== ATTENTION
Task: {4D816FB0-1CB5-4543-B34F-5B5244AD06C3} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {5C1571F3-0D0D-4ABF-B7AC-5CB1DA1135A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {62C94D6F-7147-415A-9387-7C6A87649AFF} - \ReimageUpdater -> No File <==== ATTENTION
Task: {638C7376-1F77-44CF-A05E-290AAD57FC54} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {6A9EA775-4081-41BD-BB64-C359BB7CA7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {76858884-5641-45B1-BB5D-2217AFF450BE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {7D24329C-158A-4F79-835E-ED8B9E86DE18} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {8A120D88-5F33-48AE-87BA-598263E112B7} - \One System Care Monitor -> No File <==== ATTENTION
Task: {90F149F8-27DC-46E1-94DD-C7B49C8EBFDE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {9600102C-3AF9-4F72-A8EC-33803D4D1AE4} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {AD220E3C-24C8-4C95-97DD-EC019221396C} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {B46D710D-AEF0-4954-9E76-C2D5F8B84E55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C165A186-1F6D-4A53-B92A-793048C690D2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {CFB346C8-343E-4707-9400-ED4F7498AC04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D27B9465-09CB-4A5D-A837-066887D77C16} - \{0F040547-080F-0A7E-0B11-7E0F0B08110C} -> No File <==== ATTENTION
Task: {D78F1B19-B1D1-4371-94BE-7916C4BE52CB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {D9AAEE63-CF77-4B64-95DD-98F49688B11E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {E106FB3C-2CC5-44CF-928A-A7AE976C0D61} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-13] (AVAST Software)
Task: {EFE0DA00-DCB5-4AD4-BBA8-27A71706A356} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-15] (Microsoft Corporation)
Task: {F0C70684-0FEE-41D9-B4AC-2B03EE2DF0A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {F88B749C-CB95-4250-9068-5C4A2A855440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {F9BB948D-49E6-4280-B711-836B22AFE21D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {FAB4E219-C1B7-4E21-922B-F77AAF5B165A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {FCB0372C-3A32-4C91-934F-5D29E1AD813B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-01 10:45 - 2015-07-01 10:45 - 00022528 _____ () C:\WINDOWS\System32\us005lm.dll
2014-09-24 18:20 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-13 15:50 - 2013-10-23 19:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-10-27 14:40 - 2015-09-02 03:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-15 07:11 - 2014-12-15 07:11 - 00268280 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-01 09:05 - 2016-02-01 09:05 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16013101\algo.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-07 08:51 - 2016-02-07 08:51 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020601\algo.dll
2014-11-20 09:40 - 2014-11-20 09:40 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-20 09:31 - 2014-11-20 09:31 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2011-06-02 17:43 - 2011-06-02 17:43 - 04302200 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\core.dll
2011-06-02 17:43 - 2011-06-02 17:43 - 01842080 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\custom.dll
2011-05-27 11:41 - 2011-05-27 11:41 - 00779152 _____ () C:\Program Files (x86)\Emotum\Stay Connected\modules\mobile.dll
2011-04-13 14:33 - 2011-04-13 14:33 - 01097728 _____ () C:\Program Files (x86)\Emotum\Stay Connected\NDISAPI.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\RazerCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdZnID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: becldr3Service => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: ESCSvc => 2
MSCONFIG\Services: ESUSClient_B2 => 2
MSCONFIG\Services: GoToAssist Remote Support Customer => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WsAppService => 3
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{C244AB0A-F12C-4AEB-A436-48335980BDC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{63DFE80C-578D-47D9-BB0D-860BCC9E03B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{19F04507-D3F9-41D2-91A8-AEEA3E126D3E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A94CC178-BB98-48B5-9AB8-3D9A4E124C98}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FB45E8F3-E19F-4CA7-88EA-2E10F366F00F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8333C35-7228-4164-AF62-F4CA24FCB1A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EBDE2A1-B644-408D-826C-F989CE3442D9}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{6C8D3B42-E140-46CC-99D8-F43BDFECF5D0}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{B1659F75-98C4-4C13-9326-26231C65F658}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{F64962D0-51A6-4D02-A652-859CF8900544}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B37123E-209C-46F2-9F6E-D0D24031862E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ECFCB69B-B73C-435C-8B96-897A23C55E68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72969A91-9807-4063-A769-99D791C58519}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3A04985D-D2A7-44F0-BC9F-A9675682DC55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCFDFD20-5A4E-4521-9095-4A0EEA4229D7}] => (Allow) LPort=2869
FirewallRules: [{DD3E877D-20C6-4E2E-A464-72C3985ADB3A}] => (Allow) LPort=1900
FirewallRules: [{5111B4FC-21C4-4C90-A811-1970AE4F0A0D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20D69E8-AACE-4499-A0E9-2477FC859CF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-01-2016 13:36:45 Restore Operation
28-01-2016 10:05:53 Windows Update
30-01-2016 10:11:59 Windows Live Essentials
30-01-2016 10:12:09 Installed DirectX
30-01-2016 10:12:17 Installed DirectX
30-01-2016 10:12:26 Installed DirectX
31-01-2016 17:33:02 Checkpoint by HitmanPro
05-02-2016 10:11:46 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2016 09:06:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 09:06:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 08:44:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2016 08:44:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/03/2016 10:10:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3119142).
 
Error: (02/01/2016 11:32:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (02/01/2016 11:32:49 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/31/2016 07:17:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/31/2016 06:16:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/31/2016 06:16:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/31/2016 06:14:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (01/31/2016 06:14:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (01/31/2016 06:14:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
Error: (01/31/2016 06:14:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
 
 
CodeIntegrity:
===================================
  Date: 2016-01-24 17:57:04.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-24 17:49:47.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 16:13:28.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-21 18:31:17.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:17.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:15.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-11-19 17:45:43.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8124.02 MB
Available physical RAM: 6132.3 MB
Total Virtual: 16316.02 MB
Available Virtual: 14149.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.62 GB) (Free:42.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 02AA02AA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: B8AAE178)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 

 

Before proceeding, please tell me if you purposely installed the following programme: Driver Support Active Optimization.

 

Thank you.


  • 0

#5
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

I dont recall installing that

 

It seems ok though

 

http://www.shouldire...26-program.aspx


Edited by talkingtree, 07 February 2016 - 02:04 PM.

  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 
 
Driver Support Active Optimization is not the type of software I recommend having installed. Optimization software such as this is unnecessary, may cause issues and could be regarded as a Potentially Unwanted Programme (PUP). To uninstall, the programme will need to be unhidden. Please let me know if you wish for this to be done.

You have a number of COMODO and Lavasoft remnants present on your computer. These can be addressed afterwards. Your computer appears to have blue screened recently (many times). This could be indicative of a hardware or a software issue, and can also be addressed.
 
For now, please do the following:
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • HiDef Media Player 1.1.12 
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Policies\Explorer: [] 
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c339-237e-11e5-becd-240a64dea16d} - "E:\AutoRun.exe"
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c35c-237e-11e5-becd-240a64dea16d} - "D:\AutoRun.exe"
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {6a5ceecc-4af9-11e4-be82-240a64dea16d} - "D:\fscommand\LS_Start_Launch.cmd"
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {768ddde3-8b4a-11e4-be95-240a64dea16d} - "D:\DSL-2750B.exe"
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {c3e2e152-3940-11e4-be65-806e6f6e6963} - "F:\setup.EXE" /AUTORUN
    HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {f8f20a56-58ad-11e4-be88-a01d486f8ad3} - "D:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> No Name - {7FCDA7E5-1475-4658-B845-53536A238E80} -  No File
    2016-01-24 13:39 - 2014-09-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
    Folder: C:\Users\Owner\AppData\Roaming\dg
    Folder: C:\ProgramData\323486fe-5825-1
    Folder: C:\ProgramData\323486fe-1343-0
    Task: {194232E7-D88D-4CFA-BFD0-D71D8C99E76A} - \MixVideoPlayer Update -> No File <==== ATTENTION
    Task: {1DE2B273-841A-4331-B2A1-78BCE19B1635} - \ProPCCleaner_Popup -> No File <==== ATTENTION
    Task: {4135FC49-BDAF-424D-89BE-AF1A753A94CC} - \One System Care Task -> No File <==== ATTENTION
    Task: {4D816FB0-1CB5-4543-B34F-5B5244AD06C3} - \ProPCCleaner_Start -> No File <==== ATTENTION
    Task: {62C94D6F-7147-415A-9387-7C6A87649AFF} - \ReimageUpdater -> No File <==== ATTENTION
    Task: {8A120D88-5F33-48AE-87BA-598263E112B7} - \One System Care Monitor -> No File <==== ATTENTION
    Task: {AD220E3C-24C8-4C95-97DD-EC019221396C} - \One System Care Run Delay -> No File <==== ATTENTION
    Task: {D27B9465-09CB-4A5D-A837-066887D77C16} - \{0F040547-080F-0A7E-0B11-7E0F0B08110C} -> No File <==== ATTENTION
    C:\Windows\jmc.exe
    C:\Windows\mmta.exe
    C:\Windows\mta.exe
    C:\WINDOWS\mta.dat
    CMD: ipconfig /flushdns
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
mlEX1wH.png RogueKiller Scan

  • Please download RogueKiller and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programme uninstall OK?
  • Fixlog.txt
  • RKreport.txt

