Find log files attached.
kevsim
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Owner (administrator) on OWNER-PC (06-01-2016 06:25:26)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9174400 2015-12-29] (Emsisoft Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\MountPoints2: {14122047-2cc1-11e4-a924-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\MountPoints2: {64d7484b-2cc4-11e4-b3f2-806e6f6e6963} - notepad SeaToolsDOSguide.EN.txt
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\Run: [CustomwizKodi] => C:\Program Files (x86)\Customwiz For Kodi\Customwiz For Kodi\CustomwizKodi.exe [567808 2015-09-29] (Customwiz For Kodi)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-05] (AVAST Software)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk [2015-10-22]
ShortcutTarget: MailWasher.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe (Firetrust)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{224B95F3-1B0E-4840-BA00-57A57C2A2E59}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-au
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.news.com.au/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-26] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-26] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.news.com.au/
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\searchplugins\bing-.xml [2015-11-21]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\searchplugins\s-amazon-bymp.xml [2015-08-21]
FF Extension: Radio Online.FM - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\
[email protected] [2015-08-21]
FF Extension: Media Stealer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\
[email protected] [2015-10-20]
FF Extension: Flash and Video Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-23]
FF Extension: Bing Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\
[email protected] [2016-01-06] [not signed]
FF Extension: Bing Search - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\
[email protected] [2015-11-21]
FF Extension: Firebug - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\
[email protected] [2015-10-24]
FF Extension: Gmail Notifier (restartless) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\
[email protected] [2015-10-03]
FF Extension: Media Sniffer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\
[email protected] [2015-08-19]
FF Extension: Video DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-18]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lzk3bt23.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
CHR HKU\S-1-5-21-103068557-1708720007-3558950971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10830816 2015-12-29] (Emsisoft Ltd)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-05] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
===================== Drivers (Whitelisted) ==========================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-06 06:25 - 2016-01-06 06:25 - 00019630 _____ C:\Users\Owner\Desktop\FRST.txt
2016-01-06 06:25 - 2016-01-06 06:25 - 00000000 ____D C:\FRST
2016-01-06 06:24 - 2016-01-06 06:24 - 02370560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-01-06 06:04 - 2016-01-06 06:04 - 00001401 _____ C:\Users\Owner\Desktop\Junkware Removal Report.txt
2016-01-06 06:03 - 2016-01-06 06:03 - 00001401 _____ C:\Users\Owner\Desktop\JRT.txt
2016-01-06 05:50 - 2016-01-06 05:50 - 00000676 _____ C:\Users\Owner\Desktop\AdwCleaner[S12].txt
2016-01-05 19:55 - 2016-01-05 19:55 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-05 19:54 - 2016-01-05 19:54 - 01134936 _____ (Download Assistant) C:\Users\Owner\Downloads\firefox_setup.exe
2016-01-05 18:50 - 2016-01-06 06:07 - 00012288 _____ C:\Windows\system32\umstartup.etl
2016-01-05 18:50 - 2016-01-06 06:05 - 00027648 _____ C:\Windows\system32\umstartup000.etl
2016-01-05 15:16 - 2016-01-05 15:16 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-05 15:12 - 2016-01-05 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-05 15:11 - 2016-01-06 06:11 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-01-05 15:04 - 2016-01-05 15:11 - 207240200 _____ (Emsisoft Ltd. ) C:\Users\Owner\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-05 14:00 - 2016-01-05 14:00 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-05 13:58 - 2016-01-05 13:59 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Owner\Downloads\SpyHunter-Installer.exe
2016-01-05 12:39 - 2016-01-05 12:39 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-05 12:39 - 2016-01-05 12:39 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-05 12:36 - 2016-01-05 12:36 - 00679204 _____ C:\Users\Owner\Downloads\AIAS STUDENT HANDBOOK 23112015 V3(1).pdf
2016-01-05 12:34 - 2016-01-05 12:34 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(3).pdf
2016-01-05 12:34 - 2016-01-05 12:34 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(2).pdf
2016-01-05 12:34 - 2016-01-05 12:34 - 00160472 _____ C:\Users\Owner\Downloads\PSBA039MAY15-Identification-verification-by-a-prescribed-person.pdf
2016-01-05 12:33 - 2016-01-05 12:33 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(4).pdf
2016-01-05 12:33 - 2016-01-05 12:33 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD(2).pdf
2016-01-05 11:32 - 2016-01-05 11:32 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(3).pdf
2016-01-05 10:50 - 2016-01-05 10:50 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD.pdf
2016-01-05 10:50 - 2016-01-05 10:50 - 00340500 _____ C:\Users\Owner\Downloads\PSBA001MAY15-BC-Blue-card-application AIAS QLD(1).pdf
2016-01-05 10:46 - 2016-01-05 10:46 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(2).pdf
2016-01-05 10:46 - 2016-01-05 10:46 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015.pdf
2016-01-05 10:46 - 2016-01-05 10:46 - 00242518 _____ C:\Users\Owner\Downloads\Blue Card - Student Information Sheet - v3 - 26102015(1).pdf
2016-01-05 10:32 - 2016-01-05 10:32 - 00878144 _____ (NoVirusThanks Company Srl ) C:\Users\Owner\Downloads\zbot_remover_setup.exe
2016-01-04 20:33 - 2016-01-04 20:33 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL(1).pdf
2016-01-04 20:22 - 2016-01-04 20:23 - 00792025 _____ C:\Users\Owner\Downloads\VP Supervisor Guidelines_Host_Complimentary Medicine_28042015 - FINAL.pdf
2016-01-04 19:45 - 2016-01-04 19:45 - 01745920 _____ C:\Users\Owner\Downloads\adwcleaner_5.027(1).exe
2016-01-04 12:32 - 2016-01-04 12:33 - 00363396 _____ C:\Users\Owner\Desktop\Mail - SIMPSON Kevin - Outlook.htm
2016-01-04 12:32 - 2016-01-04 12:33 - 00000000 ____D C:\Users\Owner\Desktop\Mail - SIMPSON Kevin - Outlook_files
2016-01-04 11:51 - 2016-01-04 11:51 - 00586731 _____ C:\Users\Owner\Downloads\IRIS_Beginner_1.pdf
2016-01-04 11:51 - 2016-01-04 11:51 - 00586731 _____ C:\Users\Owner\Downloads\IRIS_Beginner_1(1).pdf
2016-01-04 11:22 - 2016-01-04 11:30 - 00000000 ____D C:\Users\Owner\Desktop\Te
2016-01-04 11:21 - 2016-01-04 11:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\XnConvert
2016-01-04 11:19 - 2016-01-04 11:20 - 20285571 _____ (Gougelet Pierre-e ) C:\Users\Owner\Downloads\XnConvert-win-x64.exe
2016-01-04 11:04 - 2016-01-04 12:25 - 00000000 ____D C:\Users\Owner\Desktop\Iris
2016-01-04 10:51 - 2016-01-04 10:51 - 00000959 _____ C:\Windows\ODBCINST.INI
2016-01-04 10:51 - 2016-01-04 10:51 - 00000000 ____D C:\AIGAL
2016-01-04 10:51 - 1999-06-02 18:55 - 00074000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrclr40.dll
2016-01-04 10:51 - 1999-06-02 18:55 - 00028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrecr40.dll
2016-01-04 09:40 - 2016-01-04 09:41 - 23873160 _____ (AIGALIRIS.COM ) C:\Users\Owner\Downloads\AIGAL.exe
