Get rid of problem called APPBUSY II [Archive]

View Full Version : Get rid of problem called APPBUSY II

thepilgrim

2015-02-17, 19:43

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Lawrence (administrator) on HAL on 17-02-2015 09:06:26
Running from C:\Users\Lawrence\Desktop\Download
Loaded Profiles: Lawrence (Available profiles: Lawrence)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Over the Rainbow Tech) C:\ProgramData\LolliScan\ColorMedia.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft) C:\Program Files\pastaleads\PastaLeadsApplication.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [WinCheck] => C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe [323584 2015-02-15] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe [378880 2014-11-27] (Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2443816963-3265071215-2752545654-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2443816963-3265071215-2752545654-1001] => http=127.0.0.1:8800;https=127.0.0.1:8800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.wnd.com/
CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ColorMedia; C:\ProgramData\LolliScan\ColorMedia.exe [1546208 2015-02-15] (Over the Rainbow Tech) [File not signed]
R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 09:01 - 2015-02-17 09:06 - 00000000 ____D () C:\FRST
2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
2015-02-17 08:56 - 2015-02-17 08:56 - 00002201 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-16 19:57 - 2015-02-17 08:38 - 00000232 _____ () C:\Windows\setupact.log
2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 18:32 - 2015-02-17 09:01 - 00068064 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-02-15 17:54 - 2015-02-15 18:42 - 00000000 ____D () C:\Program Files\ver4SpeedCheck
2015-02-15 17:54 - 2015-02-15 18:41 - 00000000 ____D () C:\Program Files\QuickRef_1.10.0.8
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
2015-02-15 17:46 - 2015-02-15 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\wincheck
2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
2015-02-15 17:45 - 2015-02-16 09:39 - 00000000 ____D () C:\ProgramData\2abfacb28a86414db67072195669c416
2015-02-15 17:45 - 2015-02-16 09:02 - 00005352 _____ () C:\Windows\system32\ColorMedia.ini
2015-02-15 17:45 - 2015-02-16 09:02 - 00002952 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-02-15 17:45 - 2015-02-15 17:45 - 00000000 ____D () C:\Program Files\ospd_us_851
2015-02-15 17:44 - 2015-02-16 13:48 - 00000000 ____D () C:\ProgramData\LolliScan
2015-02-15 17:44 - 2015-02-16 01:49 - 00000000 ____D () C:\ProgramData\pastaleads
2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
2015-02-15 17:44 - 2015-02-15 18:40 - 00000000 ____D () C:\Program Files\pastaleads
2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 14:49 - 2015-02-10 14:49 - 00000000 ____D () C:\Program Files\PlatinumHideIP
2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam
2015-01-18 14:50 - 2015-01-18 14:50 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\.rFactor
2015-01-18 14:45 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
2015-01-18 14:44 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\rFactor2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 09:06 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
2015-02-17 09:00 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
2015-02-17 08:46 - 2015-01-01 11:54 - 00000000 __RDO () C:\Users\Lawrence\OneDrive
2015-02-17 08:42 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-02-17 08:41 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 20:14 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2015-02-16 20:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:19 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:13 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 18:12 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-16 12:07 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
2015-02-16 10:46 - 2015-01-07 21:21 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-16 03:41 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 14:45 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-04 09:02 - 2015-01-04 13:15 - 00000450 _____ () C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU

==================== Files in the root of some directories =======

2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-16 03:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Lawrence at 2015-02-17 09:06:46
Running from C:\Users\Lawrence\Desktop\Download
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

12-02-2015 08:11:21 Before uninstalling Lex Mortis
14-02-2015 10:47:15 Backup_2015_02_14
15-02-2015 18:31:59 Before uninstalling AnySend
15-02-2015 18:34:38 Backup_2015_02_15

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {32D7C83E-2B11-404A-8633-58E6E7AAFB28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {3AC82ED0-4209-4AA5-8601-D65DB0048A20} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2014-12-11] (Easeware)
Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-02-15 16:01 - 2015-02-15 16:01 - 00323584 _____ () C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 16:10 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"