  • 0

#7
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • Did the programme uninstall OK?
Yes it seems like it's gone
  • Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Owner (2016-02-08 20:12:26) Run:1
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c339-237e-11e5-becd-240a64dea16d} - "E:\AutoRun.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {4ff2c35c-237e-11e5-becd-240a64dea16d} - "D:\AutoRun.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {6a5ceecc-4af9-11e4-be82-240a64dea16d} - "D:\fscommand\LS_Start_Launch.cmd"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {768ddde3-8b4a-11e4-be95-240a64dea16d} - "D:\DSL-2750B.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {c3e2e152-3940-11e4-be65-806e6f6e6963} - "F:\setup.EXE" /AUTORUN
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\MountPoints2: {f8f20a56-58ad-11e4-be88-a01d486f8ad3} - "D:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> No Name - {7FCDA7E5-1475-4658-B845-53536A238E80} -  No File
2016-01-24 13:39 - 2014-09-12 04:49 - 00000000 ____D C:\Users\Public\Thunder Network
Folder: C:\Users\Owner\AppData\Roaming\dg
Folder: C:\ProgramData\323486fe-5825-1
Folder: C:\ProgramData\323486fe-1343-0
Task: {194232E7-D88D-4CFA-BFD0-D71D8C99E76A} - \MixVideoPlayer Update -> No File <==== ATTENTION
Task: {1DE2B273-841A-4331-B2A1-78BCE19B1635} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {4135FC49-BDAF-424D-89BE-AF1A753A94CC} - \One System Care Task -> No File <==== ATTENTION
Task: {4D816FB0-1CB5-4543-B34F-5B5244AD06C3} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {62C94D6F-7147-415A-9387-7C6A87649AFF} - \ReimageUpdater -> No File <==== ATTENTION
Task: {8A120D88-5F33-48AE-87BA-598263E112B7} - \One System Care Monitor -> No File <==== ATTENTION
Task: {AD220E3C-24C8-4C95-97DD-EC019221396C} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {D27B9465-09CB-4A5D-A837-066887D77C16} - \{0F040547-080F-0A7E-0B11-7E0F0B08110C} -> No File <==== ATTENTION
C:\Windows\jmc.exe
C:\Windows\mmta.exe
C:\Windows\mta.exe
C:\WINDOWS\mta.dat
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ff2c339-237e-11e5-becd-240a64dea16d}" => key removed successfully
HKCR\CLSID\{4ff2c339-237e-11e5-becd-240a64dea16d} => key not found. 
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ff2c35c-237e-11e5-becd-240a64dea16d}" => key removed successfully
HKCR\CLSID\{4ff2c35c-237e-11e5-becd-240a64dea16d} => key not found. 
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5ceecc-4af9-11e4-be82-240a64dea16d}" => key removed successfully
HKCR\CLSID\{6a5ceecc-4af9-11e4-be82-240a64dea16d} => key not found. 
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{768ddde3-8b4a-11e4-be95-240a64dea16d}" => key removed successfully
HKCR\CLSID\{768ddde3-8b4a-11e4-be95-240a64dea16d} => key not found. 
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3e2e152-3940-11e4-be65-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{c3e2e152-3940-11e4-be65-806e6f6e6963} => key not found. 
"HKU\S-1-5-21-1952045502-1362136182-510965784-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f20a56-58ad-11e4-be88-a01d486f8ad3}" => key removed successfully
HKCR\CLSID\{f8f20a56-58ad-11e4-be88-a01d486f8ad3} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FCDA7E5-1475-4658-B845-53536A238E80} => value removed successfully
HKCR\CLSID\{7FCDA7E5-1475-4658-B845-53536A238E80} => key not found. 
C:\Users\Public\Thunder Network => moved successfully
 
========================= Folder: C:\Users\Owner\AppData\Roaming\dg ========================
 
2014-09-12 04:48 - 2016-01-24 13:39 - 0000000 ____D () C:\Users\Owner\AppData\Roaming\dg\js
2013-01-30 19:11 - 2012-12-28 18:39 - 0099282 _____ () C:\Users\Owner\AppData\Roaming\dg\js\highcharts.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0016810 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.effects.core.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0001647 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.effects.slide.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0015148 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.jscrollpane.min.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0093868 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.min.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0002401 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.mousewheel.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0003168 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.path.js
2013-01-30 19:11 - 2013-01-17 22:05 - 0006232 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.progressbar.js
2013-01-30 19:11 - 2013-01-11 16:56 - 0001271 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.progressloading.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0005335 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.tablescroll.js
2014-01-27 18:32 - 2014-01-27 18:32 - 0008200 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery.tinyscrollbar.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0031033 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery_1.2.6.js
2014-01-27 18:32 - 2014-01-27 18:32 - 0093873 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery-1.7.1.min.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0003604 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jquery-loading.js
2013-01-30 19:11 - 2012-12-28 18:39 - 0023552 _____ () C:\Users\Owner\AppData\Roaming\dg\js\jScrollPane.js
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\323486fe-5825-1 ========================
 
2016-01-13 10:53 - 2016-01-13 10:53 - 0000000 ____H () C:\ProgramData\323486fe-5825-1\BIT1705.tmp
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\323486fe-1343-0 ========================
 
2016-01-13 10:53 - 2016-01-13 10:53 - 0000000 ____H () C:\ProgramData\323486fe-1343-0\BIT1716.tmp
 
====== End of Folder: ======
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{194232E7-D88D-4CFA-BFD0-D71D8C99E76A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{194232E7-D88D-4CFA-BFD0-D71D8C99E76A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MixVideoPlayer Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DE2B273-841A-4331-B2A1-78BCE19B1635}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE2B273-841A-4331-B2A1-78BCE19B1635}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4135FC49-BDAF-424D-89BE-AF1A753A94CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4135FC49-BDAF-424D-89BE-AF1A753A94CC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D816FB0-1CB5-4543-B34F-5B5244AD06C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D816FB0-1CB5-4543-B34F-5B5244AD06C3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62C94D6F-7147-415A-9387-7C6A87649AFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C94D6F-7147-415A-9387-7C6A87649AFF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A120D88-5F33-48AE-87BA-598263E112B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A120D88-5F33-48AE-87BA-598263E112B7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD220E3C-24C8-4C95-97DD-EC019221396C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD220E3C-24C8-4C95-97DD-EC019221396C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D27B9465-09CB-4A5D-A837-066887D77C16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27B9465-09CB-4A5D-A837-066887D77C16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F040547-080F-0A7E-0B11-7E0F0B08110C}" => key removed successfully
C:\Windows\jmc.exe => moved successfully
C:\Windows\mmta.exe => moved successfully
C:\Windows\mta.exe => moved successfully
C:\WINDOWS\mta.dat => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 2.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:13:06 ====
  •  

  • 0

#8
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • RKreport.txt
The log did not automatically appear, so I exported each section of the log and pasted below. Btw, there was one scan and I accidently closed it, this is a second scan. The previous scan showed something under the "Processes" being deleted. Hope this will help
 
TITLE rk_1DFE.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_4E37.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_15E.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_31E5.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_8313.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_A998.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_C240.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_D099.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_EBB5.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
TITLE rk_F901.tmp
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/08/2016 20:40:32
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][File] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk [[email protected]] C:\Program Files (x86)\speed browser\Application\browser.exe -> Found
[PUP][Folder] C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 112dfc921677c1c23e63c2f6459fc824
[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++
--- User ---
[MBR] 557ad35ff0c70a81a7565f044da47793
[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 

  • 0

#9
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 
 

The log did not automatically appear, so I exported each section of the log and pasted below. Btw, there was one scan and I accidently closed it, this is a second scan. The previous scan showed something under the "Processes" being deleted. Hope this will help

Please press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type %programdata% and click OK. Is a folder named RogueKiller present? If so, please open the folder and look for a folder named Logs. Inside this folder you should find RogueKiller logs. Locate the first scan log, and provide the contents in your next reply. If not, let me know. 
 
We will return to the RogueKiller log findings after doing the following:
 
STEP 1
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • FRST.txt
  • Addition.txt
  • First RogueKiller scan log (if found)

  • 0

#10
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • First RogueKiller scan log (if found)

Hmm, ok, there was this file present under the RogueKiller->Logs folder "RKreport_SCN_02082016_203006.json" But it's just a bunch of script rather than the log when opened with notepad. It wont open with RogueKiller.exe. Cannot attach the file here

 