2016-01-04 09:09 - 2016-01-04 09:09 - 02643144 _____ C:\Users\Owner\Downloads\Free+printable+iridology(1).zip
2016-01-04 09:07 - 2016-01-04 09:07 - 00218534 _____ C:\Users\Owner\Downloads\Iridology_Study_of_Eyes_to_Diagnoses_Health_Problems_2010.pdf
2016-01-04 09:02 - 2016-01-04 09:02 - 02673152 _____ C:\Users\Owner\Downloads\Free+printable+iridology.zip
2016-01-04 08:37 - 2016-01-04 08:37 - 00273563 _____ C:\Users\Owner\Downloads\Note.76.pdf
2016-01-03 19:23 - 2016-01-03 19:23 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Kodi
2016-01-03 19:19 - 2016-01-03 19:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-01-03 19:18 - 2016-01-03 19:19 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-01-03 14:34 - 2016-01-03 14:36 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(3).exe
2016-01-02 08:32 - 2016-01-02 08:32 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(5).pdf
2016-01-02 08:29 - 2016-01-02 08:29 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(4).pdf
2016-01-02 08:29 - 2016-01-02 08:29 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(3).pdf
2016-01-01 15:40 - 2016-01-01 15:40 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(2).pdf
2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide.pdf
2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide(2).pdf
2016-01-01 15:37 - 2016-01-01 15:37 - 00297146 _____ C:\Users\Owner\Downloads\Chemistry Subject Guide(1).pdf
2016-01-01 15:24 - 2016-01-01 15:24 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(4).pdf
2016-01-01 15:23 - 2016-01-01 15:23 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(3).pdf
2016-01-01 14:44 - 2016-01-01 14:45 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(2).exe
2016-01-01 14:38 - 2016-01-01 14:38 - 03537032 _____ C:\Users\Owner\Downloads\plugin.video.phstreams-2.7.4.zip
2016-01-01 09:37 - 2016-01-01 09:37 - 00019893 _____ C:\Users\Owner\Downloads\integrated-iridology-textbook-by-toni-miller-joyfullivingservices-com-pdf-book.pdf
2016-01-01 08:49 - 2016-01-01 08:49 - 03404855 _____ C:\Users\Owner\Downloads\020164.iridology.sharan.pdf
2016-01-01 08:45 - 2016-01-01 08:45 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2015-12-31 11:29 - 2015-12-31 11:29 - 00000000 ____D C:\ProgramData\Skype
2015-12-31 11:29 - 2015-12-31 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-31 11:27 - 2015-12-31 11:28 - 46863488 _____ (Skype Technologies S.A.) C:\Users\Owner\Downloads\SkypeSetupFull.exe
2015-12-31 08:49 - 2015-12-31 08:49 - 00500159 _____ C:\Users\Owner\Downloads\SUNTUF-Corro-installation.pdf
2015-12-30 07:28 - 2015-12-30 07:28 - 02950353 _____ C:\Users\Owner\Downloads\slaves_fatwa.pdf
2015-12-29 19:49 - 2015-12-29 19:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software
2015-12-29 19:49 - 2015-12-29 19:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Opera Software
2015-12-29 19:48 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\pendis
2015-12-29 19:44 - 2015-12-29 20:19 - 00000000 ____D C:\Users\Owner\Desktop\New folder (3)
2015-12-29 12:38 - 2015-12-29 12:38 - 00000000 ____D C:\Users\Owner\Desktop\New folder (2)
2015-12-29 12:21 - 2015-12-29 12:22 - 55516683 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard-x86_64.dmg
2015-12-29 09:01 - 2015-12-29 09:01 - 00000000 ____D C:\Users\Owner\Tracing
2015-12-29 08:41 - 2016-01-06 06:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2015-12-29 08:40 - 2015-12-31 11:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-29 08:33 - 2015-12-29 08:33 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6(2).pdf
2015-12-29 08:31 - 2015-12-29 08:31 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(6).pdf
2015-12-29 08:27 - 2015-12-29 08:27 - 00519706 _____ C:\Users\Owner\Downloads\Iridology – IR(1).pdf
2015-12-29 08:19 - 2015-12-29 08:19 - 00287655 _____ C:\Users\Owner\Downloads\MT1.pdf
2015-12-29 08:18 - 2015-12-29 08:18 - 00368357 _____ C:\Users\Owner\Downloads\Assessment Task 3 Written Responses (MT1).pdf
2015-12-29 08:17 - 2015-12-29 08:17 - 00437805 _____ C:\Users\Owner\Downloads\Assessment Task 2 Fully Body Massage Online Study Mode (MT1).pdf
2015-12-29 08:17 - 2015-12-29 08:17 - 00437805 _____ C:\Users\Owner\Downloads\Assessment Task 2 Fully Body Massage Online Study Mode (MT1)(1).pdf
2015-12-29 08:03 - 2015-12-29 08:03 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(2).pdf
2015-12-29 07:59 - 2015-12-29 07:59 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide.pdf
2015-12-29 07:59 - 2015-12-29 07:59 - 00309807 _____ C:\Users\Owner\Downloads\Massage Therapy 1 - Subject Guide(1).pdf
2015-12-29 07:51 - 2015-12-29 07:52 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(5).pdf
2015-12-29 07:49 - 2015-12-29 07:49 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6(1).pdf
2015-12-29 07:48 - 2015-12-29 07:48 - 00519706 _____ C:\Users\Owner\Downloads\Iridology – IR.pdf
2015-12-29 07:47 - 2015-12-29 07:47 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide(1).pdf
2015-12-29 07:45 - 2015-12-29 07:45 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(4).pdf
2015-12-29 07:21 - 2015-12-29 07:23 - 107374644 _____ C:\Users\Owner\Downloads\635738785218712088_6221374.mp4
2015-12-28 16:18 - 2015-12-28 16:18 - 23622883 _____ C:\Users\Owner\Downloads\Seas0nPass-win.zip
2015-12-28 12:36 - 2015-12-28 12:36 - 02973710 _____ C:\Users\Owner\Downloads\MoboMarket(1).apk
2015-12-28 12:35 - 2015-12-28 12:35 - 02973710 _____ C:\Users\Owner\Downloads\MoboMarket.apk
2015-12-28 10:24 - 2015-12-29 20:19 - 00000000 ____D C:\Program Files\iTunes
2015-12-28 10:24 - 2015-12-29 13:18 - 00000000 ____D C:\Program Files\iPod
2015-12-28 10:24 - 2015-12-29 13:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-28 10:14 - 2015-12-31 11:38 - 00000000 ____D C:\Users\Owner\Documents\Mobo
2015-12-28 10:14 - 2015-12-28 10:14 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-28 10:14 - 2015-12-28 10:14 - 00000000 ____D C:\MoboUserData
2015-12-28 10:13 - 2015-12-31 11:38 - 00000000 ____D C:\Program Files (x86)\Mobo
2015-12-28 09:38 - 2015-12-28 10:24 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-12-28 09:07 - 2015-12-28 09:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-12-27 13:55 - 2015-12-27 13:55 - 01892936 _____ C:\Users\Owner\Downloads\MoboMarketV1.1.1.apk
2015-12-27 12:37 - 2015-12-27 12:37 - 01323810 _____ C:\Users\Owner\Downloads\apple_tv_3rd_gen_setup.pdf
2015-12-27 10:27 - 2015-12-27 10:27 - 00054543 _____ C:\Users\Owner\Downloads\wireless-add-7.pdf
2015-12-27 10:27 - 2015-12-27 10:27 - 00054543 _____ C:\Users\Owner\Downloads\wireless-add-7(1).pdf
2015-12-27 10:16 - 2015-12-29 10:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2015-12-27 10:16 - 2015-12-27 10:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2015-12-27 10:15 - 2015-12-28 14:54 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-27 10:15 - 2015-12-28 14:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-27 10:15 - 2015-12-27 10:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-27 10:15 - 2015-12-27 10:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple
2015-12-27 10:14 - 2015-12-28 14:53 - 00000000 ____D C:\ProgramData\Apple
2015-12-27 10:14 - 2015-12-28 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-27 10:14 - 2015-12-27 10:14 - 00000000 ____D C:\Program Files\Bonjour
2015-12-27 10:14 - 2015-12-27 10:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-27 10:10 - 2015-12-27 10:13 - 167583000 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes6464Setup(1).exe
2015-12-27 10:00 - 2015-12-27 10:04 - 167583000 _____ (Apple Inc.) C:\Users\Owner\Downloads\iTunes6464Setup.exe.part
2015-12-27 09:06 - 2015-12-27 09:06 - 01211614 _____ C:\Users\Owner\Downloads\Stormwater_pit_installation_guide_Humes_02.pdf
2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L3 MT1(1).pdf
2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L2 MT1(1).pdf
2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L11 MT1(3).pdf
2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L11 MT1(1).pdf
2015-12-24 13:40 - 2015-12-24 13:40 - 00021287 _____ C:\Users\Owner\Downloads\L10 MT1(1).pdf
2015-12-24 12:47 - 2015-12-24 12:47 - 00449532 _____ C:\Users\Owner\Downloads\Assessment Task 1 Back Sequence Online Mode (MT1)(1).pdf
2015-12-24 10:53 - 2015-12-24 10:53 - 00709260 _____ C:\Users\Owner\Downloads\L11 MT1(2).pdf
2015-12-24 09:46 - 2015-12-24 09:46 - 01704830 _____ C:\Users\Owner\Downloads\APA Referencing Guide.pdf
2015-12-24 09:43 - 2015-12-24 09:43 - 00556694 _____ C:\Users\Owner\Downloads\AIAS Student Information Handout_VET_141.pdf
2015-12-24 09:42 - 2015-12-24 09:42 - 00068553 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT61012_Adv_Dip_Nutritional Medicine_2014_v2.pdf
2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2.pdf
2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2(2).pdf
2015-12-24 09:39 - 2015-12-24 09:39 - 00065973 _____ C:\Users\Owner\Downloads\AIAS_OoC_HLT60512_Adv_Dip_Naturopathy_2014_v2(1).pdf
2015-12-24 09:17 - 2015-12-24 09:17 - 00975003 _____ C:\Users\Owner\Downloads\Lesson 1. Introduction to Iridology and the Eye.pdf
2015-12-24 09:01 - 2015-12-24 09:01 - 00300881 _____ C:\Users\Owner\Downloads\Iridology Subject Guide.pdf
2015-12-24 08:57 - 2015-12-24 08:57 - 00679204 _____ C:\Users\Owner\Downloads\AIAS STUDENT HANDBOOK 23112015 V3.pdf
2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne.pdf
2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne(2).pdf
2015-12-24 08:56 - 2015-12-24 08:56 - 00033712 _____ C:\Users\Owner\Downloads\2016 T1 Adv Dip NAT Melbourne(1).pdf
2015-12-24 08:49 - 2015-12-24 08:49 - 00297643 _____ C:\Users\Owner\Downloads\Biochemistry - Subject Guide.pdf
2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(3).pdf
2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(2).pdf
2015-12-24 08:43 - 2015-12-24 08:43 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology(1).pdf
2015-12-24 08:39 - 2015-12-24 08:39 - 01112357 _____ C:\Users\Owner\Downloads\Iridology Case Study Assessment 1-6.pdf
2015-12-24 08:37 - 2015-12-24 08:37 - 00458262 _____ C:\Users\Owner\Downloads\Practical Observation Checklist Iridology.pdf
2015-12-23 12:16 - 2015-12-23 12:17 - 00000174 _____ C:\Users\Owner\Desktop\Seeing is believing.url
2015-12-21 08:28 - 2015-11-06 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-21 08:28 - 2015-11-06 05:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-21 08:28 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-12-21 08:28 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-12-21 08:28 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-12-21 08:28 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-12-21 08:28 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-12-21 08:28 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-12-21 08:28 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-12-21 08:28 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-12-21 08:28 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-12-21 08:28 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-12-21 08:28 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-12-21 08:28 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-12-21 08:27 - 2015-11-21 04:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-21 08:27 - 2015-11-21 04:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-21 08:27 - 2015-11-21 04:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-21 08:27 - 2015-11-21 04:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-21 08:27 - 2015-11-21 04:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-21 08:27 - 2015-11-21 04:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-21 08:27 - 2015-11-21 04:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-21 08:27 - 2015-11-21 04:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-21 08:27 - 2015-11-21 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-21 08:27 - 2015-11-11 04:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-21 08:27 - 2015-11-11 04:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-21 08:27 - 2015-11-11 04:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-21 08:27 - 2015-11-11 04:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-21 08:27 - 2015-11-11 04:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-21 08:27 - 2015-11-11 03:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-21 08:27 - 2015-11-06 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-21 08:27 - 2015-11-06 05:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-21 08:27 - 2015-11-05 19:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-21 08:27 - 2015-11-04 05:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-21 08:27 - 2015-11-04 04:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-21 08:27 - 2015-09-19 05:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-12-21 08:27 - 2015-09-19 05:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-12-21 08:27 - 2015-09-19 05:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-12-21 08:27 - 2015-09-19 05:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-12-21 08:27 - 2015-09-19 05:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-12-21 08:27 - 2015-09-19 05:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-12-21 08:27 - 2015-09-19 05:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-12-21 08:27 - 2015-07-10 03:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-12-21 08:27 - 2015-07-10 03:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-12-21 08:27 - 2015-07-10 03:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-12-21 08:27 - 2015-07-10 03:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-12-21 08:27 - 2015-06-04 06:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-12-21 08:27 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-12-21 08:27 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-12-21 08:27 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-12-21 08:27 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-12-21 08:27 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-12-21 08:27 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-12-21 08:27 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-12-21 08:27 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-12-21 08:26 - 2015-11-12 07:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-21 08:26 - 2015-11-12 06:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-21 08:26 - 2015-11-12 04:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-21 08:26 - 2015-11-12 04:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-21 08:26 - 2015-11-12 04:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-21 08:26 - 2015-11-12 04:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-21 08:26 - 2015-11-12 02:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-21 08:26 - 2015-11-12 01:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-21 08:26 - 2015-11-12 01:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-21 08:26 - 2015-11-12 01:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-21 08:26 - 2015-11-12 01:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-21 08:26 - 2015-11-12 00:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-21 08:26 - 2015-11-10 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-21 08:26 - 2015-11-10 10:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-21 08:26 - 2015-11-10 10:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-21 08:26 - 2015-11-10 10:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-21 08:26 - 2015-11-10 10:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-21 08:26 - 2015-11-10 10:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-21 08:26 - 2015-11-10 10:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-21 08:26 - 2015-11-10 10:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-21 08:26 - 2015-11-10 10:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-21 08:26 - 2015-11-10 10:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-21 08:26 - 2015-11-10 10:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-21 08:26 - 2015-11-10 10:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-21 08:26 - 2015-11-10 10:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-21 08:26 - 2015-11-10 09:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-21 08:26 - 2015-11-10 09:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-21 08:26 - 2015-11-10 09:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-21 08:26 - 2015-11-10 09:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-21 08:26 - 2015-11-10 09:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-21 08:26 - 2015-11-10 09:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-21 08:26 - 2015-11-10 09:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-21 08:26 - 2015-11-10 09:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-21 08:26 - 2015-11-10 09:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-21 08:26 - 2015-11-10 09:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-21 08:26 - 2015-11-10 09:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-21 08:26 - 2015-11-09 08:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-21 08:26 - 2015-11-09 08:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-21 08:26 - 2015-11-09 08:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-21 08:26 - 2015-11-09 08:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-21 08:26 - 2015-11-09 08:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-21 08:26 - 2015-11-09 08:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-21 08:26 - 2015-11-09 08:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-21 08:26 - 2015-11-09 08:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-21 08:26 - 2015-11-09 08:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-21 08:26 - 2015-11-09 08:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-21 08:26 - 2015-11-09 08:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-21 08:26 - 2015-11-09 08:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-21 08:26 - 2015-11-09 08:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-21 08:26 - 2015-11-09 08:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-21 08:26 - 2015-11-09 07:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-21 08:26 - 2015-11-09 07:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-21 08:26 - 2015-11-09 07:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-21 08:26 - 2015-11-09 07:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-21 08:26 - 2015-11-09 07:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-21 08:26 - 2015-11-09 07:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-21 08:26 - 2015-11-09 07:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-21 08:26 - 2015-11-09 07:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-21 08:26 - 2015-11-09 07:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-21 08:26 - 2015-11-09 07:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-21 08:26 - 2015-11-09 07:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-21 08:26 - 2015-11-09 06:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-21 08:26 - 2015-11-09 06:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-21 08:26 - 2015-11-09 06:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-21 08:26 - 2015-10-30 03:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-12-21 08:26 - 2015-10-30 03:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-12-21 08:26 - 2015-10-30 03:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-12-21 08:26 - 2015-10-30 03:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-12-21 08:26 - 2015-10-30 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-12-21 08:26 - 2015-10-30 03:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-12-21 08:26 - 2015-10-30 03:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-12-21 08:26 - 2015-08-28 04:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-12-21 08:26 - 2015-08-28 04:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-12-21 08:26 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-12-21 08:26 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-12-21 08:26 - 2015-08-28 03:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-12-21 08:26 - 2015-08-28 03:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-12-21 08:26 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-12-21 08:26 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-12-21 08:26 - 2015-07-23 10:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-12-21 08:26 - 2015-07-23 10:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-21 08:26 - 2015-07-23 10:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-21 08:26 - 2015-07-23 03:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-12-21 08:26 - 2015-07-23 03:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-12-21 08:26 - 2015-07-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-21 08:26 - 2015-07-18 23:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-21 08:26 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-12-21 08:26 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-12-21 08:26 - 2015-07-10 03:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-12-21 08:26 - 2015-06-25 20:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-12-21 08:26 - 2015-06-25 20:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-21 08:26 - 2015-06-25 20:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-12-21 08:26 - 2015-06-25 19:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-21 08:26 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-12-21 08:25 - 2015-11-12 02:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-21 08:25 - 2015-11-09 08:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-21 08:25 - 2015-11-09 08:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-21 08:25 - 2015-11-09 07:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-21 08:24 - 2015-12-21 08:25 - 00000000 ____D C:\Users\Owner\Desktop\Sample Kodi
2015-12-21 08:24 - 2015-11-04 05:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-21 08:24 - 2015-11-04 04:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles.pdf
2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles(2).pdf
2015-12-20 19:46 - 2015-12-20 19:46 - 01119249 _____ C:\Users\Owner\Downloads\face_tongue_muscles(1).pdf
2015-12-20 19:23 - 2015-12-20 19:23 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl(2).exe
2015-12-20 19:20 - 2015-12-20 19:21 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl(1).exe
2015-12-20 19:16 - 2015-12-20 19:16 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-20 19:14 - 2015-12-20 19:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2015-12-20 19:13 - 2015-12-20 19:14 - 31037288 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-idcrl.exe
2015-12-20 13:23 - 2015-12-20 13:23 - 00000133 _____ C:\Users\Owner\Desktop\Mirror kodi.url
2015-12-20 13:07 - 2015-12-20 13:08 - 00000133 _____ C:\Users\Owner\Desktop\Kodi Setup.url
2015-12-20 10:18 - 2015-12-20 10:20 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard(1).exe
2015-12-20 09:49 - 2015-12-20 09:49 - 00000020 _____ C:\Users\Owner\AppData\Roaming\explorersys.txt
2015-12-20 09:49 - 2015-12-20 09:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Customwiz For Kodi
2015-12-20 09:49 - 2015-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Customwiz For Kodi
2015-12-20 09:48 - 2015-12-20 09:48 - 01374720 _____ C:\Users\Owner\Downloads\Customwiz For Kodi.msi
2015-12-19 14:00 - 2015-12-19 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-12-19 13:45 - 2015-12-19 13:45 - 00000000 ____D C:\Program Files (x86)\Vitzo
2015-12-19 13:44 - 2015-12-19 13:44 - 01984712 _____ C:\Users\Owner\Downloads\FreeYouTubeDownloader.exe
2015-12-19 13:44 - 2015-12-19 13:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftCDN
2015-12-18 12:27 - 2015-12-18 12:27 - 00704762 _____ C:\Users\Owner\Downloads\MediaBrowser.Kodi-master.zip
2015-12-18 11:34 - 2015-12-18 11:35 - 66591701 _____ C:\Users\Owner\Downloads\kodi-15.2-Isengard.exe
2015-12-18 09:53 - 2015-12-18 09:53 - 00583627 _____ C:\Users\Owner\Downloads\aoa08-c06.pdf
2015-12-18 09:20 - 2015-12-18 09:21 - 09911138 _____ C:\Users\Owner\Downloads\Chapter 8B.pdf
2015-12-17 13:57 - 2015-12-17 14:00 - 10405677 _____ C:\Users\Owner\Downloads\ankle-muscles.pdf
2015-12-17 05:29 - 2015-12-17 05:29 - 00871136 _____ C:\Users\Owner\Downloads\InTech-Muscular_performance_assessment_of_trunk_extensors_a_critical_appraisal_of_the_literature.pdf
2015-12-17 05:29 - 2015-12-17 05:29 - 00871136 _____ C:\Users\Owner\Downloads\InTech-Muscular_performance_assessment_of_trunk_extensors_a_critical_appraisal_of_the_literature(1).pdf
2015-12-16 12:54 - 2015-12-16 12:55 - 55109304 _____ C:\Users\Owner\Downloads\tvmc-14.2-helix.apk
2015-12-16 11:49 - 2015-12-16 11:53 - 00000000 ____D C:\Users\Owner\Desktop\Files from USB drive
2015-12-16 07:57 - 2015-12-16 07:57 - 00000000 ____D C:\Users\Owner\Desktop\Heart
2015-12-15 07:58 - 2015-12-15 07:58 - 01446327 _____ C:\Users\Owner\Downloads\Circulation Research-1991-Lew-1139-45.pdf
2015-12-14 13:25 - 2015-12-20 19:20 - 00013312 _____ C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-14 08:05 - 2015-12-14 08:05 - 00426196 _____ C:\Users\Owner\Downloads\Digital TV Reception - Panasonic.pdf
2015-12-14 08:05 - 2015-12-14 08:05 - 00426196 _____ C:\Users\Owner\Downloads\Digital TV Reception - Panasonic(1).pdf
2015-12-13 20:06 - 2015-12-13 20:06 - 01480562 _____ C:\Users\Owner\Downloads\3-17-08 Whitehill.pdf
2015-12-13 20:03 - 2015-12-13 20:03 - 00107601 _____ C:\Users\Owner\Downloads\Blood-Clotting.pdf
2015-12-12 19:25 - 2015-12-12 19:25 - 00089078 _____ C:\Users\Owner\Downloads\roi-factsheet-your-medical-record.pdf
2015-12-12 19:21 - 2015-12-12 19:21 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf(2).pdf
2015-12-12 19:15 - 2015-12-12 19:16 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf(1).pdf
2015-12-12 19:15 - 2015-12-12 19:15 - 01876962 _____ C:\Users\Owner\Downloads\medical recordsoptpdf.pdf
2015-12-12 19:03 - 2015-12-12 19:06 - 136977018 _____ C:\Users\Owner\Downloads\catalyst_15_16_21.mp4
2015-12-12 13:05 - 2015-12-12 13:05 - 00999305 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 6(2).pdf
2015-12-12 12:42 - 2015-12-12 12:42 - 00148298 _____ C:\Users\Owner\Downloads\ReviewSheet10a.pdf
2015-12-12 11:40 - 2015-12-12 11:40 - 00595608 _____ C:\Users\Owner\Downloads\chapter-3-pp-text-notes.pdf
2015-12-12 09:36 - 2015-12-12 09:36 - 00615098 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 8(1).pdf
2015-12-12 09:36 - 2015-12-12 09:36 - 00521549 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy lesson 9.pdf
2015-12-12 09:28 - 2015-12-12 09:28 - 00155240 _____ C:\Users\Owner\Downloads\pestmanagement.pdf
2015-12-12 09:28 - 2015-12-12 09:28 - 00155240 _____ C:\Users\Owner\Downloads\pestmanagement(1).pdf
2015-12-12 08:57 - 2015-12-12 08:57 - 01223110 _____ C:\Users\Owner\Downloads\Lemon Balm Guide.pdf
2015-12-10 07:56 - 2015-12-10 07:56 - 00286713 _____ C:\Users\Owner\Downloads\Anatomy and Physiology 2(9).pdf
2015-12-10 07:56 - 2015-12-10 07:56 - 00286713 _____ C:\Users\Owner\Downloads\Anatomy and Physiology 2(10).pdf
2015-12-10 07:54 - 2015-12-10 07:54 - 00286928 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy(5).pdf
2015-12-10 07:54 - 2015-12-10 07:54 - 00286928 _____ C:\Users\Owner\Downloads\Musculoskeletal Anatomy(4).pdf
2015-12-09 09:09 - 2015-12-09 09:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\VDownloader
2015-12-09 09:09 - 2015-12-09 09:09 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\VDownloader
2015-12-09 09:08 - 2015-12-09 11:01 - 00000000 ____D C:\Users\Owner\AppData\Local\VDownloader
2015-12-09 09:08 - 2015-12-09 09:09 - 00000000 ____D C:\Program Files\VDownloader
2015-12-09 09:08 - 2015-12-09 09:08 - 21366572 _____ (Vitzo Limited ) C:\Users\Owner\Downloads\VDownloaderSetup.exe
2015-12-09 09:08 - 2015-12-09 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
2015-12-09 09:08 - 2015-08-27 15:48 - 00444283 _____ C:\Program Files\Common Files\WinPcapNmap.exe
2015-12-09 09:04 - 2015-12-09 09:04 - 01167360 _____ (Vitzo Limited) C:\Users\Owner\Downloads\VDownloader4OC.exe
2015-12-09 09:01 - 2015-12-09 09:01 - 00617888 _____ (33download.com ) C:\Users\Owner\Downloads\VDFree_soft.exe
2015-12-09 08:17 - 2015-12-09 08:18 - 13916540 _____ (HOW Inc. ) C:\Users\Owner\Downloads\FYTDSetup (2).exe
2015-12-09 08:17 - 2015-12-09 08:17 - 01180672 _____ (How, Inc) C:\Users\Owner\Downloads\FYTD_Setup_2(2).exe
2015-12-08 15:38 - 2015-12-08 15:38 - 00923994 _____ C:\Users\Owner\Downloads\raven06_57.pdf
2015-12-08 15:38 - 2015-12-08 15:38 - 00923994 _____ C:\Users\Owner\Downloads\raven06_57(1).pdf
2015-12-07 15:40 - 2015-12-07 15:42 - 106247336 _____ C:\Users\Owner\Downloads\catalyst_s14_ep14_pheremoneparty.mp4
2015-12-07 14:11 - 2015-12-07 14:11 - 05096022 _____ C:\Users\Owner\Downloads\Module-UpperLimb.pdf
2015-12-07 14:10 - 2015-12-07 14:10 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(3).pdf
2015-12-07 14:09 - 2015-12-07 14:09 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(2).pdf
2015-12-07 14:09 - 2015-12-07 14:09 - 02198266 _____ C:\Users\Owner\Downloads\Module-LowerLimb(1).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-06 06:25 - 2009-07-14 13:20 - 00000000 ____D C:\Windows
2016-01-06 06:17 - 2009-07-14 14:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 06:17 - 2009-07-14 14:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 06:16 - 2014-08-26 15:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-06 06:08 - 2014-08-26 15:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-06 06:07 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 06:04 - 2015-05-20 13:05 - 00000000 ___RD C:\Users\Owner\Desktop\Cleaners
2016-01-06 05:43 - 2015-05-20 13:08 - 00000000 ____D C:\AdwCleaner
2016-01-06 05:13 - 2009-07-14 15:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-05 20:52 - 2015-05-20 17:00 - 00000000 ___RD C:\Users\Owner\Desktop\Sound
2016-01-05 19:55 - 2015-11-04 08:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-05 19:37 - 2015-05-20 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 19:04 - 2015-05-22 20:10 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files
2016-01-05 15:22 - 2015-07-25 09:22 - 00000364 _____ C:\Windows\Tasks\AutoBeam.job
2016-01-05 13:52 - 2015-06-19 09:18 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-05 13:52 - 2015-06-13 08:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-05 12:40 - 2015-07-18 21:44 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-05 12:40 - 2015-07-18 21:44 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-05 12:39 - 2015-07-18 21:44 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-05 12:39 - 2015-07-18 20:21 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-04 19:52 - 2015-05-20 15:04 - 00000000 ____D C:\Users\Owner\Documents\My PSP8 Files
2016-01-04 19:40 - 2015-05-20 13:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 15:26 - 2015-05-20 14:37 - 00000000 ___RD C:\Users\Owner\Desktop\Graphics
2016-01-04 14:59 - 2015-06-04 11:21 - 00000000 ___RD C:\Users\Owner\Podcasts
2016-01-04 14:59 - 2014-08-26 11:38 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-04 14:56 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\schemas
2016-01-04 14:53 - 2014-08-26 11:37 - 00000000 ____D C:\Users\Owner
2016-01-04 10:51 - 2015-05-21 07:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-01-04 10:51 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-03 19:23 - 2015-05-22 10:59 - 00000000 ___RD C:\Users\Owner\Desktop\Applications
2016-01-03 19:16 - 2015-05-25 08:22 - 00000000 ___RD C:\Users\Owner\Desktop\Health Nutrition
2016-01-03 15:31 - 2009-07-14 15:13 - 00800420 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 15:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2015-12-29 20:19 - 2015-12-04 07:03 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-29 20:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2015-12-29 19:26 - 2015-10-25 08:09 - 00000000 ____D C:\Users\Owner\dwhelper
2015-12-28 15:28 - 2015-09-24 12:32 - 00000000 ____D C:\ProgramData\Apple Computer
2015-12-28 15:17 - 2015-07-30 15:30 - 00018432 _____ C:\Windows\system32\umstartup(16).etl
2015-12-28 14:54 - 2015-07-18 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-28 14:38 - 2011-04-12 18:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-28 10:59 - 2015-06-29 08:28 - 00000000 ____D C:\Users\Owner\.cache
2015-12-27 06:25 - 2015-07-30 15:30 - 00003072 _____ C:\Windows\system32\umstartup(75).etl
2015-12-22 18:25 - 2015-11-29 08:12 - 00000000 ____D C:\Users\Owner\Desktop\X For Printing
2015-12-22 08:54 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-12-21 18:57 - 2009-07-14 14:45 - 00354280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-21 18:55 - 2015-05-21 06:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-21 18:55 - 2014-08-26 14:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-21 09:55 - 2015-05-20 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-21 09:54 - 2015-05-20 11:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-21 09:54 - 2015-05-20 11:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-21 09:52 - 2014-08-26 11:51 - 00784286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-21 09:47 - 2014-08-26 14:43 - 00000000 ____D C:\Windows\system32\MRT
2015-12-21 09:43 - 2014-08-26 14:43 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-20 10:22 - 2015-11-29 08:13 - 00000000 ____D C:\Users\Owner\Desktop\X For sorting
2015-12-19 15:58 - 2015-05-20 13:14 - 00000000 ___RD C:\Users\Owner\Desktop\Video Tools
2015-12-16 05:06 - 2015-05-21 12:41 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-16 05:06 - 2015-05-21 12:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-14 12:57 - 2015-05-19 14:05 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2015-12-12 07:57 - 2015-06-14 14:51 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-12-08 11:23 - 2015-12-05 04:32 - 00000000 ____D C:\Users\Owner\Desktop\Freemake Joins
==================== Files in the root of some directories =======
2015-12-09 09:08 - 2015-08-27 15:48 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2015-06-12 12:22 - 2015-08-01 14:54 - 0000103 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2015-06-12 12:22 - 2015-08-01 14:54 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2015-06-12 12:22 - 2015-08-01 14:54 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2015-06-12 12:01 - 2015-08-01 15:46 - 0004536 _____ () C:\Users\Owner\AppData\Roaming\CamStudio.cfg
2015-12-20 09:49 - 2015-12-20 09:49 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\explorersys.txt
2015-09-25 11:53 - 2015-09-25 12:14 - 0000131 _____ () C:\Users\Owner\AppData\Roaming\GPACgpac_pl.m3u
2015-06-12 12:00 - 2015-08-01 14:51 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2015-12-14 13:25 - 2015-12-20 19:20 - 0013312 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-22 15:27 - 2015-07-25 14:27 - 0007597 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-08-26 11:46 - 2014-08-26 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-08-17 12:12 - 2015-08-17 12:12 - 0004154 _____ () C:\ProgramData\vczcspay.tpu
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 08:05
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Owner (2016-01-06 06:26:14)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-26 01:37:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-103068557-1708720007-3558950971-500 - Administrator - Disabled)
Guest (S-1-5-21-103068557-1708720007-3558950971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-103068557-1708720007-3558950971-1002 - Limited - Enabled)
Owner (S-1-5-21-103068557-1708720007-3558950971-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {9C1B43E7-A69A-E012-4F20-AD6C27446402}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {277AA203-80A0-EF9C-7590-961E5CC32EBF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.4.1795 - Open Media LLC)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.631.5823 - ABBYY) Hidden
Acrok HD Video Converter Ver 4.0.37.595 (HKLM-x32\...\{C5338CAA-5760-4A1C-9E8D-DA4D63085177}_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.0.12510 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version: - )
ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.13.0 - Asmedia Technology)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVerMedia A835 USB DVB-T 8.2.64.64 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 8.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.14 - AVerMedia Technologies, Inc.)
AVerTV 3D (x32 Version: 6.5.2.14 - AVerMedia Technologies, Inc.) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon DR-5010C Driver (HKLM-x32\...\{A9DB83DB-A9FD-11D0-BFD1-444553540000}) (Version: 1.11.11111.10001 - Canon Electronics)
CanoScan Toolbox Ver4.1 (HKLM-x32\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CLOX 2000 (HKLM-x32\...\ST5UNST #1) (Version: - )
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Cursor Attention (HKLM-x32\...\Cursor Attention) (Version: - )
Customwiz For Kodi (HKLM-x32\...\{16801E38-3E91-44A3-9049-DF5D34D037E9}) (Version: 45.45.45 - Customwiz For Kodi)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delete Doctor 2.3 (HKLM-x32\...\Delete Doctor) (Version: 2.3 - )
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
DuckCapture Standard 2.7 (HKLM-x32\...\DuckCapture_is1) (Version: 2.7 - DuckLink)
DVDFab Decrypter 2.9.2.2 (HKLM-x32\...\DVDFab Decrypter_is1) (Version: - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free Flash to MP4 Converter (2.3.2.1) (HKLM-x32\...\Free Flash to MP4 Converter_is1) (Version: 2.3.2.1 - Amazing Studio)
Free MP4 Video Converter version 5.0.63.913 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.63.913 - DVDVideoSoft Ltd.)
Free PDF Converter Utilities 8.6.4 (HKLM-x32\...\Free PDF Converter Utilities_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
Free PDF To PPT Converter (HKLM-x32\...\{F0712F9D-4B28-4AED-9AA5-BEE9B0B533D5}) (Version: 1.0.0 - Free PDF Solutions)
Free PDF to Word Converter 2.0 (HKLM-x32\...\Free PDF to Word Converter_is1) (Version: - Free-PDF-to-Word.com)
Free Video Capture 7.8.5 (HKLM-x32\...\Free Video Capture_is1) (Version: - SightFiesta Co., Ltd.)
Free Video Cutter Joiner 10.4 (HKLM-x32\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 10.4 - DVDVideoMedia, Inc.)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)
Free YouTube Download version 3.2.56.324 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
Free YouTube Downloader 4.1.448 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iWisoft Flash SWF to Video Converter 3.5 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Kodi (HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\Kodi) (Version: - XBMC-Foundation)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 1.0.568.0 - Logitech Europe S.A.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LP Ripper (HKLM-x32\...\LP Ripper) (Version: - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
MailWasher (HKLM-x32\...\{8D4426EF-E37B-4B1B-B061-546D7172C67D}) (Version: 7.5 - Firetrust)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manual CanoScan 3000,3000F (HKLM-x32\...\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}) (Version: - )
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-103068557-1708720007-3558950971-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Movavi Screen Capture Studio 6 (HKLM-x32\...\Movavi Screen Capture Studio 6) (Version: 6.3.0 - Movavi)
Moyea Free Flash Downloader version 1.4.0.0 (HKLM-x32\...\{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1) (Version: 1.4.0.0 - Moyea Software Co., LTD)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
MULTIFIT visualization tool (HKLM-x32\...\14AF7854-4BCC-4E9C-927A-849E36B82DDF) (Version: 1.7 - Multi Fit)
Multifit_Elearning (HKLM-x32\...\com.MultifitElearning) (Version: 1.9 - UNKNOWN)
Multifit_Elearning (x32 Version: 1.9 - UNKNOWN) Hidden
My MP4Box GUI 0.5.5.4 (HKLM\...\{470F4A33-DA87-4CF5-9E5A-42BD4F218B39}_is1) (Version: 0.5.5.4 - Matt Bodin)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nero 6 (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nero Media Player (HKLM-x32\...\NMPUninstallKey) (Version: - )
NeroVision Express 2 (HKLM-x32\...\NeroVision!UninstallKey) (Version: - )
Network Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Netg) (Version: - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Paragon Backup and Recovery™ 14 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PowerDVDPoint Lite (HKLM-x32\...\{C9CD97C8-AFED-447F-9663-24DD150A08E9}) (Version: 3.6.00 - DigitalOfficePro)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)
Recoveryfix for Outlook Evaluation ver 14.09 (HKLM-x32\...\Recoveryfix for Outlook Evaluation ver_is1) (Version: - Lepide Software Pvt.Ltd.)
Remo Repair Outlook [PST] (HKLM\...\{9F198151-82C8-4AE0-9290-4248B416BDF4}_is1) (Version: 3.0.0.11 - Remo Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Screen Recorder 1.0 (HKLM-x32\...\{4CEC58D7-3667-4C30-8AB1-13ED2A5487FA}_is1) (Version: 1.0.0.4 - hxxp://freerecorders.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TechUtilities (HKLM\...\TechUtilities_is1) (Version: 1.1.1.7 - Seven Servos Software Pvt Ltd.)
TEncoder Video Converter version 3.7.0 (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 3.7.0 - ozok)
TurboCAD Professional v6 (HKLM-x32\...\TurboCAD Professional v6) (Version: - )
TurboCAD v6 Symbols (HKLM-x32\...\TurboCAD v6 Symbols) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
User's Guide EPSON XP-200 Series (HKLM-x32\...\EPSON XP-200 Series Useg) (Version: - )
VDownloader 4.1.1650 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
Video Download Capture version 5.0.8 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.8 - APOWERSOFT LIMITED)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinX DVD Author 6.3.5 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
Wondershare Video Converter Ultimate(Build 8.1.3.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.1.3.0 - Wondershare Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.4 - Xvid Team)
YouTube Free Downloader 1.6.0.0 (HKLM-x32\...\YouTube Free Downloader_is1) (Version: 1.6.0.0 - AbyssMedia.com)
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 10.3 - Abelssoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-103068557-1708720007-3558950971-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14837160-8641-4FC8-8704-1054E3D24F56} - System32\Tasks\{F155F973-60F2-4C9A-92F2-2CB6649E3AC0} => pcalua.exe -a C:\Users\Owner\Desktop\swftools-0.9.0.exe -d C:\Users\Owner\Desktop
Task: {2C17A2BA-F809-433A-9D0B-7B024C944C32} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {37D38D12-3512-468B-B74C-AB1D175AB4F7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-05] (AVAST Software)
Task: {405F0640-8375-41A1-A7AD-3B1DBC5F3A57} - System32\Tasks\{61DB53B8-411F-4170-9B78-66551CEAC354} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)
Task: {40881B30-88D3-4C15-AE1F-937929D83132} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5A301AA5-1C4D-4A36-8043-5BE5A0A32BA8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {643C3088-5024-49C9-9CCA-16AE4D0BE962} - System32\Tasks\{6B920768-D4CE-4B48-B719-65B26164B307} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)
Task: {726BD754-BDF4-4036-B3BD-C07B6ECC7AC5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {7FB15E48-2D88-4CC3-8159-42D8DD9B346B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8407B92C-3DDF-4CE7-A93C-7F390D94F580} - \DNSBEECHER -> No File <==== ATTENTION
Task: {931CFBFE-4689-437C-BB07-B943000D2165} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-20] (Piriform Ltd)
Task: {A0ADEF3D-46E9-47E9-A304-769849B71686} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {BD14D4BA-476F-4E62-ACE3-45EE80DC0AB1} - System32\Tasks\AutoBeam => c:\programdata\{0ea02cd9-fb24-36c1-0ea0-02cd9fb2b367}\pdfescape free pdf editor.exe <==== ATTENTION
Task: {CB1F23FC-30D1-4628-BBCB-2CA5C9455908} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {CB7BB823-62A4-4D0E-8631-D51ABCE49ECD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {D2517DEB-6F86-40E4-BA59-4FCCD6E0BA79} - System32\Tasks\{38BF66B8-0000-4949-8462-C68637CE56AB} => C:\Program Files\CamStudio 2.7\Recorder.exe [2015-02-20] (CamStudio Group)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E82DF0E5-0EB2-4319-9A79-B42ECEB4B933} - System32\Tasks\{65BF7A87-0144-4BAB-BCFB-C51A446716E5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\Setup.exe"
Task: {F367B9D1-B2A0-4AAB-B7E4-99229D3B4EE4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {FFC676CD-567A-41DF-8E40-31699982A7D3} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe [2015-08-28] (Seven Servos Software, Pvt Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AutoBeam.job => c:\programdata\{0ea02cd9-fb24-36c1-0ea0-02cd9fb2b367}\pdfescape free pdf editor.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t1C:\Program Files\TechUtilities\TechUtilities.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-16 09:15 - 2015-09-02 02:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 14:44 - 2010-07-15 14:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-06-17 09:56 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-11-14 10:43 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2015-03-20 18:12 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-26 11:42 - 2013-05-07 17:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-08-14 09:41 - 2011-04-01 16:52 - 00403456 ____R () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2015-08-14 09:42 - 2012-10-17 17:24 - 00163840 ____R () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2015-05-21 12:34 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-26 11:47 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2016-01-05 12:39 - 2016-01-05 12:39 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-05 12:39 - 2016-01-05 12:39 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-06 04:45 - 2016-01-06 04:45 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010501\algo.dll
2016-01-05 12:39 - 2016-01-05 12:39 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-02-18 15:19 - 2015-02-18 15:19 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
2015-02-18 15:19 - 2015-02-18 15:19 - 04647424 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
2014-10-12 02:41 - 2014-10-12 02:41 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
2014-10-12 02:41 - 2014-10-12 02:41 - 00272384 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll
2014-08-26 11:42 - 2016-01-06 06:07 - 00028160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-08-26 11:42 - 2013-05-07 17:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-08-14 09:42 - 2012-06-09 20:33 - 00053248 ____R () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2015-06-13 08:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-13 08:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-13 08:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-13 08:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-13 08:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-05 12:39 - 2016-01-05 12:39 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-22 11:28 - 2015-10-22 11:28 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
2015-03-12 10:05 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4DF56F2E
AlternateDataStreams: C:\ProgramData\TEMP:E5A9D792
AlternateDataStreams: C:\ProgramData\TEMP:F169C698
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2016-01-04 11:21 - 00000967 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-103068557-1708720007-3558950971-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CursorAttention.lnk => C:\Windows\pss\CursorAttention.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus => "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun
MSCONFIG\startupreg: BingSvc => C:\Users\Owner\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: CustomwizKodi => C:\Program Files (x86)\Customwiz For Kodi\Customwiz For Kodi\CustomwizKodi.exe
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: FreeVideoDownloader => C:\Program Files (x86)\33download.com\Free Video Downloader\FreeVideoDownloader.exe
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: PicPick Start => "C:\Program Files (x86)\PicPick\picpick.exe" /startup
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader4.exe" /silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DD2F89EC-C489-4A7D-8390-7D2B7CF6A539}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{D9428D1E-A1CF-461E-871C-6D1C39FAC9C7}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{FF7FB93B-B27B-445B-9A2A-4A41B34FA3E2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D292585E-371D-4524-9B5D-BA187F865E44}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{8555A467-C1BC-42A0-ABB4-21162E515C5C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3837B596-0F7E-4F2F-B11D-69D1E95435AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B63AD94F-D970-42A9-8218-14AE7C915B4D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{05DBD726-9FB8-46EB-B9CA-E4108BA92022}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{72440CCC-5E29-4E14-9C02-E066CCB7A69B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{DF47B85B-233B-4ED2-A0F7-D9CB3BAD6833}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{9C6ABA63-E0E6-473A-851E-73C985AE2B60}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{D53F1F8C-3E9C-481A-8CB2-CB639113ABA8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{F04BB80C-029B-4A03-A906-7C33D7E87647}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{4634CD24-150C-4664-8899-4C5699EC1B71}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{04BF6590-4DDF-47BF-A55A-EB13656DA90D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{667A7A05-7CCE-4BB8-80D1-19B37266E742}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{6FE81F43-1DE4-4B31-B1C2-7B0B8491C52C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{06BB9ADB-79F5-4F11-BFB7-68015EC31FAC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{F60C4E43-F7D1-493F-80CB-76B465490397}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{6DEE0F71-8B8D-4D11-90F1-D3799334F10A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{349389FC-F879-4F8D-9273-7090E5957CDC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{5C139F52-DE7F-4C73-9B0D-8C84A59B0C97}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{127F9465-B9BA-47F8-BE87-689C170D1B45}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{DBAF86E5-A293-422D-8CEC-B339E083291F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{7B8463DE-B162-42C8-A9AD-391A5E3B2B23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4AB0227E-7847-469E-AB85-BB094570773A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{42BE6F3C-3884-4273-AA01-497854DEB169}] => (Allow) LPort=2869
FirewallRules: [{65AB828A-A678-40FB-8D6C-F30258E6B167}] => (Allow) LPort=1900
FirewallRules: [{B04FA27D-1A77-4D5C-997E-3BA086B78D7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6DD07E70-CC5A-4C29-A707-196CBB496BE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D441E783-3BE3-480E-9D1D-744FA23A5FA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BFCEA28-108B-4ACC-8EDA-FB0303DEAD55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B256FF26-C568-489C-ABA7-B5FD460660E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{436A18D0-C7A8-4C7C-9F6D-1E18F2390B0D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{4A4005BB-2DDD-4BDB-8AE6-30111CB316FB}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B77BA49C-6B3E-4760-BB13-F4910B48B19B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EC2C753-5C39-42EF-8836-5321BC29B866}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
06-01-2016 05:59:22 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2016 06:09:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2016 05:22:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_5.028.exe version 5.0.2.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2cc
Start Time: 01d147ee29c3195f
Termination Time: 4
Application Path: C:\Users\Owner\Desktop\Cleaners\adwcleaner_5.028.exe
Report Id:
Error: (01/06/2016 05:14:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/06/2016 04:44:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 07:48:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 06:51:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 06:18:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 03:21:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 02:39:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/05/2016 08:35:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (01/06/2016 06:09:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (01/06/2016 06:09:59 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (01/06/2016 06:09:59 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (01/06/2016 06:09:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (01/06/2016 06:09:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (01/06/2016 06:09:50 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (01/06/2016 06:07:50 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{a9ba8646-fde1-11e4-af1b-806e6f6e6963} cannot be read.
CodeIntegrity:
===================================
Date: 2015-10-16 10:12:19.042
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:12:18.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:12:18.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:12:17.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:12:17.341
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:11:50.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:11:49.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:11:49.417
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:11:49.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-10-16 10:11:48.419
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\avg_remover_stf_x86_2013_3341.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 63%
Total physical RAM: 3965.6 MB
Available physical RAM: 1465.28 MB
Total Virtual: 7929.41 MB
Available Virtual: 4450.79 MB
==================== Drives ================================
Drive c: (Windows 7 Drive) (Fixed) (Total:931.41 GB) (Free:719.1 GB) NTFS
Drive f: (XP-Data) (Fixed) (Total:71.22 GB) (Free:32.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: CB210205)
Partition 1: (Not Active) - (Size=71.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=394.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================