thepilgrim
2015-02-17, 20:43
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Lawrence (administrator) on HAL on 17-02-2015 09:06:26
Running from C:\Users\Lawrence\Desktop\Download
Loaded Profiles: Lawrence (Available profiles: Lawrence)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Over the Rainbow Tech) C:\ProgramData\LolliScan\ColorMedia.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft) C:\Program Files\pastaleads\PastaLeadsApplication.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [WinCheck] => C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe [323584 2015-02-15] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe [378880 2014-11-27] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2443816963-3265071215-2752545654-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2443816963-3265071215-2752545654-1001] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.wnd.com/
CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ColorMedia; C:\ProgramData\LolliScan\ColorMedia.exe [1546208 2015-02-15] (Over the Rainbow Tech) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 09:01 - 2015-02-17 09:06 - 00000000 ____D () C:\FRST
2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
2015-02-17 08:56 - 2015-02-17 08:56 - 00002201 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-16 19:57 - 2015-02-17 08:38 - 00000232 _____ () C:\Windows\setupact.log
2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 18:32 - 2015-02-17 09:01 - 00068064 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-02-15 17:54 - 2015-02-15 18:42 - 00000000 ____D () C:\Program Files\ver4SpeedCheck
2015-02-15 17:54 - 2015-02-15 18:41 - 00000000 ____D () C:\Program Files\QuickRef_1.10.0.8
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
2015-02-15 17:46 - 2015-02-15 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\wincheck
2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
2015-02-15 17:45 - 2015-02-16 09:39 - 00000000 ____D () C:\ProgramData\2abfacb28a86414db67072195669c416
2015-02-15 17:45 - 2015-02-16 09:02 - 00005352 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 17:45 - 2015-02-16 09:02 - 00002952 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 17:45 - 2015-02-15 17:45 - 00000000 ____D () C:\Program Files\ospd_us_851
2015-02-15 17:44 - 2015-02-16 13:48 - 00000000 ____D () C:\ProgramData\LolliScan
2015-02-15 17:44 - 2015-02-16 01:49 - 00000000 ____D () C:\ProgramData\pastaleads
2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
2015-02-15 17:44 - 2015-02-15 18:40 - 00000000 ____D () C:\Program Files\pastaleads
2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 00000000 ____D () C:\Program Files\PlatinumHideIP
2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam
2015-01-18 14:50 - 2015-01-18 14:50 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\.rFactor
2015-01-18 14:45 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
2015-01-18 14:44 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\rFactor2
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 09:06 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
2015-02-17 09:00 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
2015-02-17 08:46 - 2015-01-01 11:54 - 00000000 __RDO () C:\Users\Lawrence\OneDrive
2015-02-17 08:42 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-02-17 08:41 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 20:14 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2015-02-16 20:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:19 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:13 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:12 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-16 12:07 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
2015-02-16 10:46 - 2015-01-07 21:21 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-16 03:41 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 14:45 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-04 09:02 - 2015-01-04 13:15 - 00000450 _____ () C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU
==================== Files in the root of some directories =======
2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 03:41
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Lawrence at 2015-02-17 09:06:46
Running from C:\Users\Lawrence\Desktop\Download
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-02-2015 08:11:21 Before uninstalling Lex Mortis
14-02-2015 10:47:15 Backup_2015_02_14
15-02-2015 18:31:59 Before uninstalling AnySend
15-02-2015 18:34:38 Backup_2015_02_15
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32D7C83E-2B11-404A-8633-58E6E7AAFB28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {3AC82ED0-4209-4AA5-8601-D65DB0048A20} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2014-12-11] (Easeware)
Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-02-15 16:01 - 2015-02-15 16:01 - 00323584 _____ () C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
==================== Accounts: =============================
Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/17/2015 08:36:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error: (02/16/2015 06:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e00
Start Time: 01d04a59bdc8851e
Termination Time: 4294967295
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: 458bba71-b64d-11e4-974b-f04da23a6f8a
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2015 06:19:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 06:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 00:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 3044
Start Time: 01d04a22e8442773
Termination Time: 2
Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Report Id: f45b7eb0-b617-11e4-974a-f04da23a6f8a
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2015 11:48:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 11:45:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:58:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:58:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.111, time stamp: 0x54d1cb7f
Faulting module name: chrome.dll, version: 40.0.2214.111, time stamp: 0x54d1c75d
Exception code: 0xc0000005
Fault offset: 0x0124956a
Faulting process id: 0x2e08
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
System errors:
=============
Error: (02/16/2015 09:07:33 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-17 08:52:33.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-17 08:42:27.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 19:03:32.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:57:26.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:39:00.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:31:53.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:25:36.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:19:46.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:05:23.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 17:45:02.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 63%
Total physical RAM: 3062.92 MB
Available physical RAM: 1128.73 MB
Total Pagefile: 6134.92 MB
Available Pagefile: 3272.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1863.01 GB) (Free:1630.54 GB) NTFS
Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.93 GB) NTFS
Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
# AdwCleaner v4.110 - Logfile created 17/02/2015 at 09:10:32
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Lawrence - HAL
# Running from : C:\Users\Lawrence\Desktop\Download\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : ColorMedia
***** [ Files / Folders ] *****
File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Folder Found : C:\Program Files\pastaleads
Folder Found : C:\Program Files\QuickRef_1.10.0.8
Folder Found : C:\Program Files\youtubeadblocker
Folder Found : C:\ProgramData\2abfacb28a86414db67072195669c416
Folder Found : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\Users\Lawrence\AppData\Local\PackageAware
Folder Found : C:\Users\Lawrence\AppData\Local\wincheck
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\QuickRef_1.10.0.8
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [2885 bytes] - [17/02/2015 09:10:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2944 bytes] ##########
Ran by Lawrence (administrator) on HAL on 17-02-2015 09:06:26
Running from C:\Users\Lawrence\Desktop\Download
Loaded Profiles: Lawrence (Available profiles: Lawrence)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Over the Rainbow Tech) C:\ProgramData\LolliScan\ColorMedia.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft) C:\Program Files\pastaleads\PastaLeadsApplication.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [WinCheck] => C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe [323584 2015-02-15] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe [378880 2014-11-27] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-2443816963-3265071215-2752545654-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2443816963-3265071215-2752545654-1001] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.wnd.com/
CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ColorMedia; C:\ProgramData\LolliScan\ColorMedia.exe [1546208 2015-02-15] (Over the Rainbow Tech) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 09:01 - 2015-02-17 09:06 - 00000000 ____D () C:\FRST
2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
2015-02-17 08:56 - 2015-02-17 08:56 - 00002201 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-16 19:57 - 2015-02-17 08:38 - 00000232 _____ () C:\Windows\setupact.log
2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 18:32 - 2015-02-17 09:01 - 00068064 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-02-15 17:54 - 2015-02-15 18:42 - 00000000 ____D () C:\Program Files\ver4SpeedCheck
2015-02-15 17:54 - 2015-02-15 18:41 - 00000000 ____D () C:\Program Files\QuickRef_1.10.0.8
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
2015-02-15 17:46 - 2015-02-15 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\wincheck
2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
2015-02-15 17:45 - 2015-02-16 09:39 - 00000000 ____D () C:\ProgramData\2abfacb28a86414db67072195669c416
2015-02-15 17:45 - 2015-02-16 09:02 - 00005352 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 17:45 - 2015-02-16 09:02 - 00002952 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 17:45 - 2015-02-15 17:45 - 00000000 ____D () C:\Program Files\ospd_us_851
2015-02-15 17:44 - 2015-02-16 13:48 - 00000000 ____D () C:\ProgramData\LolliScan
2015-02-15 17:44 - 2015-02-16 01:49 - 00000000 ____D () C:\ProgramData\pastaleads
2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
2015-02-15 17:44 - 2015-02-15 18:40 - 00000000 ____D () C:\Program Files\pastaleads
2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 00000000 ____D () C:\Program Files\PlatinumHideIP
2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam
2015-01-18 14:50 - 2015-01-18 14:50 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\.rFactor
2015-01-18 14:45 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
2015-01-18 14:44 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\rFactor2
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-17 09:06 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
2015-02-17 09:00 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
2015-02-17 08:46 - 2015-01-01 11:54 - 00000000 __RDO () C:\Users\Lawrence\OneDrive
2015-02-17 08:42 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-02-17 08:41 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 20:14 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2015-02-16 20:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:19 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:13 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:12 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-16 12:07 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
2015-02-16 10:46 - 2015-01-07 21:21 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-16 03:41 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 14:45 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-04 09:02 - 2015-01-04 13:15 - 00000450 _____ () C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU
==================== Files in the root of some directories =======
2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 03:41
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Lawrence at 2015-02-17 09:06:46
Running from C:\Users\Lawrence\Desktop\Download
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-02-2015 08:11:21 Before uninstalling Lex Mortis
14-02-2015 10:47:15 Backup_2015_02_14
15-02-2015 18:31:59 Before uninstalling AnySend
15-02-2015 18:34:38 Backup_2015_02_15
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32D7C83E-2B11-404A-8633-58E6E7AAFB28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {3AC82ED0-4209-4AA5-8601-D65DB0048A20} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2014-12-11] (Easeware)
Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-02-15 16:01 - 2015-02-15 16:01 - 00323584 _____ () C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
==================== Accounts: =============================
Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/17/2015 08:36:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error: (02/16/2015 06:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e00
Start Time: 01d04a59bdc8851e
Termination Time: 4294967295
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
Report Id: 458bba71-b64d-11e4-974b-f04da23a6f8a
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2015 06:19:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 06:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 00:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 3044
Start Time: 01d04a22e8442773
Termination Time: 2
Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Report Id: f45b7eb0-b617-11e4-974a-f04da23a6f8a
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2015 11:48:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 11:45:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:58:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:58:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (02/16/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.111, time stamp: 0x54d1cb7f
Faulting module name: chrome.dll, version: 40.0.2214.111, time stamp: 0x54d1c75d
Exception code: 0xc0000005
Fault offset: 0x0124956a
Faulting process id: 0x2e08
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
System errors:
=============
Error: (02/16/2015 09:07:33 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-17 08:52:33.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-17 08:42:27.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 19:03:32.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:57:26.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:39:00.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:31:53.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:25:36.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:19:46.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 18:05:23.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-16 17:45:02.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 63%
Total physical RAM: 3062.92 MB
Available physical RAM: 1128.73 MB
Total Pagefile: 6134.92 MB
Available Pagefile: 3272.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1863.01 GB) (Free:1630.54 GB) NTFS
Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.93 GB) NTFS
Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
# AdwCleaner v4.110 - Logfile created 17/02/2015 at 09:10:32
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Lawrence - HAL
# Running from : C:\Users\Lawrence\Desktop\Download\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : ColorMedia
***** [ Files / Folders ] *****
File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Folder Found : C:\Program Files\pastaleads
Folder Found : C:\Program Files\QuickRef_1.10.0.8
Folder Found : C:\Program Files\youtubeadblocker
Folder Found : C:\ProgramData\2abfacb28a86414db67072195669c416
Folder Found : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\Users\Lawrence\AppData\Local\PackageAware
Folder Found : C:\Users\Lawrence\AppData\Local\wincheck
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\QuickRef_1.10.0.8
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [2885 bytes] - [17/02/2015 09:10:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2944 bytes] ##########