{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "11.0.11.0",
            "x64": false,
            "date": "Feb  8 2016",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.co.../roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 8.1 (6.3.9600) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "Owner",
            "user_admin": true,
            "program_location": "C:\\Users\\Owner\\Downloads\\RogueKiller.exe",
            "x64": true,
            "licensing": "free"
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "02/08/2016 20:30:06",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 380,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 528,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 508,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 624,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "wininit.exe",
                "pid_parent": 508,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 632,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 616,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "wininit.exe",
                "pid": 676,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 624,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "lsass.exe",
                "name_parent": "wininit.exe",
                "pid": 684,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\WINDOWS\\system32\\lsass.exe",
                "pid_parent": 624,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 760,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 616,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 804,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 864,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 952,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 760,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "",
                "pid": 992,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "\"C:\\WINDOWS\\system32\\nvvsvc.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 316,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "C:\\WINDOWS\\system32\\nvvsvc.exe -session -first",
                "pid_parent": 992,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 408,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 672,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 824,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "nvxdsync.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 1028,
                "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe\"",
                "pid_parent": 992,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
            },
            {
                "name": "igfxCUIService.exe",
                "name_parent": "",
                "pid": 1068,
                "path": "C:\\Windows\\System32\\igfxCUIService.exe",
                "command_line": "C:\\WINDOWS\\system32\\igfxCUIService.exe",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1136,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "stacsv64.exe",
                "name_parent": "",
                "pid": 1172,
                "path": "C:\\Program Files\\IDT\\WDM\\stacsv64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\STacSV64.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1400,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkService",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "wlanext.exe",
                "name_parent": "svchost.exe",
                "pid": 1540,
                "path": "C:\\Windows\\System32\\wlanext.exe",
                "command_line": "C:\\WINDOWS\\system32\\WLANExt.exe 411926423872",
                "pid_parent": 1136,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "AvastSvc.exe",
                "name_parent": "",
                "pid": 1548,
                "path": "C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe",
                "command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "conhost.exe",
                "name_parent": "wlanext.exe",
                "pid": 1580,
                "path": "C:\\Windows\\System32\\conhost.exe",
                "command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0x4",
                "pid_parent": 1540,
                "path_parent": "C:\\Windows\\System32\\wlanext.exe"
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "",
                "pid": 1940,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2032,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "armsvc.exe",
                "name_parent": "",
                "pid": 1520,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "officeclicktorun.exe",
                "name_parent": "",
                "pid": 1456,
                "path": "C:\\Program Files\\Microsoft Office 15\\ClientX64\\officeclicktorun.exe",
                "command_line": "\"C:\\Program Files\\Microsoft Office 15\\ClientX64\\OfficeClickToRun.exe\" /service",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2064,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "dasHost.exe",
                "name_parent": "svchost.exe",
                "pid": 2100,
                "path": "C:\\Windows\\System32\\dasHost.exe",
                "command_line": "dashost.exe {663aa05e-ef5c-42ca-9357c456522b5653}",
                "pid_parent": 1136,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2700,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "TeamViewer_Service.exe",
                "name_parent": "",
                "pid": 2732,
                "path": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
                "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "WmiPrvSE.exe",
                "name_parent": "svchost.exe",
                "pid": 3056,
                "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
                "command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
                "pid_parent": 804,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 3564,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 3664,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "TeamViewer_Desktop.exe",
                "name_parent": "TeamViewer_Service.exe",
                "pid": 5500,
                "path": "c:\\program files (x86)\\teamviewer\\TeamViewer_Desktop.exe",
                "command_line": "\"c:\\program files (x86)\\teamviewer\\TeamViewer_Desktop.exe\" --IPCport 5939",
                "pid_parent": 2732,
                "path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe"
            },
            {
                "name": "taskeng.exe",
                "name_parent": "svchost.exe",
                "pid": 5704,
                "path": "C:\\Windows\\System32\\taskeng.exe",
                "command_line": "taskeng.exe {DC1B6C04-6A89-4451-97A8-69A3B4FADCEE}",
                "pid_parent": 672,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskhostex.exe",
                "name_parent": "svchost.exe",
                "pid": 5724,
                "path": "C:\\Windows\\System32\\taskhostex.exe",
                "command_line": "taskhostex.exe ",
                "pid_parent": 672,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SynTPEnh.exe",
                "name_parent": "svchost.exe",
                "pid": 5732,
                "path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe",
                "command_line": "\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\" ",
                "pid_parent": 672,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "PresentationFontCache.exe",
                "name_parent": "",
                "pid": 5816,
                "path": "C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
                "command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 5832,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 5804,
                "path_parent": ""
            },
            {
                "name": "TeamViewer.exe",
                "name_parent": "TeamViewer_Service.exe",
                "pid": 5884,
                "path": "c:\\program files (x86)\\teamviewer\\TeamViewer.exe",
                "command_line": "\"c:\\program files (x86)\\teamviewer\\TeamViewer.exe\"",
                "pid_parent": 2732,
                "path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe"
            },
            {
                "name": "igfxEM.exe",
                "name_parent": "",
                "pid": 6056,
                "path": "C:\\Windows\\System32\\igfxEM.exe",
                "command_line": "igfxEM.exe ",
                "pid_parent": 6012,
                "path_parent": ""
            },
            {
                "name": "tv_w32.exe",
                "name_parent": "TeamViewer_Service.exe",
                "pid": 5936,
                "path": "C:\\Program Files (x86)\\TeamViewer\\tv_w32.exe",
                "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\tv_w32.exe\" --action hooks  --log C:\\Program Files (x86)\\TeamViewer\\TeamViewer11_Logfile.log  ",
                "pid_parent": 2732,
                "path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe"
            },
            {
                "name": "tv_x64.exe",
                "name_parent": "TeamViewer_Service.exe",
                "pid": 5924,
                "path": "C:\\Program Files (x86)\\TeamViewer\\tv_x64.exe",
                "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\tv_x64.exe\" --action hooks  --log C:\\Program Files (x86)\\TeamViewer\\TeamViewer11_Logfile.log  ",
                "pid_parent": 2732,
                "path_parent": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe"
            },
            {
                "name": "igfxHK.exe",
                "name_parent": "",
                "pid": 3796,
                "path": "C:\\Windows\\System32\\igfxHK.exe",
                "command_line": "igfxHK.exe ",
                "pid_parent": 6012,
                "path_parent": ""
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "",
                "pid": 6300,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "SkyDrive.exe",
                "name_parent": "svchost.exe",
                "pid": 6480,
                "path": "C:\\Windows\\System32\\SkyDrive.exe",
                "command_line": "C:\\Windows\\System32\\skydrive.exe -Embedding",
                "pid_parent": 804,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 6692,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 408,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "nvtray.exe",
                "name_parent": "nvxdsync.exe",
                "pid": 6708,
                "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe",
                "command_line": "\"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe\" -user_has_logged_in 1",
                "pid_parent": 1028,
                "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe"
            },
            {
                "name": "GoogleCrashHandler.exe",
                "name_parent": "",
                "pid": 6816,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.29.5\\GoogleCrashHandler.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.29.5\\GoogleCrashHandler.exe\"",
                "pid_parent": 5772,
                "path_parent": ""
            },
            {
                "name": "GoogleCrashHandler64.exe",
                "name_parent": "",
                "pid": 6860,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.29.5\\GoogleCrashHandler64.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.29.5\\GoogleCrashHandler64.exe\"",
                "pid_parent": 5772,
                "path_parent": ""
            },
            {
                "name": "SynTPHelper.exe",
                "name_parent": "",
                "pid": 7016,
                "path": "C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe",
                "command_line": "\"C:\\PROGRAM FILES\\SYNAPTICS\\SYNTP\\SYNTPHELPER.EXE\" ",
                "pid_parent": 6832,
                "path_parent": ""
            },
            {
                "name": "CSISYNCCLIENT.EXE",
                "name_parent": "",
                "pid": 7080,
                "path": "C:\\Program Files\\Microsoft Office 15\\root\\vfs\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE",
                "command_line": "\"C:\\Program Files\\Microsoft Office 15\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE\" \"C:\\Program Files\\Microsoft Office 15\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE\" -Embedding",
                "pid_parent": 7036,
                "path_parent": ""
            },
            {
                "name": "MSOSYNC.EXE",
                "name_parent": "CSISYNCCLIENT.EXE",
                "pid": 7160,
                "path": "C:\\Program Files\\Microsoft Office 15\\root\\office15\\MSOSYNC.EXE",
                "command_line": "\"C:\\Program Files\\Microsoft Office 15\\Root\\Office15\\MsoSync.exe\"",
                "pid_parent": 7080,
                "path_parent": "C:\\Program Files\\Microsoft Office 15\\root\\vfs\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE"
            },
            {
                "name": "sttray64.exe",
                "name_parent": "explorer.exe",
                "pid": 5780,
                "path": "C:\\Program Files\\IDT\\WDM\\sttray64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\sttray64.exe\" ",
                "pid_parent": 5832,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "sldworks_fs.exe",
                "name_parent": "explorer.exe",
                "pid": 6968,
                "path": "C:\\Program Files\\SolidWorks Corp\\SolidWorks\\sldworks_fs.exe",
                "command_line": "\"C:\\Program Files\\SolidWorks Corp\\SolidWorks\\sldworks_fs.exe\" ",
                "pid_parent": 5832,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "TelenorSEMobile.exe",
                "name_parent": "",
                "pid": 7068,
                "path": "C:\\Program Files (x86)\\Emotum\\Stay Connected\\TelenorSEMobile.exe",
                "command_line": "\"C:\\Program Files (x86)\\Emotum\\Stay Connected\\TelenorSEMobile.exe\" -autorun",
                "pid_parent": 6940,
                "path_parent": ""
            },
            {
                "name": "GWX.exe",
                "name_parent": "",
                "pid": 5672,
                "path": "C:\\Windows\\System32\\GWX\\GWX.exe",
                "command_line": "\"C:\\WINDOWS\\system32\\GWX\\GWX.exe\" ",
                "pid_parent": 6768,
                "path_parent": ""
            },
            {
                "name": "AvastUI.exe",
                "name_parent": "",
                "pid": 7028,
                "path": "C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe",
                "command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe\" /nogui",
                "pid_parent": 6940,
                "path_parent": ""
            },
            {
                "name": "unsecapp.exe",
                "name_parent": "svchost.exe",
                "pid": 7224,
                "path": "C:\\Windows\\System32\\wbem\\unsecapp.exe",
                "command_line": "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe -Embedding",
                "pid_parent": 804,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "HPSupportSolutionsFrameworkService.exe",
                "name_parent": "",
                "pid": 1228,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Solutions\\HPSupportSolutionsFrameworkService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Solutions\\HPSupportSolutionsFrameworkService.exe\"",
                "pid_parent": 676,
                "path_parent": ""
            },
            {
                "name": "SettingSyncHost.exe",
                "name_parent": "svchost.exe",
                "pid": 4128,
                "path": "C:\\Windows\\System32\\SettingSyncHost.exe",
                "command_line": "\"C:\\Windows\\System32\\SettingSyncHost.exe\" -Embedding",
                "pid_parent": 804,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WmiPrvSE.exe",
                "name_parent": "svchost.exe",
                "pid": 4400,
                "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
                "command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
                "pid_parent": 804,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "explorer.exe",
                "pid": 7440,
                "path": "C:\\Users\\Owner\\Downloads\\RogueKiller.exe",
                "command_line": "\"C:\\Users\\Owner\\Downloads\\RogueKiller.exe\" ",
                "pid_parent": 5832,
                "path_parent": "C:\\Windows\\explorer.exe"
            }
        ]
    },
    "results": {
        "processes": [
            {
                "scan_what": 1,
                "scan_how": [
                    1,
                    2,
                    4
                ],
                "vendors": [
                    "Proc.Injected"
                ],
                "name": "TelenorSEMobile.exe",
                "name_parent": "",
                "pid": 7068,
                "path": "C:\\Program Files (x86)\\Emotum\\Stay Connected\\TelenorSEMobile.exe",
                "command_line": "\"C:\\Program Files (x86)\\Emotum\\Stay Connected\\TelenorSEMobile.exe\" -autorun",
                "window": "",
                "pid_parent": 6940,
                "path_parent": "",
                "file_status": "[-]",
                "file_md5": "A470AA933A09648F62ED7FAC799330CE",
                "file_exists": true,
                "file_signed": false,
                "file_signer": "",
                "file_vtscore": 0,
                "status_str": "Killed [TermProc]",
                "status_choice": 1,
                "status_kill": 3
            }
        ],
        "modules": [],
        "services": [],
        "registry": [],
        "tasks": [],
        "filesystem": [
            {
                "scan_what": 3,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "PUP"
                ],
                "status_choice": 2,
                "processed": [
                    {
                        "type": 3,
                        "name": "speed browser.lnk",
                        "path_expanded": "C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\speed browser.lnk",
                        "path_compressed": "%SystemRoot%\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\speed browser.lnk",
                        "md5": "",
                        "md5_low_level": "",
                        "forged": false,
                        "lnk_target": "C:\\Program Files (x86)\\speed browser\\Application\\browser.exe",
                        "lnk_args": "",
                        "junc_target": "",
                        "junc_tag": 0,
                        "junc_error": 0,
                        "exists": true,
                        "signed": false,
                        "signer": "",
                        "status_str": "Found",
                        "status_removed": 0
                    }
                ]
            },
            {
                "scan_what": 3,
                "scan_how": [
                    1
                ],
                "vendors": [
                    "PUP"
                ],
                "status_choice": 2,
                "processed": [
                    {
                        "type": 3,
                        "name": "speed browser.lnk",
                        "path_expanded": "C:\\Windows\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\speed browser.lnk",
                        "path_compressed": "%SystemRoot%\\SysWOW64\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\speed browser.lnk",
                        "md5": "",
                        "md5_low_level": "",
                        "forged": false,
                        "lnk_target": "C:\\Program Files (x86)\\speed browser\\Application\\browser.exe",
                        "lnk_args": "",
                        "junc_target": "",
                        "junc_tag": 0,
                        "junc_error": 0,
                        "exists": true,
                        "signed": false,
                        "signer": "",
                        "status_str": "Found",
                        "status_removed": 0
                    }
                ]
            },
            {
                "scan_what": 3,
                "scan_how": [
                    1,
                    2,
                    9
                ],
                "vendors": [
                    "PUP"
                ],
                "status_choice": 2,
                "processed": [
                    {
                        "type": 2,
                        "name": "{bd262e29-6a97-e316-bd26-62e296a9b8a5}",
                        "path_expanded": "C:\\ProgramData\\{bd262e29-6a97-e316-bd26-62e296a9b8a5}",
                        "path_compressed": "%programdata%\\{bd262e29-6a97-e316-bd26-62e296a9b8a5}",
                        "md5": "",
                        "md5_low_level": "",
                        "forged": false,
                        "lnk_target": "",
                        "lnk_args": "",
                        "junc_target": "",
                        "junc_tag": 0,
                        "junc_error": 0,
                        "exists": true,
                        "signed": false,
                        "signer": "",
                        "status_str": "Found",
                        "status_removed": 0
                    }
                ]
            }
        ],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++\n--- User ---\n[MBR] 112dfc921677c1c23e63c2f6459fc824\n[BSP] 279dd0ecbd343dc25d9c7bdf613938a7 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB\n1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB\n2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB\n3 - Basic data partition | Offset (sectors): 1081344 | Size: 227958 MB\n4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 467939328 | Size: 450 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1:  LITEONIT LMS-24 +++++\n--- User ---\n[MBR] 557ad35ff0c70a81a7565f044da47793\n[BSP] 4316c0f34de40a43195a386db0bb6ec5 : Empty|VT.Unknown MBR Code\nPartition table:\n0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 128 | Size: 3855 MB\nUser = LL1 ... OK\nError reading LL2 MBR! NOT VALID!\n\n"
        }
    }
}

Edited by talkingtree, 09 February 2016 - 02:40 AM.

  • 0

Advertisements


#11
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64 
Ran by Owner (Administrator) on Tue 09/02/2016 at 18:40:35.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 14 
 
Failed to delete: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage (File) 
Successfully deleted: C:\Users\Owner\AppData\Roaming\dg (Folder) 
Successfully deleted: C:\Users\Owner\Documents\add-in express (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\WINDOWS\system32\drivers\dgsafe.sys (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) (Task)
Successfully deleted: C:\WINDOWS\SysWOW64\drivers\dgsafe.sys (File) 
Successfully deleted: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job (Task) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/02/2016 at 18:43:44.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Owner (administrator) on HP (09-02-2016 18:48:07)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-14] ()
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Telenor Stay Connected] => C:\Program Files (x86)\Emotum\Stay Connected\TelenorSEMobile.exe [339456 2010-08-03] (Telenor SE)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-13] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [291968 2015-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-13] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-12-24]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-12-24]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3BB2ACE9-DB68-4D53-94A6-6F4E135ED1E0}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{3D154E2D-CABD-454F-8BDC-16B3D78AEDAC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{66DC2291-A53D-4729-99CD-311045E208FC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130862720068145420&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130895977753687525&GUID=5D0854C2-FC5E-4008-B3C8-A377B28767C7
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {9F09F33C-419B-475C-8476-403EAD19E78C} URL = hxxps://se.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1952045502-1362136182-510965784-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-13] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-13] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mstehi7u.default
FF Homepage: hxxps://www.google.com.au/
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1952045502-1362136182-510965784-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-29] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-13] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 ESCSvc; C:\Program Files (x86)\Emotum\Stay Connected\Service.exe [659752 2010-08-25] ()
S4 ESUSClient_B2; C:\Program Files (x86)\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe [358808 2011-03-07] (Telenor Sweden)
S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-29] (Citrix Online, LLC)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-23] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-29] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-03] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-13] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [9525936 2013-06-10] (Broadcom Corporation)
S3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2016-01-31] ()
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [651736 2012-11-03] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 megasas2; C:\Windows\System32\drivers\megasas2.sys [53552 2012-10-02] (LSI Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X]
S3 RSP2STOR; system32\DRIVERS\RtsP2Stor.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 18:39 - 2016-02-09 18:40 - 01609032 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2016-02-09 14:39 - 2016-02-09 14:39 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-02-09 14:35 - 2016-02-09 14:35 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000 (2).pdf
2016-02-08 20:45 - 2016-02-09 18:44 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2016-02-08 20:43 - 2016-02-08 20:47 - 00004268 _____ C:\Users\Owner\Desktop\abc.txt
2016-02-08 20:30 - 2016-02-08 20:30 - 00033646 _____ C:\Users\Owner\Desktop\RKreport_SCN_02082016_203006.json
2016-02-08 20:21 - 2016-02-09 18:38 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-08 20:21 - 2016-02-08 20:34 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-08 20:19 - 2016-02-08 20:19 - 20943432 _____ C:\Users\Owner\Downloads\RogueKiller.exe
2016-02-08 20:17 - 2016-02-08 20:13 - 00012585 _____ C:\Users\Owner\Desktop\Fixlog.txt
2016-02-08 20:12 - 2016-02-08 20:13 - 00012585 _____ C:\Users\Owner\Downloads\Fixlog.txt
2016-02-08 20:09 - 2016-02-08 20:09 - 00002821 _____ C:\Users\Owner\Desktop\fixlist.txt
2016-02-08 20:00 - 2016-02-08 20:00 - 00001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-02-08 20:00 - 2016-02-08 20:00 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
2016-02-08 20:00 - 2016-02-08 20:00 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-02-08 20:00 - 2016-02-08 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-02-08 20:00 - 2016-02-08 20:00 - 00000000 ____D C:\Program Files\VS Revo Group
2016-02-08 20:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-02-08 19:59 - 2016-02-08 19:59 - 11199448 _____ (VS Revo Group ) C:\Users\Owner\Downloads\RevoUninProSetup.exe
2016-02-07 09:09 - 2016-02-09 18:48 - 00019816 _____ C:\Users\Owner\Downloads\FRST.txt
2016-02-07 09:09 - 2016-02-07 09:09 - 00041131 _____ C:\Users\Owner\Downloads\Addition.txt
2016-02-07 09:08 - 2016-02-09 18:48 - 00000000 ____D C:\FRST
2016-02-07 09:07 - 2016-02-07 09:07 - 02370560 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi.ics
2016-02-05 22:22 - 2016-02-05 22:22 - 00002886 _____ C:\Users\Owner\Downloads\8_Wellington_Road_ofi (1).ics
2016-02-05 21:31 - 2016-02-05 21:31 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer (1).pdf
2016-02-05 21:17 - 2016-02-05 21:17 - 00646166 _____ C:\Users\Owner\Downloads\Boat Trailer.pdf
2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000.pdf
2016-02-05 21:16 - 2016-02-05 21:16 - 01782449 _____ C:\Users\Owner\Downloads\FARR6000 (1).pdf
2016-02-05 21:15 - 2016-02-05 21:15 - 00646166 _____ C:\Users\Owner\Desktop\Boat Trailer.pdf
2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood.pdf
2016-02-05 20:23 - 2016-02-05 20:23 - 00045844 _____ C:\Users\Owner\Downloads\Q16-031.01 28 Lamette Street, Chatswood (1).pdf
2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (2).pdf
2016-02-04 23:08 - 2016-02-04 23:08 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003 (1).pdf
2016-02-04 23:06 - 2016-02-04 23:06 - 00222517 _____ C:\Users\Owner\Downloads\CCE04016_0003.pdf
2016-02-04 20:04 - 2016-02-04 20:04 - 00106188 _____ C:\Users\Owner\Downloads\Est_1669_from_Arrow_Roofing_Pty_Ltd.pdf
2016-02-04 16:53 - 2016-02-04 16:53 - 00412193 _____ C:\Users\Owner\Downloads\99185_TexasP_Weis.pdf
2016-02-04 16:49 - 2016-02-04 16:49 - 00015842 _____ C:\Users\Owner\Downloads\Spareparts list Wies 2016-02-03 (1).xlsx
2016-02-03 07:26 - 2016-02-03 07:26 - 00234836 _____ C:\Users\Owner\Downloads\80883 (1).pdf
2016-02-03 07:24 - 2016-02-03 07:24 - 00233822 _____ C:\Users\Owner\Downloads\80883.pdf
2016-02-02 21:21 - 2016-02-02 21:21 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-02 21:21 - 2016-02-02 21:21 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Google
2016-02-02 21:20 - 2016-02-02 21:20 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup.exe
2016-02-01 20:30 - 2016-02-01 20:30 - 01840277 _____ C:\Users\Owner\Documents\PC issue 1-02-2016.pdf
2016-02-01 19:04 - 2016-02-01 19:04 - 00000000 ___DC C:\Users\Owner\AppData\Local\MigWiz
2016-02-01 16:51 - 2016-02-01 16:51 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (4).lnk
2016-01-31 18:17 - 2016-01-31 18:17 - 02085168 _____ C:\Users\Owner\Downloads\Adaware_Installer.exe
2016-01-31 18:16 - 2016-01-31 18:18 - 48831832 _____ C:\Users\Owner\Downloads\BDPUARLauncher.exe
2016-01-31 18:10 - 2016-01-31 18:13 - 00000000 ____D C:\AdwCleaner
2016-01-31 18:08 - 2016-01-31 18:08 - 01507840 _____ C:\Users\Owner\Downloads\adwcleaner_5.031.exe
2016-01-31 18:07 - 2016-01-31 18:07 - 01507840 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2016-01-31 17:37 - 2016-01-31 17:37 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-01-31 17:35 - 2016-01-31 17:35 - 00027750 _____ C:\WINDOWS\system32\.crusader
2016-01-31 17:03 - 2016-01-31 17:35 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-31 16:32 - 2016-01-31 16:51 - 11323704 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\temp
2016-01-31 15:32 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\mbar
2016-01-31 15:30 - 2016-01-31 15:32 - 00000000 ____D C:\Users\peter\Desktop\DISKTOP TEMP 2
2016-01-31 15:30 - 2016-01-25 12:56 - 00000165 ____H C:\Users\peter\Desktop\~$SAKERHETSKODER.xlsx
2016-01-31 15:30 - 2016-01-25 09:53 - 00027669 _____ C:\Users\peter\Desktop\SAKERHETSKODER.xlsx
2016-01-31 15:30 - 2016-01-22 20:57 - 00000555 _____ C:\Users\peter\Desktop\JRT.txt
2016-01-31 15:30 - 2016-01-22 19:57 - 519004214 _____ C:\Users\peter\Desktop\MEMORY.DMP
2016-01-31 15:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\peter\Desktop\HUS PLAN.pdf
2016-01-31 15:30 - 2016-01-19 13:29 - 00303029 _____ C:\Users\peter\Desktop\HUS View.pdf
2016-01-31 15:30 - 2016-01-01 01:41 - 01455974 _____ C:\Users\peter\Desktop\163398_DNC-63-200-P-A.stp
2016-01-31 15:30 - 2015-12-24 15:47 - 00002403 _____ C:\Users\peter\Desktop\Word 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00002402 _____ C:\Users\peter\Desktop\PowerPoint 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00002359 _____ C:\Users\peter\Desktop\Outlook 2013.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00001418 _____ C:\Users\peter\Desktop\GoToAssist Customer.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00000870 _____ C:\Users\peter\Desktop\Documents - Shortcut.lnk
2016-01-31 15:30 - 2015-12-24 15:47 - 00000146 _____ C:\Users\peter\Desktop\Windows Defender - Shortcut.lnk
2016-01-31 15:30 - 2015-12-21 14:17 - 00000165 ____H C:\Users\peter\Desktop\~$Leeds AUS 2015.xlsx
2016-01-31 15:30 - 2015-12-09 14:55 - 02748635 _____ C:\Users\peter\Desktop\WC203905.pdf
2016-01-31 15:30 - 2015-11-13 19:02 - 00010165 ____H C:\Users\peter\Desktop\~WRL0005.tmp
2016-01-31 15:30 - 2015-10-01 14:45 - 00023415 _____ C:\Users\peter\Desktop\Leeds AUS 2015.xlsx
2016-01-31 15:30 - 2015-09-29 12:50 - 00464002 _____ C:\Users\peter\Desktop\Jury Medical Sept 2015.pdf
2016-01-31 15:30 - 2015-08-16 18:55 - 00000061 _____ C:\Users\peter\Desktop\GMail.url
2016-01-31 15:30 - 2015-06-11 11:43 - 00818697 _____ C:\Users\peter\Desktop\ESRF supporting documents .pdf
2016-01-31 01:31 - 2016-01-31 19:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1004
2016-01-31 01:26 - 2016-01-31 01:26 - 00000000 ____D C:\Users\peter\AppData\Local\GWX
2016-01-30 17:05 - 2016-01-31 17:24 - 00000000 ____D C:\Users\peter\AppData\Local\Google
2016-01-30 17:05 - 2016-01-30 17:05 - 00001442 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-30 17:05 - 2016-01-30 17:05 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-30 17:05 - 2016-01-30 17:05 - 00000020 ___SH C:\Users\peter\ntuser.ini
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\My Documents
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Videos
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Pictures
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 _SHDL C:\Users\peter\Documents\My Music
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 __SHD C:\Users\peter\IntelGraphicsProfiles
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Synaptics
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Macromedia
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\AVAST Software
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Roaming\Adobe
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\VirtualStore
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter\AppData\Local\Packages
2016-01-30 17:05 - 2016-01-30 17:05 - 00000000 ____D C:\Users\peter
2016-01-30 17:05 - 2014-09-24 15:50 - 00002112 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2016-01-30 17:05 - 2014-09-22 08:42 - 00000000 ____D C:\Users\peter\AppData\Local\Microsoft Help
2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-30 17:05 - 2014-03-18 21:15 - 00000369 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-30 17:00 - 2016-01-30 17:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2016-01-30 10:19 - 2016-01-30 10:19 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full846.exe
2016-01-30 10:13 - 2016-01-30 10:13 - 00001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-01-30 10:13 - 2016-01-30 10:13 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-01-30 10:13 - 2016-01-30 10:13 - 00000000 ____D C:\WINDOWS\en
2016-01-30 10:12 - 2016-01-30 10:12 - 00002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-01-30 10:12 - 2016-01-30 10:12 - 00001434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files\Windows Live
2016-01-30 10:12 - 2016-01-30 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-01-30 10:12 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-01-30 10:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-01-30 10:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-01-30 10:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-01-30 10:11 - 2016-02-05 21:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2016-01-30 10:11 - 2016-01-30 10:11 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe
2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (4).pdf
2016-01-29 15:47 - 2016-01-29 15:47 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (3).pdf
2016-01-29 13:54 - 2016-01-29 13:54 - 00000000 ____D C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f
2016-01-29 13:51 - 2016-01-29 13:51 - 00005034 _____ C:\Users\Owner\Downloads\PARTserver02016012903522456509679192d056f.zip
2016-01-28 10:01 - 2016-01-28 10:01 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (2).pdf
2016-01-28 07:14 - 2016-01-28 07:14 - 00032637 _____ C:\Users\Owner\Downloads\ANZ Receipt - Ref 1157179914.pdf
2016-01-28 07:07 - 2016-01-28 07:07 - 00232765 _____ C:\Users\Owner\Downloads\Invoice_126937.PDF
2016-01-27 23:14 - 2016-01-27 23:15 - 05826048 _____ C:\Users\Owner\Downloads\sample-marketing1-deutschland-20000.xls
2016-01-27 18:37 - 2016-01-27 18:37 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker (1).pdf
2016-01-27 18:36 - 2016-01-27 18:36 - 00776641 _____ C:\Users\Owner\Downloads\Furring Channel Autopacker.pdf
2016-01-27 16:22 - 2016-01-27 16:22 - 00490984 _____ C:\Users\Owner\Downloads\Machine 26.pdf
2016-01-27 14:17 - 2016-01-27 14:17 - 00018033 _____ C:\Users\Owner\Downloads\in-sydney (2).gz
2016-01-27 14:17 - 2016-01-27 14:17 - 00018026 _____ C:\Users\Owner\Downloads\in-sydney (1).gz
2016-01-27 14:16 - 2016-01-27 14:16 - 00018022 _____ C:\Users\Owner\Downloads\in-sydney.gz
2016-01-27 11:58 - 2016-01-27 11:58 - 00116048 _____ C:\Users\Owner\Downloads\Siemens Quotation  IQRY160125004  - Packovation .pdf
2016-01-26 22:02 - 2016-01-26 22:02 - 00025150 _____ C:\Users\Owner\Downloads\INV-000037.pdf
2016-01-25 23:14 - 2016-01-25 23:14 - 01565585 _____ C:\Users\Owner\Downloads\OLD T-Bar - Cross runner.pdf
2016-01-25 23:14 - 2016-01-25 23:14 - 00339874 _____ C:\Users\Owner\Downloads\Mark 2 mainrunner machine for T-Bar-packer.pdf
2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New  WA 200Cross runner 1.PDF
2016-01-25 23:13 - 2016-01-25 23:13 - 00267196 _____ C:\Users\Owner\Downloads\New  WA 200Cross runner 1 (1).PDF
2016-01-25 12:56 - 2016-01-25 12:56 - 00000165 ____H C:\Users\Owner\Desktop\~$SAKERHETSKODER.xlsx
2016-01-25 11:32 - 2016-01-25 12:38 - 00002243 _____ C:\Users\Owner\Documents\starburn.txt
2016-01-25 11:31 - 2016-01-25 12:05 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Filmora
2016-01-25 11:31 - 2016-01-25 11:31 - 00001119 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2016-01-25 11:31 - 2016-01-25 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-01-25 11:30 - 2016-01-25 11:30 - 00966728 _____ C:\Users\Owner\Downloads\filmora_setup_full1901.exe
2016-01-25 09:53 - 2016-01-25 09:53 - 00027669 _____ C:\Users\Owner\Desktop\SAKERHETSKODER.xlsx
2016-01-24 20:48 - 2016-01-30 17:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-500
2016-01-24 20:45 - 2016-01-24 20:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\Razer_Inc
2016-01-24 20:44 - 2016-01-25 07:38 - 00000000 ____D C:\Program Files (x86)\Razer
2016-01-24 20:44 - 2016-01-24 20:44 - 00000000 ____D C:\ProgramData\Razer
2016-01-24 20:43 - 2016-01-24 20:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-01-24 20:43 - 2016-01-24 20:43 - 00001442 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-01-24 18:19 - 2016-01-25 17:04 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-01-24 16:11 - 2016-01-24 16:11 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2016-01-24 16:10 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Administrator
2016-01-24 16:10 - 2016-01-24 16:10 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-24 16:10 - 2016-01-24 16:10 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-24 16:10 - 2014-09-24 15:50 - 00002112 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2016-01-24 16:10 - 2014-09-22 08:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-24 16:10 - 2014-03-18 21:15 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-01-24 15:42 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Comodo
2016-01-24 15:31 - 2016-02-05 08:41 - 00002192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-24 15:31 - 2016-02-05 08:41 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-24 15:30 - 2016-02-09 18:40 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 15:30 - 2016-02-09 18:33 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-24 15:30 - 2016-02-02 13:35 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-24 15:30 - 2016-02-02 13:35 - 00003648 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-24 15:26 - 2016-01-24 15:26 - 00000000 ____D C:\ProgramData\Synaptics
2016-01-24 15:16 - 2016-01-24 15:16 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-01-24 15:16 - 2016-01-24 15:16 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-01-24 15:10 - 2016-01-24 15:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Hewlett-Packard
2016-01-24 15:09 - 2016-01-24 15:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-01-24 14:49 - 2016-01-22 19:57 - 519004214 _____ C:\Users\Owner\Desktop\MEMORY.DMP
2016-01-24 13:40 - 2016-01-24 13:40 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-24 13:40 - 2015-12-13 11:13 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\Macromedia
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Roaming\AVAST Software
2016-01-24 13:17 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\PDFConverter.com
2016-01-24 13:16 - 2016-01-24 13:39 - 00000000 ____D C:\Users\terry
2016-01-24 13:16 - 2016-01-24 13:17 - 00000000 ____D C:\Users\terry\AppData\Local\Packages
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\My Documents
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Videos
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Pictures
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 _SHDL C:\Users\terry\Documents\My Music
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 __SHD C:\Users\terry\IntelGraphicsProfiles
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Roaming\Adobe
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\VirtualStore
2016-01-24 13:16 - 2016-01-24 13:16 - 00000000 ____D C:\Users\terry\AppData\Local\Google
2016-01-24 13:16 - 2014-09-22 08:42 - 00000000 ____D C:\Users\terry\AppData\Local\Microsoft Help
2016-01-22 20:58 - 2016-01-22 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-22 20:57 - 2016-02-09 18:43 - 00001799 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-22 20:54 - 2016-01-24 13:38 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2016-01-22 20:21 - 2016-01-24 15:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-22 20:21 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-22 20:21 - 2016-01-22 20:21 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-22 20:21 - 2016-01-22 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-22 20:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-22 20:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-22 20:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-22 19:57 - 2016-01-22 19:57 - 00293904 _____ C:\WINDOWS\Minidump\012216-7609-02.dmp
2016-01-22 19:36 - 2016-01-22 19:36 - 00297232 _____ C:\WINDOWS\Minidump\012216-7828-01.dmp
2016-01-22 16:06 - 2016-01-22 16:06 - 00000863 _____ C:\Users\Owner\Documents\Pictures - Shortcut.lnk
2016-01-22 15:47 - 2016-01-22 15:47 - 00295944 _____ C:\WINDOWS\Minidump\012216-8109-01.dmp
2016-01-22 11:28 - 2016-01-22 11:28 - 00295272 _____ C:\WINDOWS\Minidump\012216-8000-01.dmp
2016-01-22 11:26 - 2016-01-22 11:26 - 00294016 _____ C:\WINDOWS\Minidump\012216-7609-01.dmp
2016-01-22 11:06 - 2016-01-22 11:06 - 00294592 _____ C:\WINDOWS\Minidump\012216-7625-01.dmp
2016-01-22 10:58 - 2016-01-22 10:58 - 00300488 _____ C:\WINDOWS\Minidump\012216-7718-01.dmp
2016-01-22 07:49 - 2016-01-22 07:49 - 00300376 _____ C:\WINDOWS\Minidump\012216-8718-01.dmp
2016-01-21 21:12 - 2016-01-21 21:12 - 00302240 _____ C:\WINDOWS\Minidump\012116-7734-01.dmp
2016-01-21 10:01 - 2016-01-21 10:01 - 00296232 _____ C:\WINDOWS\Minidump\012116-8156-01.dmp
2016-01-21 08:16 - 2016-01-21 08:16 - 00294352 _____ C:\WINDOWS\Minidump\012116-7546-01.dmp
2016-01-20 23:05 - 2016-01-20 23:05 - 00299264 _____ C:\WINDOWS\Minidump\012016-8593-01.dmp
2016-01-20 22:21 - 2016-01-20 22:21 - 00296232 _____ C:\WINDOWS\Minidump\012016-7656-01.dmp
2016-01-20 21:42 - 2016-01-20 21:42 - 00299832 _____ C:\WINDOWS\Minidump\012016-8437-01.dmp
2016-01-20 16:38 - 2016-01-20 16:38 - 00295880 _____ C:\WINDOWS\Minidump\012016-7578-01.dmp
2016-01-20 12:48 - 2016-01-20 12:48 - 00299840 _____ C:\WINDOWS\Minidump\012016-7546-01.dmp
2016-01-20 11:30 - 2016-01-20 11:30 - 00300512 _____ C:\WINDOWS\Minidump\012016-7718-01.dmp
2016-01-20 08:55 - 2016-01-20 08:55 - 00296360 _____ C:\WINDOWS\Minidump\012016-7671-01.dmp
2016-01-19 20:55 - 2016-01-19 20:55 - 00299072 _____ C:\WINDOWS\Minidump\011916-7609-01.dmp
2016-01-19 19:21 - 2016-01-19 19:21 - 00299360 _____ C:\WINDOWS\Minidump\011916-7515-01.dmp
2016-01-19 18:19 - 2016-01-19 18:19 - 00300736 _____ C:\WINDOWS\Minidump\011916-7578-01.dmp
2016-01-19 13:40 - 2016-01-19 13:40 - 00299936 _____ C:\WINDOWS\Minidump\011916-7640-01.dmp
2016-01-19 13:30 - 2016-01-19 13:30 - 00303485 _____ C:\Users\Owner\Desktop\HUS PLAN.pdf
2016-01-19 13:29 - 2016-01-19 13:29 - 00303029 _____ C:\Users\Owner\Desktop\HUS View.pdf
2016-01-19 13:27 - 2016-01-19 13:27 - 00297672 _____ C:\WINDOWS\Minidump\011916-7703-01.dmp
2016-01-19 08:39 - 2016-01-19 08:39 - 00296040 _____ C:\WINDOWS\Minidump\011916-8484-01.dmp
2016-01-18 22:15 - 2016-01-18 22:15 - 00296704 _____ C:\WINDOWS\Minidump\011816-7656-01.dmp
2016-01-18 16:43 - 2016-01-18 16:43 - 00301320 _____ C:\WINDOWS\Minidump\011816-7625-01.dmp
2016-01-18 10:12 - 2016-01-18 10:12 - 00295984 _____ C:\WINDOWS\Minidump\011816-7593-01.dmp
2016-01-18 08:01 - 2016-01-18 08:01 - 00295400 _____ C:\WINDOWS\Minidump\011816-7796-01.dmp
2016-01-17 21:36 - 2016-01-17 21:36 - 00299400 _____ C:\WINDOWS\Minidump\011716-8234-01.dmp
2016-01-16 22:26 - 2016-01-16 22:26 - 00299304 _____ C:\WINDOWS\Minidump\011616-7750-01.dmp
2016-01-16 13:26 - 2016-01-16 13:26 - 00295784 _____ C:\WINDOWS\Minidump\011616-8375-01.dmp
2016-01-16 10:25 - 2016-01-16 10:25 - 00000675 _____ C:\Users\Owner\Documents\Desktop - Shortcut (3).lnk
2016-01-16 10:08 - 2016-01-16 10:08 - 00294920 _____ C:\WINDOWS\Minidump\011616-7500-01.dmp
2016-01-16 06:54 - 2016-01-16 06:54 - 00296272 _____ C:\WINDOWS\Minidump\011616-7625-01.dmp
2016-01-15 17:35 - 2016-01-15 17:35 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2016-01-15 17:23 - 2016-01-15 17:23 - 00295696 _____ C:\WINDOWS\Minidump\011516-7609-01.dmp
2016-01-15 15:47 - 2016-01-15 15:47 - 00296792 _____ C:\WINDOWS\Minidump\011516-8781-01.dmp
2016-01-15 11:06 - 2016-01-15 11:06 - 00294736 _____ C:\WINDOWS\Minidump\011516-8406-01.dmp
2016-01-15 11:04 - 2016-01-15 11:04 - 00299776 _____ C:\WINDOWS\Minidump\011516-7781-01.dmp
2016-01-15 08:29 - 2016-01-15 08:29 - 00295656 _____ C:\WINDOWS\Minidump\011516-7593-01.dmp
2016-01-14 11:32 - 2016-01-14 11:32 - 00296520 _____ C:\WINDOWS\Minidump\011416-7703-01.dmp
2016-01-14 09:23 - 2016-01-14 09:23 - 00295936 _____ C:\WINDOWS\Minidump\011416-7765-01.dmp
2016-01-14 08:09 - 2016-01-14 08:09 - 00296808 _____ C:\WINDOWS\Minidump\011416-7953-01.dmp
2016-01-13 21:25 - 2016-01-16 22:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 21:25 - 2016-01-13 21:25 - 00002027 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-13 21:25 - 2016-01-13 21:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-13 21:15 - 2016-01-24 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-13 21:15 - 2016-01-13 21:15 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-13 21:15 - 2016-01-13 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-13 21:10 - 2016-01-13 21:10 - 00299680 _____ C:\WINDOWS\Minidump\011316-8390-01.dmp
2016-01-13 15:28 - 2016-01-13 15:28 - 00296928 _____ C:\WINDOWS\Minidump\011316-7625-01.dmp
2016-01-13 11:07 - 2016-01-13 11:07 - 00296136 _____ C:\WINDOWS\Minidump\011316-8031-01.dmp
2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-5825-1
2016-01-13 10:53 - 2016-01-13 10:53 - 00000000 ____D C:\ProgramData\323486fe-1343-0
2016-01-13 10:52 - 2016-01-24 13:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Setup Wizard
2016-01-13 10:39 - 2016-01-13 10:39 - 00300032 _____ C:\WINDOWS\Minidump\011316-7562-01.dmp
2016-01-13 08:25 - 2016-01-13 08:25 - 00295128 _____ C:\WINDOWS\Minidump\011316-11203-01.dmp
2016-01-13 06:56 - 2016-01-13 06:56 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-01-13 06:56 - 2016-01-13 06:56 - 00001003 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-01-13 06:54 - 2015-12-31 06:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 06:54 - 2015-12-31 06:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-13 06:54 - 2015-12-31 06:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-13 06:54 - 2015-12-11 15:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 06:54 - 2015-12-11 15:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 06:54 - 2015-12-11 14:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 06:54 - 2015-12-11 14:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 06:54 - 2015-12-11 14:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 06:54 - 2015-12-11 14:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 06:54 - 2015-12-11 14:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-13 06:54 - 2015-12-11 14:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-13 06:54 - 2015-12-11 14:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 06:54 - 2015-12-11 14:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-13 06:54 - 2015-12-11 13:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-13 06:54 - 2015-12-11 13:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 06:54 - 2015-12-11 13:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-13 06:54 - 2015-12-11 13:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet(98).dll
2016-01-13 06:54 - 2015-12-11 13:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-13 06:54 - 2015-12-11 13:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-13 06:54 - 2015-12-11 13:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon(94).dll
2016-01-13 06:54 - 2015-12-11 13:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-13 06:54 - 2015-12-11 13:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-13 06:54 - 2015-12-11 13:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-13 06:54 - 2015-12-11 13:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-13 06:54 - 2015-12-10 11:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 06:54 - 2015-12-09 06:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32(38).dll
2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 06:54 - 2015-12-09 06:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32(109).dll
2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 06:54 - 2015-12-07 21:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32(57).dll
2016-01-13 06:54 - 2015-12-05 16:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 06:54 - 2015-12-05 16:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 06:54 - 2015-12-05 16:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 06:54 - 2015-12-05 02:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32(118).dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-13 06:54 - 2015-12-04 06:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-13 06:54 - 2015-12-04 06:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-13 06:54 - 2015-12-04 06:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-13 06:54 - 2015-12-04 05:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-13 06:54 - 2015-12-04 05:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-13 06:54 - 2015-12-04 05:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-13 06:54 - 2015-12-04 05:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-13 06:54 - 2015-12-04 05:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-13 06:54 - 2015-12-04 05:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 06:54 - 2015-12-04 05:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 06:54 - 2015-12-04 05:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 06:54 - 2015-12-04 05:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 06:54 - 2015-12-04 05:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-13 06:54 - 2015-12-04 04:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-13 06:54 - 2015-12-04 04:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 06:54 - 2015-12-04 04:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 06:54 - 2015-12-04 04:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 06:54 - 2015-12-04 04:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 06:54 - 2015-12-04 04:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 06:54 - 2015-12-04 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 06:54 - 2015-12-04 04:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-13 06:54 - 2015-12-04 04:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-13 06:54 - 2015-12-04 04:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 06:54 - 2015-12-04 04:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 06:54 - 2015-12-04 04:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 06:54 - 2015-12-04 03:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 06:54 - 2015-12-04 03:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 06:54 - 2015-12-04 03:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 06:54 - 2015-12-03 02:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 06:54 - 2015-12-03 02:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 06:54 - 2015-11-18 08:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-13 06:51 - 2016-01-13 06:51 - 00294248 _____ C:\WINDOWS\Minidump\011316-7437-01.dmp
2016-01-13 00:33 - 2016-01-13 00:33 - 00295304 _____ C:\WINDOWS\Minidump\011316-7828-01.dmp
2016-01-13 00:25 - 2016-01-13 00:25 - 00294344 _____ C:\WINDOWS\Minidump\011316-7531-01.dmp
2016-01-12 22:10 - 2016-01-12 22:10 - 00293928 _____ C:\WINDOWS\Minidump\011216-7578-01.dmp
2016-01-12 20:58 - 2016-01-12 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 20:08 - 2016-01-12 20:08 - 00226118 _____ C:\WINDOWS\ntbtlog.txt
2016-01-11 22:08 - 2016-01-11 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\PDFConverter.com
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\COMODO
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\Program Files\COMODO
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-09 18:41 - 2015-06-02 14:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-09 18:41 - 2015-06-02 14:48 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-09 18:38 - 2014-09-11 11:36 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1952045502-1362136182-510965784-1001
2016-02-09 18:38 - 2014-03-18 21:04 - 01167230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-09 18:38 - 2013-08-23 00:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-09 18:34 - 2015-07-20 19:10 - 00003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7536DEC7-60B9-4FC1-9054-C98CBA6F09FD}
2016-02-09 18:33 - 2014-09-30 20:04 - 00000000 ___DO C:\Users\Owner\OneDrive
2016-02-09 18:31 - 2015-09-21 13:50 - 00065536 _____ C:\WINDOWS\system32\Ikeext.etl
2016-02-09 18:31 - 2013-08-23 01:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-09 18:30 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\tracing
2016-02-09 18:30 - 2013-08-23 00:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 18:17 - 2014-09-25 12:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-09 13:41 - 2015-09-03 03:47 - 00000000 ____D C:\ProgramData\CanonIJ
2016-02-09 13:41 - 2015-09-03 03:39 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-02-08 20:12 - 2014-11-24 22:53 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-02-06 21:43 - 2015-10-18 21:58 - 00000000 ____D C:\Users\Owner\Desktop\temp
2016-02-05 13:28 - 2014-09-11 11:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2016-02-05 08:50 - 2015-08-18 05:32 - 00000000 ____D C:\Users\Owner\Documents\15-16
2016-02-04 16:55 - 2014-09-16 23:24 - 00169312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-04 07:59 - 2014-09-29 17:39 - 00000000 ____D C:\Users\Owner\AppData\Local\TempSWBackupDirectory
2016-02-02 21:21 - 2014-09-13 00:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-01 18:24 - 2015-04-19 22:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-02-01 16:07 - 2014-09-12 04:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-02-01 11:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-31 19:16 - 2015-06-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-31 18:13 - 2015-05-07 11:18 - 00000000 ____D C:\WINDOWS\system32\log
2016-01-31 17:38 - 2015-12-13 11:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-31 01:34 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-30 10:51 - 2015-07-17 19:55 - 00000000 ____D C:\Users\Owner\Tracing
2016-01-30 10:12 - 2015-01-22 13:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-25 17:18 - 2014-09-13 15:53 - 00000000 ____D C:\Users\Owner
2016-01-25 16:56 - 2014-09-29 17:38 - 00000000 ____D C:\Users\Owner\AppData\Local\SolidWorks
2016-01-25 11:31 - 2014-09-13 15:54 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-25 11:28 - 2015-11-24 14:44 - 00000000 ____D C:\Users\Owner\Downloads\SM C113_11056eng (1)
2016-01-25 11:12 - 2015-05-28 17:20 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-01-25 11:12 - 2015-05-28 16:56 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-01-25 10:24 - 2013-08-23 02:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 20:44 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\WINDOWS\system32\RazerCoinstaller.dll
2016-01-24 15:31 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-01-24 15:13 - 2014-09-12 05:01 - 00000000 ____D C:\swsetup
2016-01-24 15:09 - 2014-09-12 04:52 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-01-24 13:46 - 2015-05-29 16:20 - 00000000 ____D C:\ProgramData\WinZip
2016-01-24 13:39 - 2015-12-13 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-24 13:39 - 2015-12-08 15:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-24 13:39 - 2015-12-06 19:52 - 00000000 ____D C:\Users\Public\Desktop\Microsoft IntelliPoint
2016-01-24 13:39 - 2015-12-05 11:45 - 00000000 ____D C:\Users\Owner\Documents\Wondershare Video Editor
2016-01-24 13:39 - 2015-12-03 23:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-01-24 13:39 - 2015-10-07 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delcam
2016-01-24 13:39 - 2015-09-13 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-24 13:39 - 2015-09-13 19:48 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Oracle
2016-01-24 13:39 - 2015-09-03 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
2016-01-24 13:39 - 2015-07-16 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telenor
2016-01-24 13:39 - 2015-06-09 23:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-01-24 13:39 - 2015-06-02 14:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Lavasoft
2016-01-24 13:39 - 2015-05-29 15:01 - 00000000 ____D C:\Users\Owner\Downloads\29-5-15
2016-01-24 13:39 - 2015-05-28 20:08 - 00000000 ____D C:\Users\Owner\Documents\TEST
2016-01-24 13:39 - 2015-05-03 18:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-01-24 13:39 - 2015-04-30 00:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2016-01-24 13:39 - 2015-04-19 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-24 13:39 - 2015-03-16 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-01-24 13:39 - 2015-03-16 19:35 - 00000000 ____D C:\Users\Owner\XP700_WW_WIN_3795_42
2016-01-24 13:39 - 2015-03-16 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-01-24 13:39 - 2015-03-16 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2016-01-24 13:39 - 2015-01-22 12:53 - 00000000 ____D C:\Users\Owner\AppData\Local\FlexLink
2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Tools 2015
2016-01-24 13:39 - 2014-12-26 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015
2016-01-24 13:39 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2016-01-24 13:39 - 2014-12-13 12:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\help_images_otherUI
2016-01-24 13:39 - 2014-12-12 11:45 - 00000000 ____D C:\Users\Owner\Desktop\DISKTOP TEMP 2
2016-01-24 13:39 - 2014-11-14 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2014 - English
2016-01-24 13:39 - 2014-11-14 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-01-24 13:39 - 2014-09-29 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2016-01-24 13:39 - 2014-09-29 14:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Citrix
2016-01-24 13:39 - 2014-09-27 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
2016-01-24 13:39 - 2014-09-25 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-01-24 13:39 - 2014-09-25 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 110
2016-01-24 13:39 - 2014-09-24 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-24 13:39 - 2014-09-13 15:53 - 00000000 ____D C:\Users\UpdatusUser
2016-01-24 13:39 - 2014-09-13 12:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-01-24 13:39 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\ALLA FOTO
2016-01-24 13:39 - 2014-09-13 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-24 13:39 - 2014-09-13 00:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\WinStore
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\FileManager
2016-01-24 13:39 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\Camera
2016-01-24 13:38 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-01-24 13:38 - 2015-05-28 17:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Wondershare
2016-01-24 13:38 - 2015-01-06 11:13 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Sun
2016-01-24 13:38 - 2014-12-25 23:24 - 00000000 ____D C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters
2016-01-24 13:38 - 2014-11-14 17:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Autodesk
2016-01-24 13:38 - 2014-09-27 13:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SolidWorks
2016-01-24 13:38 - 2014-09-26 12:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Canon
2016-01-24 13:38 - 2014-09-19 13:55 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Brother
2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\TomTom
2016-01-24 13:38 - 2014-09-13 01:54 - 00000000 ____D C:\Users\Owner\Documents\SolidWorks Downloads
2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\BUSSINESS
2016-01-24 13:38 - 2014-09-13 01:51 - 00000000 ____D C:\Users\Owner\Documents\2 Machines
2016-01-24 13:38 - 2014-09-13 01:46 - 00000000 ____D C:\Users\Owner\Documents\14-15
2016-01-24 13:38 - 2014-09-11 11:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-01-24 13:38 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\registration
2016-01-24 13:37 - 2015-12-12 11:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-01-24 13:37 - 2014-11-14 17:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Autodesk
2016-01-24 13:37 - 2014-09-15 20:40 - 00000000 ____D C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2016-01-22 20:36 - 2014-03-18 20:46 - 00000000 ____D C:\WINDOWS\SKB
2016-01-22 20:08 - 2015-08-07 20:06 - 00003084 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001
2016-01-22 20:08 - 2015-01-06 12:11 - 00003042 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
2016-01-22 20:07 - 2014-12-25 23:24 - 00004314 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMScan
2016-01-22 20:07 - 2014-12-25 23:24 - 00003740 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMUpdater
2016-01-22 20:07 - 2014-12-25 23:24 - 00003734 _____ C:\WINDOWS\System32\Tasks\Driver Support-RTMRules
2016-01-22 20:07 - 2014-12-25 23:24 - 00003532 _____ C:\WINDOWS\System32\Tasks\Driver Support
2016-01-22 19:57 - 2015-12-08 15:15 - 519004214 _____ C:\WINDOWS\MEMORY.DMP
2016-01-21 08:34 - 2014-09-24 15:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 08:34 - 2013-08-23 02:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 08:20 - 2015-12-13 11:13 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-21 08:20 - 2015-12-13 11:13 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-01-20 21:57 - 2015-05-03 14:50 - 00000000 ____D C:\Users\Owner\Documents\1 SALES
2016-01-19 13:30 - 2013-08-23 02:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-01-16 22:46 - 2014-12-26 11:29 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 17:35 - 2014-09-13 14:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-01-15 17:07 - 2013-08-23 00:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(48)
2016-01-13 21:25 - 2014-09-13 14:03 - 00000000 ____D C:\ProgramData\Adobe
2016-01-13 21:15 - 2015-06-09 22:37 - 00000000 ____D C:\ProgramData\Skype
2016-01-13 16:20 - 2015-01-06 11:16 - 00000000 ____D C:\ProgramData\Oracle
2016-01-13 16:18 - 2015-09-13 20:11 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-13 16:01 - 2015-04-15 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 16:01 - 2015-03-16 21:16 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-13 16:00 - 2012-07-26 18:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 15:58 - 2014-09-11 15:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 15:55 - 2014-09-11 15:29 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 08:25 - 2013-08-23 01:44 - 00592776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-13 06:56 - 2015-04-08 20:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2016-01-12 22:27 - 2015-12-12 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-12 22:07 - 2014-09-12 09:14 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-11 22:11 - 2015-12-12 12:50 - 00000000 ____D C:\Program Files\PeerBlock
 
==================== Files in the root of some directories =======
 
2014-09-13 01:23 - 2014-09-13 01:23 - 0000030 _____ () C:\Users\Owner\AppData\Roaming\fixcfg.ini
2014-11-14 17:29 - 2014-11-14 17:29 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-16 10:04
 
==================== End of FRST.txt ============================

  • 1

#13
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Owner (2016-02-09 18:48:34)
Running from C:\Users\Owner\Downloads
Windows 8.1 Pro (X64) (2014-09-13 04:57:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1952045502-1362136182-510965784-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1952045502-1362136182-510965784-501 - Limited - Disabled)
Owner (S-1-5-21-1952045502-1362136182-510965784-1001 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-1952045502-1362136182-510965784-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6950 - Broadcom Corporation)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delcam for SolidWorks (x64) (HKLM\...\Delcam for SolidWorks) (Version: 21.7.0.20 - Delcam)
Download Navigator (HKLM-x32\...\{04A86A16-2082-46EE-8AD2-9A6FDC96DD27}) (Version: 3.3.0 - SEIKO EPSON CORPORATION)
Driver Support Active Optimization (x32 Version: 1.0.4.7977 - PC Drivers HeadQuarters LP) Hidden
Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)
Epson Network Guide XP-700 Series (HKLM-x32\...\XP-700 Series Netg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
SOLIDWORKS 2015 x64 Edition SP01.1 (HKLM-x32\...\SolidWorks Installation Manager 20150-40101-1100-100) (Version: 23.1.1.2 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP01.1 (Version: 23.111.2 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer Player 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP01.1 (Version: 15.1.0044 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP01.1 x64 Edition (Version: 23.11.2 - Dassault Systemes SolidWorks Corp) Hidden
Stay Connected (HKLM-x32\...\StayConnected) (Version: 2.1.1.324 - Telenor)
Stay Connected (x32 Version: 2.1.1.324 - Emotum Pty. Ltd.) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Telenor Sweden Software Update Service (x32 Version: 1.0.3.123 - Telenor Sweden) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Hewlett-Packard Development Company, L.P. HP Mobile Data Protection Sensor (02/26/2013 6.0.5.1) (HKLM\...\0CBD0BD267F8698191082DC9246612D35DB83232) (Version: 02/26/2013 6.0.5.1 - Hewlett-Packard Development Company, L.P.)
Windows Driver Package - Realtek Semiconduct Corp. (RTSPER) MTD  (12/20/2013 6.3.9600.21245) (HKLM\...\211F31EEA7D7C573DBEB0DA809E8938B169D26F8) (Version: 12/20/2013 6.3.9600.21245 - Realtek Semiconduct Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 6.8.2) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1952045502-1362136182-510965784-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C6E1620-B4DE-43CD-9C02-415671381780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {238908BE-4C55-43FD-94AF-04BCF7AD0389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-25] (Hewlett-Packard Company)
Task: {2F972427-523B-41B1-8FE2-CE101F7B0737} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {31E4F653-DEB2-48B7-99E4-418FE6D35FFF} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {34A5814F-52A0-4DAF-AA6E-9FAD4C9CDE81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {3AE73733-3EB9-464F-A1B0-74B5A9EA2A7F} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {5C1571F3-0D0D-4ABF-B7AC-5CB1DA1135A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {638C7376-1F77-44CF-A05E-290AAD57FC54} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {6A9EA775-4081-41BD-BB64-C359BB7CA7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {6F084298-7E31-4076-AE55-1CCD1B228827} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {76858884-5641-45B1-BB5D-2217AFF450BE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {7D24329C-158A-4F79-835E-ED8B9E86DE18} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {90F149F8-27DC-46E1-94DD-C7B49C8EBFDE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {9600102C-3AF9-4F72-A8EC-33803D4D1AE4} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-01-06] (PC Drivers Headquarters)
Task: {B46D710D-AEF0-4954-9E76-C2D5F8B84E55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BC02DDC4-9314-41E1-8754-15364A85A2D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {CFB346C8-343E-4707-9400-ED4F7498AC04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D78F1B19-B1D1-4371-94BE-7916C4BE52CB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {D9AAEE63-CF77-4B64-95DD-98F49688B11E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {E106FB3C-2CC5-44CF-928A-A7AE976C0D61} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-13] (AVAST Software)
Task: {EFE0DA00-DCB5-4AD4-BBA8-27A71706A356} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1952045502-1362136182-510965784-1001 => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-15] (Microsoft Corporation)
Task: {F0C70684-0FEE-41D9-B4AC-2B03EE2DF0A5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {F88B749C-CB95-4250-9068-5C4A2A855440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {FCB0372C-3A32-4C91-934F-5D29E1AD813B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-01 10:45 - 2015-07-01 10:45 - 00022528 _____ () C:\WINDOWS\System32\us005lm.dll
2014-09-24 18:20 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-27 14:40 - 2015-09-02 03:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-08 12:56 - 2016-02-08 12:56 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020701\algo.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-09 18:32 - 2016-02-09 18:32 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020804\algo.dll
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-12-13 11:13 - 2015-12-13 11:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\RazerCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdZnID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: becldr3Service => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: ESCSvc => 2
MSCONFIG\Services: ESUSClient_B2 => 2
MSCONFIG\Services: GoToAssist Remote Support Customer => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WsAppService => 3
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1952045502-1362136182-510965784-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{C244AB0A-F12C-4AEB-A436-48335980BDC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{63DFE80C-578D-47D9-BB0D-860BCC9E03B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{19F04507-D3F9-41D2-91A8-AEEA3E126D3E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A94CC178-BB98-48B5-9AB8-3D9A4E124C98}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FB45E8F3-E19F-4CA7-88EA-2E10F366F00F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8333C35-7228-4164-AF62-F4CA24FCB1A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EBDE2A1-B644-408D-826C-F989CE3442D9}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{6C8D3B42-E140-46CC-99D8-F43BDFECF5D0}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{B1659F75-98C4-4C13-9326-26231C65F658}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{F64962D0-51A6-4D02-A652-859CF8900544}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B37123E-209C-46F2-9F6E-D0D24031862E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ECFCB69B-B73C-435C-8B96-897A23C55E68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72969A91-9807-4063-A769-99D791C58519}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3A04985D-D2A7-44F0-BC9F-A9675682DC55}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCFDFD20-5A4E-4521-9095-4A0EEA4229D7}] => (Allow) LPort=2869
FirewallRules: [{DD3E877D-20C6-4E2E-A464-72C3985ADB3A}] => (Allow) LPort=1900
FirewallRules: [{5111B4FC-21C4-4C90-A811-1970AE4F0A0D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C20D69E8-AACE-4499-A0E9-2477FC859CF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-01-2016 10:05:53 Windows Update
30-01-2016 10:11:59 Windows Live Essentials
30-01-2016 10:12:09 Installed DirectX
30-01-2016 10:12:17 Installed DirectX
30-01-2016 10:12:26 Installed DirectX
31-01-2016 17:33:02 Checkpoint by HitmanPro
05-02-2016 10:11:46 Windows Update
08-02-2016 20:01:06 Revo Uninstaller Pro's restore point - HiDef Media Player 1.1.12
08-02-2016 20:12:26 Restore Point Created by FRST
09-02-2016 18:40:36 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2016 06:46:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:46:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:46:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:46:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:46:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/09/2016 06:33:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/09/2016 06:40:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/09/2016 06:33:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (02/09/2016 06:33:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/09/2016 06:17:43 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
Error: (02/09/2016 06:17:43 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
Error: (02/09/2016 06:17:43 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
Error: (02/08/2016 08:21:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (02/08/2016 08:16:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (02/08/2016 08:16:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (02/08/2016 08:13:58 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
 
CodeIntegrity:
===================================
  Date: 2016-01-24 17:57:04.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-24 17:49:47.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 16:13:28.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-21 18:31:17.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:17.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:16.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-12-21 18:31:15.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
  Date: 2015-11-19 17:45:43.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\SolidWorks Corp\SolidWorks\sldShellExtServer.exe that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8124.02 MB
Available physical RAM: 6496.65 MB
Total Virtual: 16316.02 MB
Available Virtual: 14683.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.62 GB) (Free:47.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 02AA02AA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: B8AAE178)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#14
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hmm, ok, there was this file present under the RogueKiller->Logs folder "RKreport_SCN_02082016_203006.json" But it's just a bunch of script rather than the log when opened with notepad. It wont open with RogueKiller.exe. Cannot attach the file here

Thank you. I can see the terminated process you were referring to from the first scan, and it's OK. 

 

Let's clean up those COMODO and Lavasoft remnants, as well as the items flagged by RogueKiller. Please let me know if you are still experiencing an issue with your browser. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
    C:\Program Files (x86)\speed browser
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk 
    C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} 
    S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [X]
    2016-02-09 18:41 - 2015-06-02 14:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2016-02-09 18:41 - 2015-06-02 14:48 - 00000000 ____D C:\ProgramData\Lavasoft
    2016-01-31 19:16 - 2015-06-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
    2016-01-24 15:42 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Comodo
    2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\COMODO
    2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\Program Files\COMODO
    Task: {0C6E1620-B4DE-43CD-9C02-415671381780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {2F972427-523B-41B1-8FE2-CE101F7B0737} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    Task: {B46D710D-AEF0-4954-9E76-C2D5F8B84E55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {CFB346C8-343E-4707-9400-ED4F7498AC04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    Task: {F88B749C-CB95-4250-9068-5C4A2A855440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
    AlternateDataStreams: C:\WINDOWS\system32\RazerCoinstaller.dll:$CmdTcID
    AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdTcID
    AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdZnID
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ESET Online Scan log
  • Are you still experiencing an issue with your browser? 

  • 0

#15
talkingtree

talkingtree

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
  • Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Owner (2016-02-10 20:32:17) Run:2
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & UpdatusUser & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
C:\Program Files (x86)\speed browser
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk 
C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} 
S4 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [X]
2016-02-09 18:41 - 2015-06-02 14:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-09 18:41 - 2015-06-02 14:48 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-31 19:16 - 2015-06-02 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2016-01-24 15:42 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 ____D C:\Users\Owner\AppData\Local\Comodo
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\ProgramData\COMODO
2016-01-11 22:06 - 2016-01-24 18:05 - 00000000 ____D C:\Program Files\COMODO
Task: {0C6E1620-B4DE-43CD-9C02-415671381780} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {2F972427-523B-41B1-8FE2-CE101F7B0737} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {B46D710D-AEF0-4954-9E76-C2D5F8B84E55} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {CFB346C8-343E-4707-9400-ED4F7498AC04} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {F88B749C-CB95-4250-9068-5C4A2A855440} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
AlternateDataStreams: C:\WINDOWS\system32\RazerCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdTcID
AlternateDataStreams: C:\Users\Owner\Downloads\filmora_setup_full1901.exe:$CmdZnID
EmptyTemp:
end
*****************
 
Restore point was successfully created.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk => moved successfully
"C:\Program Files (x86)\speed browser" => not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\speed browser.lnk => moved successfully
C:\ProgramData\{bd262e29-6a97-e316-bd26-62e296a9b8a5} => moved successfully
LavasoftTcpService => service removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\WINDOWS\System32\Tasks\COMODO => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo => moved successfully
C:\Users\Owner\AppData\Local\Comodo => moved successfully
C:\ProgramData\COMODO => moved successfully
C:\Program Files\COMODO => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C6E1620-B4DE-43CD-9C02-415671381780}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C6E1620-B4DE-43CD-9C02-415671381780}" => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F972427-523B-41B1-8FE2-CE101F7B0737}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F972427-523B-41B1-8FE2-CE101F7B0737}" => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46D710D-AEF0-4954-9E76-C2D5F8B84E55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46D710D-AEF0-4954-9E76-C2D5F8B84E55}" => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CFB346C8-343E-4707-9400-ED4F7498AC04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB346C8-343E-4707-9400-ED4F7498AC04}" => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F88B749C-CB95-4250-9068-5C4A2A855440}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F88B749C-CB95-4250-9068-5C4A2A855440}" => key removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => key removed successfully
C:\WINDOWS\system32\RazerCoinstaller.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Utilman.exe => ":$CmdTcID" ADS removed successfully.
"C:\Users\Owner\Downloads\filmora_setup_full1901.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Owner\Downloads\filmora_setup_full1901.exe" => ":$CmdZnID" ADS not found.
EmptyTemp: => 606.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:32:30 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP