Computer is running really loud lately, possible malware I'm missing?

[gigglepot]

Hi, over the last week or so my computer has been running really loud, especially when I'm on the internet, but also just all the time. I run Spybot every week and for weeks now it tells me "congrats, no problems found". I open Task Manager wondering if something else is running in the background but Task Manager says nothing is running. I cleaned out all the vents and the back of the computer tower with canned air, still no luck. So I wonder if someone can help me here? I got amazing help from OCD once before and was so grateful. Thank you!

Thank you for your response Tashi and thanks for pointing me to the right place to attach the logs.

Here is the FRST.txt file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Owner (administrator) on OWNER-HP (22-06-2016 09:59:47)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Pelmorex Media Inc.) C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Splinterware Software Solutions) C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Guillemot Corporation) C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-14] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [290304 2013-06-05] (Splinterware Software Solutions)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Run: [WeatherEye] => C:\Users\Owner\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MountPoints2: {2e587596-fbf0-11e5-ba25-6431503ceaa3} - F:\startme.exe
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-14] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-05-15]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.135.148 64.59.128.114
Tcpip\..\Interfaces\{853F1832-EF79-4946-9A19-0123FAFCABB6}: [DhcpNameServer] 64.59.135.148 64.59.128.114

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-179166284-1700762968-3849658672-1000 -> {190EAB21-2083-42D6-83C7-DDE3C907E5C7} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-179166284-1700762968-3849658672-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-179166284-1700762968-3849658672-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: jZip Webmail plugin -> {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} -> C:\Program Files (x86)\jZip\WebmailPlugin.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeo7drnr.default-1460249555612
FF Homepage: hxxp://www.kijiji.ca/h-calgary/1700199
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-179166284-1700762968-3849658672-1000: @nsroblox.roblox.com/launcher -> C:\Users\Owner\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-179166284-1700762968-3849658672-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Owner\AppData\Local\Roblox\Versions\version-ea1ccffcf5ea48fc\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-179166284-1700762968-3849658672-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF Extension: Greasemonkey - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeo7drnr.default-1460249555612\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-06]
FF Extension: leethax.net extension - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeo7drnr.default-1460249555612\extensions\leethax@leethax.net.xpi [2016-05-11]
FF Extension: New Tab Override (browser.newtab.url replacement) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oeo7drnr.default-1460249555612\Extensions\newtaboverride@agenedia.com.xpi [2016-04-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.kijiji.ca/
CHR StartupUrls: Default -> "hxxp://calgary.kijiji.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Owner\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR HKU\S-1-5-21-179166284-1700762968-3849658672-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-01-30]
CHR HKU\S-1-5-21-179166284-1700762968-3849658672-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-14]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-14] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [974016 2014-03-02] () [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TmWinService; C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe [304640 2011-03-04] (Guillemot Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115976 2016-01-28] (Wondershare)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-14] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 TmBusEn; C:\Windows\System32\DRIVERS\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
R3 TmBusEn; C:\Windows\SysWOW64\DRIVERS\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\System32\DRIVERS\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\SysWOW64\DRIVERS\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\System32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\SysWOW64\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 09:57 - 2016-06-22 10:00 - 00032722 _____ C:\Users\Owner\Desktop\FRST.txt
2016-06-22 09:56 - 2016-06-22 09:59 - 00000000 ____D C:\FRST
2016-06-22 09:55 - 2016-06-22 09:56 - 02387456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-06-22 09:54 - 2016-06-22 09:54 - 00000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-HP-Windows-7-Home-Premium-(64-bit).dat
2016-06-22 09:53 - 2016-06-22 09:53 - 00017985 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-06-22 09:53 - 2016-06-22 09:53 - 00002197 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-22 09:53 - 2016-06-22 09:53 - 00000000 ____D C:\RegBackup
2016-06-22 09:53 - 2016-06-22 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-22 09:53 - 2016-06-22 09:53 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-22 09:51 - 2016-06-22 09:52 - 05523840 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_registry_backup_setup.exe
2016-06-22 06:27 - 2016-06-22 06:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{F7B0BEFB-235B-4D66-B318-BD9FDF4DE8C4}
2016-06-21 20:57 - 2016-06-21 20:58 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Desktop\procexp.exe
2016-06-21 18:16 - 2016-06-21 18:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{2DEC2CC0-C344-4FD7-9DE2-806D9596D4BE}
2016-06-21 15:00 - 2016-06-21 15:00 - 00000000 ____D C:\Windows\5B0F473D7E18477F99DC3745D5A711E9.TMP
2016-06-21 06:15 - 2016-06-21 06:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{25DD8D2B-C6A9-468F-83EB-9C532C4596DE}
2016-06-20 20:32 - 2016-06-20 20:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{77BD7E05-E80E-4BD0-8104-EE9767D8725E}
2016-06-20 08:32 - 2016-06-20 08:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{99CA903A-575F-41B4-B7E9-721A4284847E}
2016-06-19 20:31 - 2016-06-19 20:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{8B9BC2A7-5564-426A-841F-5A9429D192BF}
2016-06-19 08:30 - 2016-06-19 08:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{B2E39AA1-A835-460D-9EE1-8707B746FBE3}
2016-06-18 20:30 - 2016-06-18 20:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA5F5ABF-0B54-4698-840F-4906AF3D9F03}
2016-06-18 09:37 - 2016-06-18 09:37 - 00000000 ____D C:\Users\Owner\Documents\Telltale Games
2016-06-18 09:34 - 2016-06-18 09:34 - 00001669 _____ C:\Users\Owner\Desktop\Play Minecraft Story Mode.lnk
2016-06-18 09:34 - 2015-10-13 13:58 - 00000431 _____ C:\Users\Owner\Desktop\update-MinecraftStory.bat
2016-06-18 09:29 - 2016-06-21 16:27 - 00000000 ____D C:\Users\Owner\Desktop\Minecraft Story Mode
2016-06-18 08:29 - 2016-06-18 08:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{1BF9EC2B-3C40-4747-9C52-AFFFDA16EE48}
2016-06-17 20:28 - 2016-06-17 20:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{16F0B9E5-7D2E-4704-A96B-117DD20D2658}
2016-06-17 11:27 - 2016-06-17 11:27 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-17 08:28 - 2016-06-17 08:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{183E5EF8-2207-4730-89D6-CEBF49824563}
2016-06-16 20:27 - 2016-06-16 20:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{40261EBC-225C-4634-A173-9E43BBBA261F}
2016-06-16 08:27 - 2016-06-16 08:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{191ADEF9-E254-4849-A340-6E00BECFACC7}
2016-06-15 20:26 - 2016-06-15 20:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{CA72DA75-E62F-4F44-B610-56448BA4C4E0}
2016-06-15 08:26 - 2016-06-15 08:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{283E86BB-1A0C-4190-B928-59EF404E300F}
2016-06-14 20:25 - 2016-06-14 20:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{4051282C-B57F-4D0C-9F03-C6959FE1F163}
2016-06-14 15:03 - 2016-06-14 15:03 - 00000000 ____D C:\ProgramData\Gaijin
2016-06-14 08:25 - 2016-06-14 08:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{B9BE0326-0950-45E8-8258-35933CCEEFC9}
2016-06-14 06:35 - 2016-06-14 06:35 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465907730
2016-06-14 06:35 - 2016-06-14 06:35 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-14 06:27 - 2016-06-14 06:26 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-14 06:26 - 2016-06-14 06:26 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-14 06:26 - 2016-06-14 06:26 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-13 20:24 - 2016-06-13 20:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE329B16-29E6-49E1-A218-92E4A1DF40A8}
2016-06-13 08:24 - 2016-06-13 08:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{5E1F6FB9-FBF3-4D40-955E-EC7FCC458DF2}
2016-06-12 20:23 - 2016-06-12 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{3170F46C-B72E-4E38-A1DB-8EE3C57A3497}
2016-06-12 08:22 - 2016-06-12 08:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{7BFEAFD3-76A8-4A4C-8392-FD1FCA0F0208}
2016-06-11 20:22 - 2016-06-11 20:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{5E5DC738-6084-4A73-9B5E-8C9CB4CB8138}
2016-06-11 10:12 - 2016-06-11 11:19 - 346150987 _____ C:\Users\Owner\Desktop\FNaF_World.exe
2016-06-11 08:21 - 2016-06-11 08:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{F74835A9-7FC9-43F2-9954-2ED376894FDC}
2016-06-10 20:21 - 2016-06-10 20:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{855D1B30-56BA-48E9-8B59-03203D5A6470}
2016-06-10 08:20 - 2016-06-10 08:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{FE49B14B-25C5-48E2-9E15-FA6150B78772}
2016-06-09 20:19 - 2016-06-09 20:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{021E887A-B523-48DF-870A-F7BE552D16EA}
2016-06-09 08:19 - 2016-06-09 08:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{795C7FFC-6F99-43A1-B6CF-0BADE7B5F75A}
2016-06-08 20:18 - 2016-06-08 20:19 - 00000000 ____D C:\Users\Owner\AppData\Local\{7307BE65-E505-4FA9-9B06-9A90BD32EC10}
2016-06-08 08:18 - 2016-06-08 08:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{AB861469-321E-4FC6-A1C2-9EEB74B03A5E}
2016-06-07 20:17 - 2016-06-07 20:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{EA0D3F5D-BEEC-4B96-9C5F-A71D5592D8CB}
2016-06-07 08:17 - 2016-06-07 08:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{3B72A159-28F6-4E4E-ABF9-35B639587CED}
2016-06-06 20:16 - 2016-06-06 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{0B70A4F4-EBA9-4DAC-8AAB-9E18107ED426}
2016-06-06 08:15 - 2016-06-06 08:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{0797F208-2C0A-4A58-8D2C-62627DE2CE79}
2016-06-05 20:15 - 2016-06-05 20:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{B4D5E128-B3DF-4715-A4F1-262E84202A3B}
2016-06-05 08:14 - 2016-06-05 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{4F48E832-B9EA-4C87-A177-5FC3BCA43DA0}
2016-06-04 20:13 - 2016-06-04 20:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{B789E1D3-09BB-4C93-AE7B-C24933A21A45}
2016-06-04 08:13 - 2016-06-04 08:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{BD700CA9-8533-487E-8257-19ABA30EB10C}
2016-06-03 20:12 - 2016-06-03 20:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{6A0E0838-793E-43A0-A175-D1CEF1B48EF9}
2016-06-03 12:32 - 2016-06-03 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-03 08:12 - 2016-06-03 08:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{38B77117-89A3-4D70-85E8-C820D818A9C9}
2016-06-02 20:11 - 2016-06-02 20:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{7D18D577-9326-4914-9ECC-9E8FE8056735}
2016-06-02 08:10 - 2016-06-02 08:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{38AE74B3-4531-4158-8633-76D267FF04A8}
2016-06-01 20:10 - 2016-06-01 20:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{FCD2BEE4-A746-4691-B61C-A942CAB1B32B}
2016-06-01 08:09 - 2016-06-01 08:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{B4ABC351-258D-4FE1-A250-B85851AA7E5D}
2016-05-31 20:09 - 2016-05-31 20:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{723D31FA-018B-43FE-B05B-C9BABCE9E085}
2016-05-31 08:08 - 2016-05-31 08:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{8D1EC964-1214-4442-B508-3B1E78C06EE5}
2016-05-30 20:08 - 2016-05-30 20:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{65D06BBC-D3E1-44C2-8A5C-F7A332138879}
2016-05-30 08:07 - 2016-05-30 08:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{1903A593-54ED-43C7-ADB9-88486BEC7AF1}
2016-05-29 20:07 - 2016-05-29 20:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{C4C98022-D1BC-4867-9D69-86200FC8CE54}
2016-05-29 08:05 - 2016-05-29 08:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{7584464A-C67F-463E-BD5C-C59D956D3AC9}
2016-05-28 20:04 - 2016-05-28 20:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{31523CFC-0674-42BC-ADE3-01EEE24DAAC4}
2016-05-28 08:04 - 2016-05-28 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{4782D57C-8803-4491-9773-C21482DAB66D}
2016-05-27 20:03 - 2016-05-27 20:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{D61D014B-8DBA-4F34-B0D0-4717D146F709}
2016-05-24 14:42 - 2016-05-24 14:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{94FA9A30-DADC-4E0B-925F-251E649D01DA}
2016-05-23 20:55 - 2016-05-23 20:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{85AA0D36-0C6D-4362-B2D0-082D135B6C69}
2016-05-22 22:34 - 2016-05-22 22:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{EDFB5262-DE94-4CB9-B9A5-6818A38E83FF}
2016-05-21 07:57 - 2016-05-21 07:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{30E5F162-7F36-4656-ADA5-272255519C46}
2016-05-20 08:16 - 2016-05-20 08:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{1DBE3FFB-3F59-4E2E-8217-B1D16D136D71}
2016-05-19 20:15 - 2016-05-19 20:16 - 00000000 ____D C:\Users\Owner\AppData\Local\{51099984-00AD-43F5-A715-06C94E5212C2}
2016-05-19 08:15 - 2016-05-19 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\{82057D04-488F-4C46-A853-9572ED684486}
2016-05-18 20:14 - 2016-05-18 20:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{D246501A-9766-4342-BF1F-DF0F58E19F6E}
2016-05-18 08:14 - 2016-05-18 08:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{8E1435F6-1BE5-4BE0-BF01-1965A64FB41A}
2016-05-17 20:13 - 2016-05-17 20:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{5DC1DC69-8DDC-4B55-89C5-D07303044684}
2016-05-17 08:13 - 2016-05-17 08:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{63F97422-3C1B-4860-A5F4-76C1C597CC12}
2016-05-16 20:12 - 2016-05-16 20:13 - 00000000 ____D C:\Users\Owner\AppData\Local\{71A34BA5-BAE7-42DF-83D5-666F4AED79CB}
2016-05-16 08:12 - 2016-05-16 08:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{96D26602-1A76-4BC4-A114-8B5DA4181F8E}
2016-05-15 20:11 - 2016-05-15 20:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{4B558730-AA9B-4311-B437-DDFC3441C815}
2016-05-15 08:11 - 2016-05-15 08:11 - 00000000 ____D C:\Users\Owner\AppData\Local\{0662D058-327E-45B7-A3C8-E3AAF7AD2EA3}
2016-05-14 20:10 - 2016-05-14 20:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{FE793B21-3DE7-4160-87D6-C88D5404884B}
2016-05-14 08:10 - 2016-05-14 08:10 - 00000000 ____D C:\Users\Owner\AppData\Local\{335145A4-541B-4D74-8A49-0702710800E4}
2016-05-13 20:09 - 2016-05-13 20:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{DA813CF0-FE45-4C27-B4E2-8FE4252F81D6}
2016-05-13 08:09 - 2016-05-13 08:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{0A001F8D-0C31-4D9B-9145-E43BD0C30714}
2016-05-12 20:08 - 2016-05-12 20:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{644B067A-8B94-4A98-9B61-398AF614A525}
2016-05-12 08:07 - 2016-05-12 08:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{F8FBDABA-15D5-4095-9003-46B697E81F67}
2016-05-11 20:07 - 2016-05-11 20:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{C9796FB8-8FD8-4E06-B15F-890009D2C031}
2016-05-11 08:06 - 2016-05-11 08:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{121DDCF1-C23A-4CA2-AD3D-061618257B60}
2016-05-10 20:06 - 2016-05-10 20:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE9D78D3-4F2B-4697-92C4-F747B1B8EBAA}
2016-05-10 08:05 - 2016-05-10 08:06 - 00000000 ____D C:\Users\Owner\AppData\Local\{3D497C41-2562-43AC-90FE-ADC34947F92C}
2016-05-09 20:05 - 2016-05-09 20:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{9C361381-195A-4E89-A330-17ABE37441ED}
2016-05-09 19:36 - 2016-05-09 19:36 - 00000000 ____D C:\Users\Owner\AppData\Local\WOP
2016-05-09 19:36 - 2016-05-09 19:36 - 00000000 ____D C:\ProgramData\WOP
2016-05-09 19:35 - 2016-05-09 19:35 - 00001219 _____ C:\Users\Public\Desktop\Wings of Prey.lnk
2016-05-09 19:35 - 2016-05-09 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings of Prey
2016-05-09 19:19 - 2016-05-21 13:27 - 00000000 ____D C:\Users\Owner\AppData\Local\Wings of Prey
2016-05-09 19:19 - 2016-05-09 19:19 - 00000000 ____D C:\Program Files (x86)\Gaijin
2016-05-09 08:04 - 2016-05-09 08:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{ACF77967-1B8F-475C-81F6-8D5D8E6EDD92}
2016-05-08 20:03 - 2016-05-08 20:04 - 00000000 ____D C:\Users\Owner\AppData\Local\{06E9A1E4-516E-45FD-A552-877B26160BA5}
2016-05-08 07:57 - 2016-05-08 07:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{B6635DBD-BBAD-4034-9997-64BFA02073C8}
2016-05-07 19:56 - 2016-05-07 19:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9B49FAD-F588-4F00-BE79-8EFD2E22F1EB}
2016-05-07 12:00 - 2016-05-07 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUPLAY
2016-05-07 12:00 - 2016-05-07 12:01 - 00000000 ____D C:\Program Files (x86)\YUPLAY
2016-05-07 10:57 - 2016-05-07 10:58 - 03878112 _____ (Husdawg, LLC) C:\Users\Owner\Downloads\Detection.exe
2016-05-07 07:55 - 2016-05-07 07:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{22D26B11-EA3E-4FD4-A8B9-8CF406B4A456}
2016-05-06 19:54 - 2016-05-06 19:55 - 00000000 ____D C:\Users\Owner\AppData\Local\{A3DF148C-48EF-4E59-AA8D-636D2C1D8A9A}
2016-05-06 07:54 - 2016-05-06 07:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{EBA0E047-F1E7-451F-BB71-6E9C0DC754D3}
2016-05-05 19:53 - 2016-05-05 19:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{43439E7E-F9AD-476E-89CD-175EC059EA15}
2016-05-05 07:53 - 2016-05-05 07:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{C0DD208D-6698-46D8-A494-316A3E73DCF5}
2016-05-04 19:52 - 2016-05-04 19:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{6AD31649-20DF-4D3A-A684-4A9F9D21A6AD}
2016-05-04 07:52 - 2016-05-04 07:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{F6F5E306-0BDE-461E-8587-D6EDB184B03B}
2016-05-03 19:51 - 2016-05-03 19:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{FFAFE5ED-F995-4C01-A97F-62B057F3BF5F}
2016-05-03 07:51 - 2016-05-03 07:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{A8CDB145-78D2-4B94-83A6-9601A2CFC2A1}
2016-05-02 19:50 - 2016-05-02 19:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{B66CF5C9-48AE-4B34-A718-2BE9434D70AC}
2016-05-02 07:50 - 2016-05-02 07:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{B0C32BC5-FDF6-46ED-A625-ADA1BB5922CB}
2016-05-01 19:49 - 2016-05-01 19:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{23B22C01-EEA9-4389-AB6C-E5CB234E4AD0}
2016-05-01 07:49 - 2016-05-01 07:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{AEF8742D-9103-426F-96E1-DBD4A8913FEF}
2016-04-30 19:48 - 2016-04-30 19:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{F7A687D7-6B61-4569-9A14-54B06CB8F5B8}
2016-04-30 07:46 - 2016-04-30 07:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{BD5196CD-664C-4855-87B2-57CC862F6CB4}
2016-04-29 19:45 - 2016-04-29 19:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{3FCA772F-005F-4DCD-821E-CF3F835EAB57}
2016-04-29 07:44 - 2016-04-29 07:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{24172E81-23A0-4622-81DD-5741BAF1CC3A}
2016-04-28 19:44 - 2016-04-28 19:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{7F864F05-107E-4101-92BB-0C3905BB2B26}
2016-04-28 07:43 - 2016-04-28 07:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1D4B29C-C4CB-43E0-A311-4ACD7EDDC5BB}
2016-04-27 19:43 - 2016-04-27 19:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{BD958F34-3E4A-4784-8774-F90C62E85649}
2016-04-27 15:46 - 2016-04-27 15:49 - 08847336 _____ C:\Users\Owner\Downloads\TallcraftDropper1.13.zip
2016-04-27 07:42 - 2016-04-27 07:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{3A9A6FB6-DB6E-45BE-8210-7401FD61DBF0}
2016-04-26 19:42 - 2016-04-26 19:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{37BC7B7A-F2B8-4A58-BA89-DCE9A0836700}
2016-04-26 07:41 - 2016-04-26 07:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BA6E43A-86A9-48A6-A735-3178642036E0}
2016-04-25 19:40 - 2016-04-25 19:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{C43DB901-0408-4862-9D1A-F2D21AC03F41}
2016-04-25 14:34 - 2016-04-25 14:54 - 63445703 _____ C:\Users\Owner\Downloads\Terra Swoop Force - By Noxcrew (V1.1) (Unzip This).zip
2016-04-25 07:40 - 2016-04-25 07:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{66BC5EE8-8068-4188-A330-0FE630A5C015}
2016-04-25 00:35 - 2016-04-25 00:35 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-04-25 00:35 - 2016-04-25 00:35 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2016-04-24 19:39 - 2016-04-24 19:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{42917145-89CB-4E23-A33B-602EEB5240DD}
2016-04-24 07:38 - 2016-04-24 07:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{3C8B5537-2BB5-43AE-8AA6-DC1D5CBBC5AC}
2016-04-23 19:37 - 2016-04-23 19:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{14676126-972C-4711-A52E-62CC3F22792C}
2016-04-23 07:37 - 2016-04-23 07:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{DDBA8556-8177-4EB1-BC34-C967297CC3A5}
2016-04-22 19:36 - 2016-04-22 19:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{17EFAE17-A0D9-4833-A932-6FD001B0ABFE}
2016-04-21 21:58 - 2016-04-21 21:59 - 00000000 ____D C:\Users\Owner\AppData\Local\{8775A141-7DD5-4F82-8C52-648E8EBF5D6E}
2016-04-21 09:58 - 2016-04-21 09:58 - 00000000 ____D C:\Users\Owner\AppData\Local\{5B4E368D-7D34-4D52-B0FC-665EFCCCDA4C}
2016-04-20 21:57 - 2016-04-20 21:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{1056E1D7-9E9C-489E-BE46-ADEE19C46009}
2016-04-20 09:56 - 2016-04-20 09:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{46D675F2-9132-491B-B0B0-2D4B615255CF}
2016-04-19 21:55 - 2016-04-19 21:56 - 00000000 ____D C:\Users\Owner\AppData\Local\{48507F1B-D760-4DA0-988D-3D8E3C20ACF4}
2016-04-19 12:46 - 2016-04-19 12:46 - 00002087 _____ C:\Users\Public\Desktop\StudioTax 2015.lnk
2016-04-19 12:46 - 2016-04-19 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2015
2016-04-19 10:54 - 2016-04-19 10:54 - 00000000 ____D C:\ProgramData\BHOK IT Consulting
2016-04-19 09:55 - 2016-04-19 09:55 - 00000000 ____D C:\Users\Owner\AppData\Local\{5A06736A-C977-4EF0-A5FF-94ED60120E63}
2016-04-18 21:54 - 2016-04-18 21:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{B66753C0-8F78-46C7-AC23-400B06C1EAEA}
2016-04-18 09:54 - 2016-04-18 09:54 - 00000000 ____D C:\Users\Owner\AppData\Local\{569AC334-B402-4716-A4DA-5D51B0121001}
2016-04-17 21:53 - 2016-04-17 21:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{6109FC3D-9FDE-4D85-B516-FC0A99272397}
2016-04-17 09:52 - 2016-04-17 09:53 - 00000000 ____D C:\Users\Owner\AppData\Local\{F11FBE56-A635-4CDE-8F57-DD4C9D9231FE}
2016-04-16 21:52 - 2016-04-16 21:52 - 00000000 ____D C:\Users\Owner\AppData\Local\{C27CA2A1-3F06-4301-B5D4-405F644DFCE5}
2016-04-16 09:51 - 2016-04-16 09:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{D7C90982-DF62-44F5-9DCC-4DB286B014E2}
2016-04-15 21:50 - 2016-04-15 21:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{A7E4133F-C4C8-47D3-89DD-5F54DCB39789}
2016-04-15 09:49 - 2016-04-15 09:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{0A9DF12D-A013-4728-B494-06D494D2A8A6}
2016-04-14 21:49 - 2016-04-14 21:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{E0EADDF8-B73B-40A7-9D72-5956E6F49673}
2016-04-14 09:48 - 2016-04-14 09:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{16ADCE53-7CD9-44B6-9DD5-CB7910977845}
2016-04-13 21:48 - 2016-04-13 21:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{5ED35126-96C7-41DF-A9EF-8D00F7119B37}
2016-04-13 09:46 - 2016-04-13 09:47 - 00000000 ____D C:\Users\Owner\AppData\Local\{44615377-47AF-43D5-A622-02E9F92C68F4}
2016-04-13 09:44 - 2016-03-29 11:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 09:44 - 2016-03-17 17:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 09:44 - 2016-03-17 17:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 09:44 - 2016-03-17 17:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 09:44 - 2016-03-17 17:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 09:44 - 2016-03-17 17:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 09:44 - 2016-03-17 17:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 09:44 - 2016-03-17 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 09:44 - 2016-03-17 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 09:44 - 2016-03-17 16:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 09:44 - 2016-03-17 16:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 09:44 - 2016-03-17 16:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 09:44 - 2016-03-17 16:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 09:44 - 2016-03-17 16:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 09:44 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 09:44 - 2016-03-17 16:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 09:44 - 2016-03-17 16:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 09:44 - 2016-03-17 16:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 09:44 - 2016-03-17 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 09:44 - 2016-03-17 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 09:44 - 2016-03-17 16:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 09:44 - 2016-03-17 16:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 09:44 - 2016-03-17 16:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 09:44 - 2016-03-17 16:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 09:44 - 2016-03-17 16:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 09:44 - 2016-03-17 16:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 09:44 - 2016-03-17 16:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 09:44 - 2016-03-17 16:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 09:44 - 2016-03-17 16:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 09:44 - 2016-03-17 16:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 09:44 - 2016-03-17 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 09:44 - 2016-03-17 16:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 09:44 - 2016-03-17 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 09:44 - 2016-03-17 16:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 09:44 - 2016-03-17 16:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 09:44 - 2016-03-17 16:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 09:44 - 2016-03-17 16:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 09:44 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 09:44 - 2016-03-17 16:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 09:44 - 2016-03-17 16:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 09:44 - 2016-03-17 16:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 09:44 - 2016-03-17 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 09:44 - 2016-03-17 16:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 09:44 - 2016-03-17 16:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 15:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 09:44 - 2016-03-17 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 09:44 - 2016-03-17 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 09:44 - 2016-03-17 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 09:44 - 2016-03-17 15:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 09:44 - 2016-03-17 15:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 09:44 - 2016-03-17 15:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 09:44 - 2016-03-17 15:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 09:44 - 2016-03-17 15:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 09:44 - 2016-03-17 15:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 09:44 - 2016-03-17 15:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 09:44 - 2016-03-17 15:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 09:44 - 2016-03-17 15:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 09:44 - 2016-03-17 15:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 09:44 - 2016-03-17 15:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 09:44 - 2016-03-17 15:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 09:44 - 2016-03-17 15:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 09:44 - 2016-03-17 15:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 15:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 15:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 09:44 - 2016-03-17 15:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 09:44 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 09:44 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 09:44 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 09:44 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 09:44 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 09:44 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 09:44 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 09:44 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 09:44 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 09:43 - 2016-04-04 12:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 09:43 - 2016-04-04 12:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 09:43 - 2016-04-02 07:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 09:43 - 2016-03-23 08:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 09:43 - 2016-03-17 12:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 09:43 - 2016-03-17 12:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 09:43 - 2016-03-17 12:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 09:43 - 2016-03-17 12:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 09:43 - 2016-03-15 18:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 09:43 - 2016-03-15 18:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 09:43 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 09:43 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 09:43 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 09:43 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 09:43 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 09:42 - 2016-03-11 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 09:42 - 2016-03-11 12:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 21:46 - 2016-04-12 21:46 - 00000000 ____D C:\Users\Owner\AppData\Local\{7DF95312-5958-41E0-BAC8-8F08F1BA71E3}
2016-04-12 17:50 - 2016-04-12 17:50 - 00058664 _____ C:\Users\Owner\Downloads\Mailpiece.pdf
2016-04-12 09:46 - 2016-04-12 09:46 - 00000000 ____D C:\Users\Owner\AppData\Local\{5CE0020F-70FA-450E-8D69-2C68B3EDDFD3}
2016-04-12 06:28 - 2016-06-21 14:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 21:45 - 2016-04-11 21:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{EA2D7FBB-B3E6-4D52-953E-B03DC4D1332B}
2016-04-11 09:44 - 2016-04-11 09:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{D63476F3-82CE-44EB-88B1-41B0A901A945}
2016-04-10 21:44 - 2016-04-10 21:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{4D78DF8B-44B3-4715-9C9D-533A5618F962}
2016-04-10 09:43 - 2016-04-10 09:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{B9D5B71D-CDCB-489D-89E0-130D2895EDC2}
2016-04-09 21:42 - 2016-04-09 21:43 - 00000000 ____D C:\Users\Owner\AppData\Local\{8E4B63B8-A288-426A-B23B-C27FE6F05420}
2016-04-09 09:46 - 2016-04-09 09:46 - 00242128 _____ C:\Users\Owner\Downloads\Firefox Setup Stub 45.0.1.exe
2016-04-09 09:41 - 2016-04-09 09:42 - 00000000 ____D C:\Users\Owner\AppData\Local\{8693F0E4-9D3E-40F9-84B2-F64E5178C1C3}
2016-04-08 21:40 - 2016-04-08 21:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{94567D8D-2C83-4BB4-9E3D-EA18C597E5A9}
2016-04-08 09:40 - 2016-04-08 09:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{F045D74C-B14A-4A14-B1B7-7EE1D856792F}
2016-04-07 21:39 - 2016-04-07 21:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{C8183BFE-5848-44FA-8673-AD4BFF9C7D8B}
2016-04-07 16:35 - 2016-04-07 16:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Sony
2016-04-07 16:35 - 2016-04-07 16:35 - 00001847 _____ C:\Users\Public\Desktop\Media Go.lnk
2016-04-07 16:35 - 2016-04-07 16:35 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-04-07 16:30 - 2016-04-07 16:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sony
2016-04-07 16:30 - 2016-04-07 16:31 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2016-04-07 09:39 - 2016-04-07 09:39 - 00000000 ____D C:\Users\Owner\AppData\Local\{D87673AD-51E0-4FB2-89D0-798BFAB5018A}
2016-04-06 21:38 - 2016-04-06 21:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{D38A2C1D-4D30-4206-BA79-E23667DF64FB}
2016-04-06 10:02 - 2016-04-07 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-04-06 10:02 - 2016-04-07 16:35 - 00000000 ____D C:\Program Files (x86)\Sony
2016-04-06 10:02 - 2016-04-07 15:55 - 00002661 _____ C:\Users\Public\Desktop\Xperia Companion.lnk
2016-04-06 10:02 - 2016-04-06 10:02 - 00000000 ____D C:\Users\Owner\Documents\Sony
2016-04-06 09:59 - 2016-04-07 16:31 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-06 09:37 - 2016-04-06 09:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{6ACAEDF0-B313-49C0-AF9D-54E4267FE900}
2016-04-06 09:36 - 2016-04-07 15:46 - 54909824 _____ (Sony) C:\Users\Owner\AppData\Local\pcc.exe
2016-04-05 21:37 - 2016-04-05 21:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{EEF9D8AB-33ED-4610-9A33-515F484E1EFB}
2016-04-05 09:36 - 2016-04-05 09:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{F0E9EC74-9E23-4110-BE3D-4A9D56520F41}
2016-04-04 21:36 - 2016-04-04 21:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{625CE18B-8C33-477A-8E93-1213430FF857}
2016-04-04 09:35 - 2016-04-04 09:36 - 00000000 ____D C:\Users\Owner\AppData\Local\{996E980B-0772-4380-B44C-6003B87ACE46}
2016-04-03 21:35 - 2016-04-03 21:35 - 00000000 ____D C:\Users\Owner\AppData\Local\{E97B6452-BBC5-42D4-B274-F332EE916EE5}
2016-04-03 09:34 - 2016-04-03 09:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{1D80DDB1-1CD1-47E4-B709-D07F7F533570}
2016-04-02 21:34 - 2016-04-02 21:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{03BFC7A0-99A3-4772-87A0-1EA44DF02EB9}
2016-04-02 09:33 - 2016-04-02 09:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{FC3144A3-C027-461B-A248-F703B2F3DCE8}
2016-04-01 21:33 - 2016-04-01 21:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{922E13D7-588C-4EFF-8547-17BBEFFA9D12}
2016-04-01 09:32 - 2016-04-01 09:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{BE773290-9058-4774-964A-7A5CA28F3AF3}
2016-03-31 21:31 - 2016-03-31 21:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{06059F47-E271-4FC3-9B1B-27120472F5DE}
2016-03-31 09:31 - 2016-03-31 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{882E3387-36E0-4DD8-92B3-1ABDCCC8357A}
2016-03-30 21:30 - 2016-03-30 21:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{BA37D2C4-158F-4036-A7F4-27671EC90C60}
2016-03-30 09:30 - 2016-03-30 09:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{54390148-3DC7-4BDA-A095-27A318ABCCEB}
2016-03-29 21:29 - 2016-03-29 21:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{46B96E69-B538-4288-B005-C71269CDD7D4}
2016-03-29 09:29 - 2016-03-29 09:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{CBD265CC-030A-498C-83BC-19B0E7A862AF}
2016-03-28 21:28 - 2016-03-28 21:29 - 00000000 ____D C:\Users\Owner\AppData\Local\{A6538B97-58D8-4570-A05A-A4626D4D8BAB}
2016-03-28 09:28 - 2016-03-28 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{55A6A819-BA96-4CCA-8603-F40AB3523C78}
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{2F34EEFA-0C9C-46A0-957A-72C2E1F1A1C2}
2016-03-27 09:26 - 2016-03-27 09:26 - 00000000 ____D C:\Users\Owner\AppData\Local\{BEA34246-BB54-4349-B5EF-01693DBF6CA9}
2016-03-26 21:25 - 2016-03-26 21:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{B5E6E108-DE14-4457-93F0-1E8F0F0449B7}
2016-03-26 09:23 - 2016-03-26 09:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{5BD62761-77AC-438A-B0D2-B334A3E9FCAF}
2016-03-25 21:23 - 2016-03-25 21:23 - 00000000 ____D C:\Users\Owner\AppData\Local\{8EA47241-69AF-488A-8A9F-C7912C7EC03C}
2016-03-25 09:22 - 2016-03-25 09:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{6667A243-2372-4264-AECA-D1398AF21289}
2016-03-24 21:21 - 2016-03-24 21:22 - 00000000 ____D C:\Users\Owner\AppData\Local\{B25C45D6-B55C-474C-8802-A30AA60C5461}
2016-03-24 09:21 - 2016-03-24 09:21 - 00000000 ____D C:\Users\Owner\AppData\Local\{850252DA-DD7A-4F3F-810E-8A43595577A4}

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 10:00 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-22 10:00 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-22 09:49 - 2014-09-08 11:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-22 09:46 - 2016-01-30 20:41 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-22 09:22 - 2015-11-16 07:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-22 06:39 - 2011-03-14 16:11 - 00000000 ____D C:\ProgramData\Temp
2016-06-22 06:37 - 2014-06-17 14:03 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-06-22 06:33 - 2011-05-12 13:22 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BF401F47-875B-4406-9B0C-8E70A5A1480F}
2016-06-22 06:24 - 2016-01-30 20:41 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-22 06:24 - 2015-04-24 06:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-22 06:24 - 2014-09-08 11:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 06:24 - 2011-05-12 13:16 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-06-22 06:24 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 15:01 - 2016-01-27 20:36 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2016-06-21 14:46 - 2011-05-22 07:01 - 00000000 ____D C:\Users\Owner\Documents\Lillian
2016-06-21 14:40 - 2013-11-14 07:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-21 12:25 - 2011-06-13 06:25 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOWNER-HP$
2016-06-21 12:25 - 2011-06-13 06:25 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job
2016-06-21 05:22 - 2013-10-02 15:10 - 00000000 ____D C:\Program Files (x86)\WarThunder
2016-06-20 18:31 - 2016-01-29 19:48 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2016-06-20 18:31 - 2016-01-29 19:48 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
2016-06-18 09:32 - 2011-05-16 15:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2016-06-17 19:57 - 2011-05-16 16:00 - 00000000 ____D C:\Users\Owner\Documents\Vuze Downloads
2016-06-17 18:33 - 2011-05-15 17:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-06-17 18:33 - 2011-05-15 17:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HP Support Assistant
2016-06-17 16:52 - 2014-09-08 11:38 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 11:27 - 2015-11-16 07:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 11:27 - 2012-05-14 06:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 11:27 - 2011-08-06 07:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 11:20 - 2011-05-17 14:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVD Flick
2016-06-17 11:19 - 2011-05-17 15:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2016-06-17 11:19 - 2011-05-17 15:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-06-17 11:17 - 2011-05-17 14:51 - 00000000 ____D C:\Users\Owner\Documents\dvd
2016-06-14 06:26 - 2014-04-23 10:41 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-14 06:26 - 2013-12-23 07:00 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-14 06:26 - 2013-10-23 06:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-14 06:26 - 2013-03-07 07:33 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-14 06:26 - 2013-03-07 07:33 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-14 06:26 - 2012-02-24 07:44 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-14 06:26 - 2011-05-15 23:54 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-14 06:26 - 2011-05-15 23:54 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-14 06:26 - 2011-05-15 23:54 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-14 06:26 - 2011-05-15 23:54 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-12 11:08 - 2012-09-04 16:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2016-06-12 06:55 - 2016-01-30 20:54 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-06-11 17:07 - 2015-07-27 11:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MMFApplications
2016-06-09 22:03 - 2011-06-01 11:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2016-06-08 16:42 - 2013-02-28 13:27 - 00000000 ____D C:\Users\Owner\Documents\SelfMV
2016-06-03 17:06 - 2015-07-06 16:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 12:33 - 2016-01-30 20:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-31 12:02 - 2016-01-30 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 06:07 - 2011-05-17 16:48 - 00000000 ____D C:\Program Files (x86)\SystemScheduler

==================== Files in the root of some directories =======

2011-06-24 14:38 - 2011-09-23 14:24 - 0001854 _____ () C:\Users\Owner\AppData\Roaming\GhostObjGAFix.xml
2012-04-12 15:00 - 2014-06-06 10:41 - 0122368 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-06 09:36 - 2016-04-07 15:46 - 54909824 _____ (Sony) C:\Users\Owner\AppData\Local\pcc.exe
2013-01-07 10:09 - 2013-01-07 10:09 - 0002145 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2011-05-20 22:49 - 2011-05-20 22:49 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2011-05-16 06:54 - 2011-05-23 15:36 - 0000691 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\_isC874.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 12:28

==================== End of FRST.txt ============================


Here is the Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Owner (2016-06-22 10:02:16)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-12 19:07:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-179166284-1700762968-3849658672-500 - Administrator - Disabled)
Guest (S-1-5-21-179166284-1700762968-3849658672-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-179166284-1700762968-3849658672-1002 - Limited - Enabled)
Owner (S-1-5-21-179166284-1700762968-3849658672-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Wings of Prey" (Unistall) (HKLM-x32\...\{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1) (Version: 1.0.5.2 - Gaijin Entertainment, Corp.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.4.6714 - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora Backpack (HKLM-x32\...\{D859D35F-E947-4F2A-8591-C76A4D116178}) (Version: - )
Drome Racers (HKLM-x32\...\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}) (Version: - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
FastStone Image Viewer 4.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.5 - FastStone Soft)
Five Nights at Freddy's DEMO (HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\Five Nights at Freddy's DEMO) (Version: - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMSpico v9.2.2 RC (HKLM\...\KMSpico_is1) (Version: 9.2.2 RC - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Giant)
LEGO Star Wars (x32 Version: 1.00.0000 - Giant) Hidden
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Batman™ (HKLM-x32\...\InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}) (Version: 1.00.0000 - Warner Bros. Interactive Entertainment)
LEGO® Batman™ (x32 Version: 1.00.0000 - Warner Bros. Interactive Entertainment) Hidden
LEGO® Indiana Jones™ 2 (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Indiana Jones™ 2: The Adventure Continues (HKLM-x32\...\InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™ III: The Clone Wars™ (HKLM-x32\...\{6C0A6B81-0D00-453F-B220-E1F7931B3C2A}) (Version: 1.0.0.0 - LucasArts)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.101.05210 (HKLM-x32\...\{78D0E870-B5F7-8AE8-35DC-18060AAD9C7A}) (Version: 2.20.101.05210 - Sony)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\MyFreeCodec) (Version: - )
NHL® 09 (HKLM-x32\...\{F2B5A2A7-2DF9-4361-8BD5-362714528B51}) (Version: 2.0.1.0 - Electronic Arts)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
ROBLOX Player for Owner (HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Owner (HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shareaza (x32 Version: 8.0.0.123534 - Discordia, LTD) Hidden
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
StudioTax 2011 (HKLM\...\{85FD0263-98BB-4B0E-990C-A31094DE8DDE}) (Version: 7.0.4.0 - BHOK IT Consulting)
StudioTax 2012 (HKLM-x32\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.2 - BHOK IT Consulting)
StudioTax 2013 (HKLM-x32\...\{3F525B18-4DA5-447A-97E5-8F00EA9DF4B1}) (Version: 9.1.8.2 - BHOK IT Consulting)
StudioTax 2014 (HKLM-x32\...\{F4A42DCD-CE34-4D3F-B328-BDC81CF50737}) (Version: 10.0.7.0 - BHOK IT Consulting)
StudioTax 2015 (HKLM-x32\...\{D4ED4657-36AF-443C-8274-AEA66D8A6317}) (Version: 11.0.8.6 - BHOK IT Consulting)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Scheduler 4.23 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Thrustmaster TARGET (HKLM-x32\...\{8036A569-CA02-4D33-A7E9-E9BC8A482E91}) (Version: 2.0.10.0 - Thrustmaster)
Toy Story 3 (HKLM-x32\...\{AAFD160A-2333-40D8-AA25-42D1989CA0F2}) (Version: 1.00.0000 - Disney Interactive Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)
War Thunder CDK 0.1 (HKLM-x32\...\{ed8deea4-29fe-1932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WeatherEye (HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\WeatherEye) (Version: - )
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 5.7.0.9) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.7.0.9 - Wondershare Software Co.,Ltd.)
Xperia Companion (HKLM-x32\...\{349564b4-3c4d-482a-9b2b-7e4480c9394c}) (Version: 1.0.2.0 - Sony)
Xperia Companion (x32 Version: 1.0.2.0 - Sony) Hidden
yuPlay client 0.7.50 (HKLM-x32\...\yuPlay клиент_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FE7318E-4885-42C4-93E3-FB734E63E4E0} - System32\Tasks\HPCeeScheduleForOWNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {11D2342F-839E-48E3-9AD7-A5763372DFCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1229D5C6-2C31-45A5-A77F-872758277322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {16E260E2-3C55-4817-B513-96F247AF4450} - System32\Tasks\{DC3699EB-8B75-4644-AAEF-06F2728982ED} => pcalua.exe -a "C:\Users\Owner\Documents\Lillian\Nick's Stuff\Saitek_Cyborg_Evo_SD6_32.exe" -d "C:\Users\Owner\Documents\Lillian\Nick's Stuff"
Task: {1C0D8719-CA60-4A76-A976-EC85FC47EAC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {21EEAEF6-FA9D-47E3-A31A-AE18117B582F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30] (Dropbox, Inc.)
Task: {2EF2F4D7-6FAB-489C-BB4D-D22154387F11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {3D812D1B-A978-4A78-BF49-361B915FC140} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {5518C77C-1BE8-4B27-975B-F7C8675C0729} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {58A20800-5B8E-4421-846B-45547303F5D7} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {6DFD6B24-DC19-4130-9871-377EE1EA01A0} - System32\Tasks\SafeZone scheduled Autoupdate 1465907730 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {849FC639-7015-427F-AA39-4FC2AA89D416} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-14] (AVAST Software)
Task: {8922745A-B80F-4AD0-A5A3-71E78518093B} - System32\Tasks\{7F85E32C-7D35-4958-B03F-BBAEF0CBC775} => pcalua.exe -a "C:\Users\Owner\Documents\Lillian\Nick's Stuff\Saitek_Cyborg_Evo_SD6_64.exe" -d "C:\Users\Owner\Documents\Lillian\Nick's Stuff"
Task: {8A2B4C85-7287-4463-9AE1-B5439A79026F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {9C9157B1-4249-47A0-BCE7-7E76C8CE1510} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {A2046887-4841-44D4-8FE6-9E6E7CCE795A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {A449C73B-4565-4F8F-943C-0C5CFEFBC971} - System32\Tasks\{787706EA-A8A6-446E-BDFD-AC04640298DC} => pcalua.exe -a "C:\Program Files (x86)\Registry Helper\uninst.exe"
Task: {B703C7D7-B53C-4AAD-BB28-A23E4FAAF54B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-30] (Dropbox, Inc.)
Task: {B819D107-2890-46A6-923E-872F90D94F20} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BCCAF77B-676F-4503-9124-452B84F74C89} - System32\Tasks\{8C85E8B1-A460-4EED-8DAC-C757387E1D2D} => pcalua.exe -a E:\SETUP.EXE -d E:\ -c -AutoRun
Task: {C258BB7D-E898-4D19-9E91-E318E67FBCD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CC86B01E-CE0A-4E21-A91A-759BB6BA026B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {F37C3969-D63A-4296-BD26-57EAE96CECD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {FC0A2883-58B4-4B24-8468-2652A26F0B2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOWNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-06-08 17:45 - 2009-06-08 17:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-14 16:10 - 2011-03-14 16:10 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-06-14 06:26 - 2016-06-14 06:26 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-14 06:26 - 2016-06-14 06:26 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-21 14:42 - 2016-06-21 14:42 - 02939392 _____ () C:\Program Files\AVAST Software\Avast\defs\16062101\algo.dll
2016-06-14 06:26 - 2016-06-14 06:26 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-22 06:25 - 2016-06-22 06:25 - 02939392 _____ () C:\Program Files\AVAST Software\Avast\defs\16062201\algo.dll
2016-06-14 06:26 - 2016-06-14 06:26 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-05-14 13:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-14 13:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-14 13:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-14 13:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-14 13:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-03 07:18 - 2015-12-03 07:18 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:196FC0A6 [115]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:7D6EC5BE [117]
AlternateDataStreams: C:\Users\Owner\Downloads:Shareaza.GUID [16]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-179166284-1700762968-3849658672-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-179166284-1700762968-3849658672-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.135.148 - 64.59.128.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MalwareProtectionLive => C:\Users\Owner\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: XperiaCompanionAgent => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{16467055-0A06-4B08-B61F-9DE42788DAD8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{2EBA5488-FA5F-4FFE-9810-A60F1B44FD7D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCF8FCE5-E6D2-4F9F-B47E-1532B3F3FFB9}] => (Allow) LPort=2869
FirewallRules: [{24263477-6EF3-402F-AE43-F9CD8CB45D85}] => (Allow) LPort=1900
FirewallRules: [{B9C9DF76-EF62-47DF-8DFB-5A6DE0DE80ED}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{13EB4188-C29B-40D3-8F11-46D708CB7236}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E7146E26-B002-435D-8D24-195587E8ED9F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{01EDB30A-24ED-4B0E-800E-7055527A3B20}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{EFC2BCB0-E996-4868-9EFE-3254FCD32F5C}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{11C8BEDA-8ABC-4F90-AE1A-511AE0F55291}] => (Allow) C:\Program Files (x86)\WinMX Music\WinMX Music.exe
FirewallRules: [{C448FDCC-80E1-4057-ABE0-710B5FA1343D}] => (Allow) C:\Program Files (x86)\WinMX Music\WinMX Music.exe
FirewallRules: [{40911C0D-BD8E-4F56-8828-B215A7B9179A}] => (Allow) C:\Program Files (x86)\WinMX Music\WinMX Music.exe
FirewallRules: [{C548D574-4C9A-4522-B803-186915733595}] => (Allow) C:\Program Files (x86)\WinMX Music\WinMX Music.exe
FirewallRules: [{7122594F-D635-4D46-AA08-2165ED451E67}] => (Allow) C:\Program Files (x86)\Ares Galaxy Professional\Ares Galaxy Professional.exe
FirewallRules: [{174F363F-F7C0-4F07-922F-84A5A6A691D7}] => (Allow) C:\Program Files (x86)\Ares Galaxy Professional\Ares Galaxy Professional.exe
FirewallRules: [TCP Query User{CC88F561-E8A6-4FD1-82FA-10E7F359F88B}C:\program files (x86)\luckywire\luckywire.exe] => (Allow) C:\program files (x86)\luckywire\luckywire.exe
FirewallRules: [UDP Query User{DD2FAD5B-3F81-4772-92C8-B3F9CE4DE016}C:\program files (x86)\luckywire\luckywire.exe] => (Allow) C:\program files (x86)\luckywire\luckywire.exe
FirewallRules: [TCP Query User{D5E10871-07D1-48E8-ABF8-801957270CE4}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{543BF0B9-50DE-4A51-ADAF-42127F5D2E1C}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{2DD217DC-2AFA-4D68-B2CF-ADA1F2364264}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{743E506E-3E3F-4827-8076-9AA0040C5414}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAFD9837-95E4-469D-A7E8-06ABA46063DE}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe
FirewallRules: [{0FAEB502-E14D-4939-A6A8-244D5350F547}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe
FirewallRules: [{673ECEFF-6EFD-4A09-998B-9888503B1492}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe
FirewallRules: [{CFE403B5-C691-4DAE-BF52-12F340194F64}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe
FirewallRules: [{1E9B59DF-C948-4266-945C-5AE93937C9EE}] => (Allow) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{0203E568-A224-47A6-89F8-112F71BCB211}] => (Allow) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{EA856CC0-C507-4E96-9579-0B129CD6273E}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe] => (Block) C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe
FirewallRules: [UDP Query User{60DAFC93-C5F2-47EE-8694-E2A7C74D374F}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe] => (Block) C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe
FirewallRules: [{3BC2ED6C-1E1B-4B88-842C-AF7EDF3BA584}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{32595600-4DD5-464A-A818-DFD17D2C8EAE}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{77D4987A-AC25-428B-9ACB-1CBF920AD48E}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3511D6F4-DBE3-464F-94E6-A0F3E56238FC}C:\users\owner\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\owner\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8D75B86D-1E4D-4D6B-B334-E3D3763E2B42}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{2B620B09-DBA9-490C-ACAE-A16901A87CE4}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{97B68B06-CAB6-44EF-A0D7-407195AAABAA}] => (Allow) C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe
FirewallRules: [{5672826E-EA20-47EA-A572-77EF2511987D}] => (Allow) C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe
FirewallRules: [{BEEC241A-BA90-4150-B594-576DD5CBB529}] => (Allow) C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe
FirewallRules: [{631A0E21-89D0-4057-A2E6-D6688596BBCB}] => (Allow) C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe
FirewallRules: [{68026B95-B635-4B4E-9883-C1430621E15A}] => (Allow) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{6D6AF11E-DF60-410E-826F-1A4666D20C46}] => (Allow) C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [TCP Query User{71B9E913-DB94-46FE-8C11-6C5832797F75}C:\program files (x86)\luckywire\luckywire.exe] => (Allow) C:\program files (x86)\luckywire\luckywire.exe
FirewallRules: [UDP Query User{3FE532E0-2092-40B0-8EF3-514E06282FE3}C:\program files (x86)\luckywire\luckywire.exe] => (Allow) C:\program files (x86)\luckywire\luckywire.exe
FirewallRules: [TCP Query User{2007745D-6D9E-47E1-87C9-19DBEC9C972B}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe] => (Block) C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe
FirewallRules: [UDP Query User{D71A3971-F5B8-4772-8D1D-5C8A37FD7FD7}C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe] => (Block) C:\users\owner\documents\vuze downloads\heroes over europe\heroes over europe\heroes2.exe
FirewallRules: [{3D1CE419-E3EE-4904-AF6A-ED10B7B63C5C}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{38C9EE8C-B8C9-4D74-99D5-E4EEE31C9101}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{515F347E-6B10-4FD3-B850-896F296377C4}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [UDP Query User{6EF7121F-2748-44DE-9934-09E9807783DF}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [{977796B3-1E02-45FE-B689-E0B474524668}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{1A13A48E-5475-45B1-AC30-C2F323181F53}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{5D2F1BFF-EFCA-4E39-8DC1-AC7FC6C8E549}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{A5ED236A-1D30-45B6-A387-9C7C8EC401DF}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [TCP Query User{7BD76936-67B7-4D1C-A661-593CBC604C5E}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe
FirewallRules: [UDP Query User{85081895-C77F-4E5F-8E89-A1561CB1F813}C:\program files\shareaza\shareaza.exe] => (Allow) C:\program files\shareaza\shareaza.exe
FirewallRules: [TCP Query User{AF5782F4-29C7-4328-82E4-9B169F800C61}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{DD128279-0910-48E0-9D6F-3530F804A54C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{4A00BE5E-C4BB-406A-9C1C-111E498D2754}] => (Allow) C:\Program Files (x86)\WarThunderDev\launcher.exe
FirewallRules: [{74FD960D-0204-4EC6-9405-C928CDB27F6C}] => (Allow) C:\Program Files (x86)\WarThunderDev\launcher.exe
FirewallRules: [{5D3B0F77-681B-4BF6-973F-C855F16B443E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{12AA15F5-BB5F-49CC-A3F0-7F131D82B4E5}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{05E88CCD-91BB-459B-91A2-8575DAB3D889}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{A0208C98-7633-4F97-9701-5138D1F50098}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0543AA67-EFEF-48CB-A54A-E55248412302}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8D8977CB-FD86-48F0-B70D-630C93B72306}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{6A4611D8-38C5-46C8-9677-D1F5EBB63634}C:\program files (x86)\warthunder\launcher.exe] => (Block) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [UDP Query User{D635811C-907C-4BA5-9BB7-A03D4B92C769}C:\program files (x86)\warthunder\launcher.exe] => (Block) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [TCP Query User{B0E16C88-EB41-40D8-9D3A-CB7A89C101E0}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{AE9A77FE-DE46-48D8-ACB6-966C08183A55}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [TCP Query User{E38558DB-7354-4C79-8329-00D620FFA8F0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{58534CE6-32B2-4188-94B4-9694300709A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{4CD324AF-862E-4619-8325-B26102F003FB}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6E55\HPDiagnosticCoreUI.exe
FirewallRules: [{CA65A48D-1C4E-4C60-8B60-5971AE48A3D7}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS6E55\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{07FA16CF-8E53-46D0-8EF4-98F43854C6C3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{AC95E5A8-C4A2-40B8-B8FC-67652C4B46F0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2D80C42C-041C-4225-B704-A2249D61814C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{07898DC9-9BC5-47AF-B6CC-C27D7C79420F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{60ABEBFC-BBD4-4A43-827E-463B00E4379D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8DCF127-A930-44D0-854F-F4F36033C251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D45E0402-3769-444F-AD1E-B5FDC7D0D918}] => (Allow) E:\install\data\Disk1\setup.exe
FirewallRules: [{17ABD4EB-72AB-4552-A7E1-738AA045AA2A}] => (Allow) E:\install\data\Disk1\setup.exe
FirewallRules: [TCP Query User{A36C05D2-0977-453F-A653-AB2BCDD9D688}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{6B5E252F-F1FA-4E6B-AF7A-0C0DE4BB37B1}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{F1F0FA83-9FB5-4003-BAF1-54734BDE87A3}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{045B515A-278C-41F9-99DF-E9D541FDAE7F}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4034B617-6B8D-4015-A932-8EB2E7B1BB19}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{2D4BE10F-8FBB-4B4E-AEA7-9DA052168303}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{9366515B-744A-488A-8DF6-DBA9E7CCC573}] => (Allow) LPort=1689
FirewallRules: [{BB916D80-4841-43B3-AB07-D1293D5F0B82}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EB2D3A8E-B730-4F88-AF3C-12D8E3082F96}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{B880294E-D4BD-42BA-9DA5-2277E86966DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{301CDF90-CE68-473F-9BEF-E38DB843B7B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48A21795-96F2-494A-901D-1D10223D04F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC590E6A-69AD-48B6-B836-06D68987EAE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53C8BFB3-44B9-460F-A1A4-4B56DAAD797B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA2135F6-3391-46EC-AF57-CD1565039942}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E4006AF8-6EBB-4E93-9137-DAF3C2616420}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2662DE4E-3C4E-4EE4-AE76-7FB49D99BABE}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [TCP Query User{20A8A227-51F6-41BD-BDB6-FAB90B83EC6D}C:\program files (x86)\sony\media go\mediago.exe] => (Block) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [UDP Query User{E8CB7A32-53DA-4735-B88A-4F925B5CBD75}C:\program files (x86)\sony\media go\mediago.exe] => (Block) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [{765C2B3C-2F60-48B9-8734-F350C2FF2DB0}] => (Allow) LPort=1688
FirewallRules: [{2300150D-3AA1-428A-8458-A27DFB895C59}] => (Allow) C:\Program Files (x86)\Gaijin\Wings of Prey\launcher.exe
FirewallRules: [{52BA9802-9554-4905-896A-BF7B4629D395}] => (Allow) C:\Program Files (x86)\Gaijin\Wings of Prey\launcher.exe
FirewallRules: [{8B176D70-5855-4EB9-9D94-6632FA4B9370}] => (Allow) C:\Program Files (x86)\Gaijin\Wings of Prey\acess.exe
FirewallRules: [{36776038-946C-4A26-AAEF-BF4BD4A97249}] => (Allow) C:\Program Files (x86)\Gaijin\Wings of Prey\acess.exe
FirewallRules: [{90B979A9-F4F7-4A9D-A12B-F954782347BA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{170F6442-A579-415F-A7FC-4E1863253430}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9F5BE4E0-ABE0-4A29-A254-341B6D8C2FEF}C:\program files (x86)\warthunder\win32\aces.exe] => (Allow) C:\program files (x86)\warthunder\win32\aces.exe
FirewallRules: [UDP Query User{F2114CC7-7210-4349-BC0E-8C975A3654DB}C:\program files (x86)\warthunder\win32\aces.exe] => (Allow) C:\program files (x86)\warthunder\win32\aces.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

05-06-2016 19:00:21 Windows Backup
12-06-2016 19:00:10 Windows Backup
19-06-2016 19:00:15 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2016 09:59:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.6.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1300

Start Time: 01d1cc9eb8cdaa95

Termination Time: 31

Application Path: C:\Users\Owner\Desktop\FRST64.exe

Report Id: 3000da6d-3892-11e6-b0dc-6431503ceaa3

Error: (06/22/2016 06:25:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe95e40668
Faulting process id: 0xb88
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/21/2016 08:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe96630668
Faulting process id: 0xa94
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/21/2016 02:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe958c0668
Faulting process id: 0xb30
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/21/2016 10:39:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94e90668
Faulting process id: 0x3bc
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/20/2016 06:37:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe95f80668
Faulting process id: 0x5e4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/20/2016 06:15:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94450668
Faulting process id: 0x428
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/19/2016 08:59:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe95690668
Faulting process id: 0xcd8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/19/2016 07:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94e90668
Faulting process id: 0x7a8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3

Error: (06/17/2016 06:29:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 13.0.0.0, time stamp: 0x5312d36b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x000007fe94d40668
Faulting process id: 0xc90
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3


System errors:
=============
Error: (06/22/2016 06:31:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/22/2016 06:28:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (06/22/2016 06:28:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (06/22/2016 06:26:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2016 08:23:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2016 08:22:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/21/2016 07:46:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/21/2016 02:43:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2016 01:47:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/21/2016 10:40:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2014-02-03 19:53:02.683
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:53:02.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:45.362
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:45.136
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:09.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:09.717
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:03.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:52:03.201
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:50:32.270
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-03 19:50:32.038
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 245 Processor
Percentage of memory in use: 67%
Total physical RAM: 2815.29 MB
Available physical RAM: 915.71 MB
Total Virtual: 5628.76 MB
Available Virtual: 2726.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:686.49 GB) (Free:302.59 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.04 GB) (Free:1.44 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CCC43D8D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Here is the anwMBR file:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-22 10:09:31
-----------------------------
10:09:31.786 OS Version: Windows x64 6.1.7601 Service Pack 1
10:09:31.787 Number of processors: 2 586 0x603
10:09:31.787 ComputerName: OWNER-HP UserName: Owner
10:09:38.283 Initialize success
10:09:38.351 VM: initialized successfully
10:09:38.351 VM: Amd CPU BiosDisabled
10:09:41.654 AVAST engine defs: 16062201
10:09:59.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
10:09:59.208 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
10:09:59.318 Disk 0 MBR read successfully
10:09:59.320 Disk 0 MBR scan
10:09:59.373 Disk 0 unknown MBR code
10:09:59.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:09:59.394 Disk 0 default boot code
10:09:59.397 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702969 MB offset 206848
10:09:59.462 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12333 MB offset 1439887360
10:09:59.516 Disk 0 scanning C:\Windows\system32\drivers
10:10:16.352 Service scanning
10:10:41.345 Modules scanning
10:10:41.360 Disk 0 trace - called modules:
10:10:41.376 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:10:41.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800323b5d0]
10:10:41.392 3 CLASSPNP.SYS[fffff8800199f43f] -> nt!IofCallDriver -> [0xfffffa80031de040]
10:10:41.392 5 amd_xata.sys[fffff88000fec8b4] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8002d57240]
10:10:44.590 AVAST engine scan C:\Windows
10:10:49.956 AVAST engine scan C:\Windows\system32
10:13:40.137 AVAST engine scan C:\Windows\system32\drivers
10:13:55.273 AVAST engine scan C:\Users\Owner
10:17:32.652 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
10:17:32.653 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-06-22 10:19:11
-----------------------------
10:19:11.621 OS Version: Windows x64 6.1.7601 Service Pack 1
10:19:11.621 Number of processors: 2 586 0x603
10:19:11.621 ComputerName: OWNER-HP UserName: Owner
10:19:14.756 Initialize success
10:19:14.772 VM: initialized successfully
10:19:14.787 VM: Amd CPU BiosDisabled
10:19:16.800 AVAST engine defs: 16062201
10:19:17.892 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
10:19:17.892 Disk 0 Vendor: Hitachi_ JP3O Size: 715404MB BusType: 11
10:19:18.063 Disk 0 MBR read successfully
10:19:18.063 Disk 0 MBR scan
10:19:18.063 Disk 0 unknown MBR code
10:19:18.079 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:19:18.079 Disk 0 default boot code
10:19:18.095 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702969 MB offset 206848
10:19:18.141 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12333 MB offset 1439887360
10:19:18.297 Disk 0 scanning C:\Windows\system32\drivers
10:19:30.185 Service scanning
10:19:51.198 Modules scanning
10:19:51.198 Disk 0 trace - called modules:
10:19:51.213 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:19:51.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800323b5d0]
10:19:51.229 3 CLASSPNP.SYS[fffff8800199f43f] -> nt!IofCallDriver -> [0xfffffa80031de040]
10:19:51.229 5 amd_xata.sys[fffff88000fec8b4] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8002d57240]
10:19:56.268 AVAST engine scan C:\Windows
10:20:08.296 AVAST engine scan C:\Windows\system32
10:24:31.731 AVAST engine scan C:\Windows\system32\drivers
10:24:46.332 AVAST engine scan C:\Users\Owner
10:52:21.909 Disk 0 statistics 4316284/0/0 @ 1.20 MB/s
10:52:21.909 Scan stopped
10:52:31.019 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
10:52:31.035 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


About the aswMBR file above, I just wanted to let you know that the first time I ran it, it looked like it wasn't doing anything so I stopped it and saved the log. Then I decided to run it again. After 33 minutes, it seemed to not be doing anything again so I stopped it again and attached the log. Both logs are in the same aswMBR file above. Please let me know if I did this wrong and if you want me to re-run the aswMBR and let it run until it finishes (if it's supposed to, all I ever saw was the "Stop" button, never a "Done" or "Finished" button).

Also, the first time I ran the aswMBR, Avast found nine threats. I didn't do anything with the pop-ups, they just disappeared after a few seconds.

Thank you!