==================== Accounts: =============================

Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 08:36:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (02/16/2015 06:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e00

Start Time: 01d04a59bdc8851e

Termination Time: 4294967295

Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

Report Id: 458bba71-b64d-11e4-974b-f04da23a6f8a

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2015 06:19:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 06:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 00:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3044

Start Time: 01d04a22e8442773

Termination Time: 2

Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Report Id: f45b7eb0-b617-11e4-974a-f04da23a6f8a

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2015 11:48:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 11:45:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 10:58:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 10:58:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/16/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.111, time stamp: 0x54d1cb7f
Faulting module name: chrome.dll, version: 40.0.2214.111, time stamp: 0x54d1c75d
Exception code: 0xc0000005
Fault offset: 0x0124956a
Faulting process id: 0x2e08
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

System errors:
=============
Error: (02/16/2015 09:07:33 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-17 08:52:33.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-17 08:42:27.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 19:03:32.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:57:26.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:39:00.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:31:53.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:25:36.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:19:46.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 18:05:23.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 17:45:02.189
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 63%
Total physical RAM: 3062.92 MB
Available physical RAM: 1128.73 MB
Total Pagefile: 6134.92 MB
Available Pagefile: 3272.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1630.54 GB) NTFS
Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.93 GB) NTFS
Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 09:10:32
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Lawrence - HAL
# Running from : C:\Users\Lawrence\Desktop\Download\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ColorMedia

***** [ Files / Folders ] *****

File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Folder Found : C:\Program Files\pastaleads
Folder Found : C:\Program Files\QuickRef_1.10.0.8
Folder Found : C:\Program Files\youtubeadblocker
Folder Found : C:\ProgramData\2abfacb28a86414db67072195669c416
Folder Found : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\Users\Lawrence\AppData\Local\PackageAware
Folder Found : C:\Users\Lawrence\AppData\Local\wincheck

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\QuickRef_1.10.0.8
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.111

*************************

AdwCleaner[R0].txt - [2885 bytes] - [17/02/2015 09:10:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2944 bytes] ##########

ken545

2015-02-18, 01:31

thepilgrim

2015-02-18, 03:04

:snwelcome:

Lets start over again, this time have AdwCleaner remove it all

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

http://i24.photobucket.com/albums/c30/ken545/MBAM203_zps0a230260.jpg (http://s24.photobucket.com/user/ken545/media/MBAM203_zps0a230260.jpg.html)

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished click on VIEW DETAILED LOG
When it opens click on COPY TO CLIPBOARD
Then paste the log back into this thread for review
Exit Malwarebytes

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 17:33:52
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Lawrence - HAL
# Running from : C:\Users\Lawrence\Desktop\Utilities\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : ColorMedia

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\2abfacb28a86414db67072195669c416
Folder Deleted : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
Folder Deleted : C:\Program Files\pastaleads
Folder Deleted : C:\Program Files\QuickRef_1.10.0.8
Folder Deleted : C:\Program Files\youtubeadblocker
Folder Deleted : C:\Users\Lawrence\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lawrence\AppData\Local\wincheck
Folder Deleted : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\QuickRef_1.10.0.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x86
Ran by Lawrence on Tue 02/17/2015 at 17:38:46.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2443816963-3265071215-2752545654-1001
Successfully deleted: [File] C:\Windows\System32\Tasks\DriverNavigator Scheduled Scan
Successfully deleted: [File] C:\Windows\Tasks\DriverNavigator Scheduled Scan.job

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/17/2015 at 17:41:09.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/17/2015
Scan Time: 5:48:50 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.18.01
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: Lawrence

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308835
Time Elapsed: 9 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\LolliScan, Quarantined, [48a19e818efc8caa13267c1546bd34cc],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_851, Quarantined, [b5341807a0ead165d5bc1b61de25ad53],
PUP.Optional.SpeedCheck.A, C:\Program Files\ver4SpeedCheck, Quarantined, [0cdd7ea13f4bfd3989e5a4d9847fbb45],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

Files: 17
PUP.Optional.TenkiTechnology, C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe, Quarantined, [519820ffe8a2ee483990e1b0e32233cd],
PUP.Optional.SelectNGo.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [42a73de2deac54e226f0355f748fac54],
PUP.Optional.SelectNGo.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [7c6dd6493159af8726f0266e857ee11f],
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMedia.ini, Quarantined, [94554ed17218fc3acc14d93dab5a7987],
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, Quarantined, [27c21d022d5d43f303de61b557ae42be],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMedia.tlb, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMedia64.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMediaCrt.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\nssckbi.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\nssdbm3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RfndNSIS.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia.exe, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia.ini, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia64.exe, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\softokn3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\sqlite3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ssl3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

Physical Sectors: 0
(No malicious items detected)

(end)

ken545

2015-02-18, 08:51

:bigthumb:

No need to quote what I post it just uses up space on this thread

Running from C:\Users\Lawrence\Desktop\Download <-- This is where your running FRST from, most of our tools run better just run from the desktop in lieu of running out a a folder. So go into your download folder and look for FRST, right click on it and select CUT, then come back to your desktop and right click on a blank space and select PASTE

Open up FRST, make sure your checkmark ADDITIONS and run a new scan and post both logs please

thepilgrim

2015-02-18, 17:21

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Lawrence (administrator) on HAL on 18-02-2015 08:16:36
Running from C:\Users\Lawrence\Desktop
Loaded Profiles: Lawrence (Available profiles: Lawrence)
Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
(GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.wnd.com/
CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 08:16 - 2015-02-18 08:16 - 00017680 _____ () C:\Users\Lawrence\Desktop\FRST.txt
2015-02-17 18:06 - 2015-02-17 18:52 - 00005366 _____ () C:\Windows\PFRO.log
2015-02-17 17:47 - 2015-02-18 05:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 17:47 - 2015-02-17 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 17:46 - 2015-02-17 17:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-17 17:46 - 2015-02-17 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-17 17:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 17:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 17:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 09:10 - 2015-02-17 17:33 - 00000000 ____D () C:\AdwCleaner
2015-02-17 09:01 - 2015-02-18 08:16 - 00000000 ____D () C:\FRST
2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-17 08:52 - 2015-02-17 08:52 - 01125888 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST.exe
2015-02-16 19:57 - 2015-02-18 08:11 - 00001392 _____ () C:\Windows\setupact.log
2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 18:32 - 2015-02-18 07:28 - 00287696 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 14:49 - 2015-02-17 17:59 - 00000000 ____D () C:\Program Files\PlatinumHideIP
2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 08:16 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
2015-02-18 08:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 08:02 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
2015-02-18 05:29 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-17 22:39 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2015-02-17 20:25 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
2015-02-17 19:36 - 2015-01-01 11:54 - 00000000 ___DO () C:\Users\Lawrence\OneDrive
2015-02-17 19:36 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 19:33 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 19:32 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
2015-02-17 19:32 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 18:46 - 2015-01-09 16:43 - 00040960 ___SH () C:\Users\Lawrence\Desktop\Thumbs.db
2015-02-17 18:46 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
2015-02-17 18:06 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\WinStore
2015-02-17 18:05 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU
2015-01-19 20:47 - 2015-01-18 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
2015-01-19 20:47 - 2015-01-18 14:44 - 00000000 ____D () C:\Program Files\rFactor2

==================== Files in the root of some directories =======

2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp

Some content of TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\Quarantine.exe
C:\Users\Lawrence\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-16 03:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Lawrence at 2015-02-18 08:17:13
Running from C:\Users\Lawrence\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

12-02-2015 08:11:21 Before uninstalling Lex Mortis
14-02-2015 10:47:15 Backup_2015_02_14
15-02-2015 18:31:59 Before uninstalling AnySend
15-02-2015 18:34:38 Backup_2015_02_15

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {AD05C108-3710-4BB7-840B-682A15992F92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
2015-01-01 13:32 - 2015-01-15 15:42 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"

==================== Accounts: =============================

Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2015 05:41:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume (E:) was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (02/18/2015 05:29:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/17/2015 07:36:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/17/2015 06:57:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/17/2015 06:13:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/17/2015 06:10:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

System errors:
=============
Error: (02/17/2015 07:32:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:04 PM on ‎2/‎17/‎2015 was unexpected.

Error: (02/17/2015 06:05:30 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:05:00 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:04:08 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:03:37 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:03:07 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:02:37 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:02:07 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:01:17 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 06:00:47 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-18 08:12:47.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-18 05:29:18.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

Date: 2015-02-18 05:29:18.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

Date: 2015-02-18 05:29:18.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

Date: 2015-02-18 05:29:18.091
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

Date: 2015-02-18 05:29:18.091
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

Date: 2015-02-17 20:35:00.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-17 20:01:49.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-17 19:54:46.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-17 19:42:00.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
Percentage of memory in use: 36%
Total physical RAM: 3062.92 MB
Available physical RAM: 1943.46 MB
Total Pagefile: 6134.92 MB
Available Pagefile: 3725.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1626.58 GB) NTFS
Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.43 GB) NTFS
Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ken545

2015-02-18, 18:22

I see a lot of files in your download folder running as a task but they dont Google so I dont know what they are, can you tell me about them ?
C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE

While I am looking over your logs run this quick scan and post the log

Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

thepilgrim

2015-02-18, 21:32

As far as file: C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE I have no idea what it was as it is not presently in the download folder or the recycle bin.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\games\world_of_tanks\res\audio\objects_ice_crack.fsb
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack01.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack02.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack03.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\hockenheim\textures\road_crack1.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\jyllandsringen\textures\road_crack01.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp_10\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1_blend.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\valerbanen\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\models\pitlane_crack.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\textures\road_crack.dds
c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\age3.exe
c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\age3y.exe
c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\tnt-fix.rar
scanner sequence 3.KG.11.JRNAPZ
----- EOF -----

ken545

2015-02-19, 00:27

age of empires ultimate collection full

Did you download and install this program through the torrents ?

thepilgrim

2015-02-19, 00:34

Yes. Although I have the same that I purchased from Steam. The ones in the Steam directory will not let me use legal utilities and such from HeavenGames site for some reason so I downloaded torrents instead versions to use instead.

ken545

2015-02-19, 00:51

I am afraid unless you uninstall that program this is as far as we can go because this forum as well as all the other malware removal forums do not support illegal software. The greater percentage of of programs downloaded through the torrents have some malicious code installed with them. If I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime.

If you decide to uninstall that program, after your done run a new scan with CKScanner and post the new log

thepilgrim

2015-02-19, 01:59

Uninstalled AOE files

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\games\world_of_tanks\res\audio\objects_ice_crack.fsb
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack01.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack02.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack03.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\hockenheim\textures\road_crack1.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\jyllandsringen\textures\road_crack01.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp_10\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1_blend.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\valerbanen\textures\road_crack.dds
c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\models\pitlane_crack.gmt
c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\textures\road_crack.dds
scanner sequence 3.DK.11.TNBDB0
----- EOF -----

ken545

2015-02-19, 02:26

Thanks for understanding

I am attaching a FIXLIST file, you need to download it to your desktop where you have FRST or the fix wont work, after you download it , open up FRST and click on FIX ( Not Scan), it wont take long, after your computer reboots you will see a FIXLOG on your desktop , post it please

thepilgrim

2015-02-19, 04:40

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Lawrence at 2015-02-18 19:22:00 Run:1
Running from C:\Users\Lawrence\Desktop
Loaded Profiles: Lawrence (Available profiles: Lawrence)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe
C:\Program Files\pastaleads
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download
C:\Users\Lawrence\Desktop\Download
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PastaLeadsApplication => value deleted successfully.
"C:\Program Files\pastaleads" => File/Directory not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup => Moved successfully.
C:\Program Files\turbodiagnosis => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis => Moved successfully.
C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DF5BD81-FF92-4884-891E-0676F18C33F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DF5BD81-FF92-4884-891E-0676F18C33F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{585C5A65-7276-411E-B096-DD00B7FAA632}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{585C5A65-7276-411E-B096-DD00B7FAA632}" => Key deleted successfully.
C:\Windows\System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37F099FC-14B3-4156-A702-9FB96C88A6C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F5920B-E0A7-43A7-A8BC-F462CAEB005B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F5920B-E0A7-43A7-A8BC-F462CAEB005B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67E9DC32-7267-4146-87E9-E8D4160E8988}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E9DC32-7267-4146-87E9-E8D4160E8988}" => Key deleted successfully.
C:\Windows\System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6846BEA3-D043-4A26-87C7-514C17A1B0F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6846BEA3-D043-4A26-87C7-514C17A1B0F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8394D802-9149-491A-9738-A8C830A02F08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{775D6F64-3739-47E8-9B08-CCE706FFD3BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775D6F64-3739-47E8-9B08-CCE706FFD3BF}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A28690F-B7E0-4CF3-B96E-3FC6506F2C96}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A28690F-B7E0-4CF3-B96E-3FC6506F2C96}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{816B3A58-9D34-438C-A00B-2C6ECF4FB150}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{816B3A58-9D34-438C-A00B-2C6ECF4FB150}" => Key deleted successfully.
C:\Windows\System32\Tasks\CXFYCNE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CXFYCNE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C5FD9E5-4136-4806-808F-8C7755933664}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C5FD9E5-4136-4806-808F-8C7755933664}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A93320F-D8C5-4607-9148-7F92851FFDF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A93320F-D8C5-4607-9148-7F92851FFDF1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E35FC523-AA21-4577-9FBC-94AE40E6776A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1450527-2F8C-4B3E-8DEC-908F9D16D37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1450527-2F8C-4B3E-8DEC-908F9D16D37A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2EC0AA0-AA43-46C0-9E1B-6168884B7E21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2EC0AA0-AA43-46C0-9E1B-6168884B7E21}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E8FCC46D-BA56-49B7-838A-7743019951A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86F8B03-D14C-451A-A4C5-F76A5F3930E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86F8B03-D14C-451A-A4C5-F76A5F3930E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D5B60F-65AC-416B-B5BD-78CDE903DC6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D5B60F-65AC-416B-B5BD-78CDE903DC6F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D487DED9-ED95-452D-8D45-C980AC4BD006}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94E8A300-183B-4355-9EEA-DA41CFB81F16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD167435-E825-43BB-AA4B-2D99A85F4F52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD167435-E825-43BB-AA4B-2D99A85F4F52}" => Key deleted successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFF8AFA4-F0C9-4832-9779-D8497E977125}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF8AFA4-F0C9-4832-9779-D8497E977125}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A6320549-8626-41EA-90CB-7C75D150832C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0594B1A-015A-422C-9019-A317EE6A6B83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0594B1A-015A-422C-9019-A317EE6A6B83}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A}" => Key deleted successfully.
C:\Windows\System32\Tasks\PastaLeads => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaLeads" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDC538E6-FF25-4C82-BFD6-33599D4A8276}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDC538E6-FF25-4C82-BFD6-33599D4A8276}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3110D307-CD4E-4FCF-8721-D063943CEC29}" => Key deleted successfully.
C:\Users\Lawrence\Desktop\Download => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 475.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:23:25 ====

ken545

2015-02-19, 12:59

Good,

How are things running now ?

thepilgrim

2015-02-19, 15:10

Working great! I want to thank you for all your help and patience.
I think I learned a lesson. :bigthumb:

Lonnie.

ken545

2015-02-19, 15:39

Thats great Lonnie, remember what I said about downloading that garbage using the torrents, your just asking for trouble if you do. Also glad your back on track and things are working well for you again.

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

==========================================================

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.

http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)

Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

==========================================================

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken