Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Get rid of problem called APPBUSY II

  1. #1
    Junior Member
    Join Date
    Feb 2015
    Posts
    9

    Default Get rid of problem called APPBUSY II

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by Lawrence (administrator) on HAL on 17-02-2015 09:06:26
    Running from C:\Users\Lawrence\Desktop\Download
    Loaded Profiles: Lawrence (Available profiles: Lawrence)
    Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Over the Rainbow Tech) C:\ProgramData\LolliScan\ColorMedia.exe
    (GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
    (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
    (GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
    () C:\Program Files\Unlocker\UnlockerAssistant.exe
    (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
    () C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Valve Corporation) C:\Program Files\Steam\Steam.exe
    (Microsoft) C:\Program Files\pastaleads\PastaLeadsApplication.exe
    (ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
    (Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
    (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
    HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
    HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM\...\Run: [WinCheck] => C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe [323584 2015-02-15] ()
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe [378880 2014-11-27] (Microsoft)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
    ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-2443816963-3265071215-2752545654-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-2443816963-3265071215-2752545654-1001] => http=127.0.0.1:8800;https=127.0.0.1:8800
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.wnd.com/
    CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
    CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
    CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
    CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
    CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
    CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
    CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
    CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
    CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
    CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
    CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
    CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
    CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
    CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
    CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
    CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
    CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
    CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
    CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
    CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
    CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
    CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
    CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ColorMedia; C:\ProgramData\LolliScan\ColorMedia.exe [1546208 2015-02-15] (Over the Rainbow Tech) [File not signed]
    R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
    S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
    S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
    S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
    R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
    R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
    R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
    R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
    R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
    S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
    R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
    R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
    R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
    S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
    R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
    S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
    R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
    R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
    R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
    R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
    R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
    R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
    R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
    S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-17 09:01 - 2015-02-17 09:06 - 00000000 ____D () C:\FRST
    2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
    2015-02-17 08:56 - 2015-02-17 08:56 - 00002201 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-02-16 19:57 - 2015-02-17 08:38 - 00000232 _____ () C:\Windows\setupact.log
    2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-16 18:32 - 2015-02-17 09:01 - 00068064 _____ () C:\Windows\WindowsUpdate.log
    2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
    2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
    2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
    2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2015-02-15 17:54 - 2015-02-15 18:42 - 00000000 ____D () C:\Program Files\ver4SpeedCheck
    2015-02-15 17:54 - 2015-02-15 18:41 - 00000000 ____D () C:\Program Files\QuickRef_1.10.0.8
    2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
    2015-02-15 17:46 - 2015-02-15 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\wincheck
    2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
    2015-02-15 17:45 - 2015-02-16 09:39 - 00000000 ____D () C:\ProgramData\2abfacb28a86414db67072195669c416
    2015-02-15 17:45 - 2015-02-16 09:02 - 00005352 _____ () C:\Windows\system32\ColorMedia.ini
    2015-02-15 17:45 - 2015-02-16 09:02 - 00002952 _____ () C:\Windows\system32\ColorMediaOff.ini
    2015-02-15 17:45 - 2015-02-15 17:45 - 00000000 ____D () C:\Program Files\ospd_us_851
    2015-02-15 17:44 - 2015-02-16 13:48 - 00000000 ____D () C:\ProgramData\LolliScan
    2015-02-15 17:44 - 2015-02-16 01:49 - 00000000 ____D () C:\ProgramData\pastaleads
    2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
    2015-02-15 17:44 - 2015-02-15 18:40 - 00000000 ____D () C:\Program Files\pastaleads
    2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
    2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
    2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
    2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
    2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
    2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
    2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
    2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 14:49 - 2015-02-10 14:49 - 00000000 ____D () C:\Program Files\PlatinumHideIP
    2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
    2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
    2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
    2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
    2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
    2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
    2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
    2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
    2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
    2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
    2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
    2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
    2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
    2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
    2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
    2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
    2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
    2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
    2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
    2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
    2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
    2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
    2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
    2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
    2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
    2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
    2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
    2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
    2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
    2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
    2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
    2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
    2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
    2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
    2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
    2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
    2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
    2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
    2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
    2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
    2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
    2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
    2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
    2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
    2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
    2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
    2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
    2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
    2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
    2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
    2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam
    2015-01-18 14:50 - 2015-01-18 14:50 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\.rFactor
    2015-01-18 14:45 - 2015-01-19 20:47 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
    2015-01-18 14:44 - 2015-01-19 20:47 - 00000000 ____D () C:\Program Files\rFactor2

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-17 09:06 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
    2015-02-17 09:00 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-17 08:46 - 2015-01-01 11:54 - 00000000 __RDO () C:\Users\Lawrence\OneDrive
    2015-02-17 08:42 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
    2015-02-17 08:41 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-16 20:14 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
    2015-02-16 20:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-16 18:19 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-16 18:13 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-16 18:12 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-02-16 12:07 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
    2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
    2015-02-16 10:46 - 2015-01-07 21:21 - 00000000 ____D () C:\Program Files\youtubeadblocker
    2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
    2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
    2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
    2015-02-16 03:41 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
    2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
    2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
    2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
    2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
    2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
    2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
    2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 14:45 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
    2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
    2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
    2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
    2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
    2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
    2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
    2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
    2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
    2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
    2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
    2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
    2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-02-04 09:02 - 2015-01-04 13:15 - 00000450 _____ () C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
    2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
    2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
    2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
    2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
    2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
    2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
    2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
    2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
    2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU

    ==================== Files in the root of some directories =======

    2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
    2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
    2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
    2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-16 03:41

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
    Ran by Lawrence at 2015-02-17 09:06:46
    Running from C:\Users\Lawrence\Desktop\Download
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
    Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
    AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
    AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
    AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
    AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
    AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
    AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
    AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
    AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
    AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
    AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
    AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
    Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
    Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
    Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
    Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
    Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
    Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
    Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
    e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
    Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
    Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
    GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
    iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
    iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
    iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
    Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
    Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
    Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
    Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
    New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
    PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
    Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
    Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
    Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
    Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
    RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
    Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
    RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
    Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
    Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
    STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
    Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
    The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
    UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
    World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
    XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
    Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    12-02-2015 08:11:21 Before uninstalling Lex Mortis
    14-02-2015 10:47:15 Backup_2015_02_14
    15-02-2015 18:31:59 Before uninstalling AnySend
    15-02-2015 18:34:38 Backup_2015_02_15

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
    Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
    Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {32D7C83E-2B11-404A-8633-58E6E7AAFB28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
    Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
    Task: {3AC82ED0-4209-4AA5-8601-D65DB0048A20} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2014-12-11] (Easeware)
    Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
    Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
    Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
    Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
    Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
    Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
    Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
    2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
    2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
    2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
    2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
    2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
    2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
    2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
    2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
    2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
    2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
    2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
    2015-02-15 16:01 - 2015-02-15 16:01 - 00323584 _____ () C:\Users\Lawrence\AppData\Local\wincheck\wincheck.exe
    2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
    2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
    2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
    2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
    2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
    2015-02-05 16:10 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-05 16:10 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-05 16:10 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
    2015-02-05 16:10 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
    AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
    Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
    Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/17/2015 08:36:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

    Error: (02/16/2015 06:33:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 40.0.2214.111 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e00

    Start Time: 01d04a59bdc8851e

    Termination Time: 4294967295

    Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe

    Report Id: 458bba71-b64d-11e4-974b-f04da23a6f8a

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/16/2015 06:19:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 06:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 00:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 3044

    Start Time: 01d04a22e8442773

    Termination Time: 2

    Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: f45b7eb0-b617-11e4-974a-f04da23a6f8a

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/16/2015 11:48:42 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 11:45:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 10:58:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 10:58:24 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/16/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 40.0.2214.111, time stamp: 0x54d1cb7f
    Faulting module name: chrome.dll, version: 40.0.2214.111, time stamp: 0x54d1c75d
    Exception code: 0xc0000005
    Fault offset: 0x0124956a
    Faulting process id: 0x2e08
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5


    System errors:
    =============
    Error: (02/16/2015 09:07:33 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-17 08:52:33.198
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-17 08:42:27.866
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 19:03:32.122
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:57:26.308
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:39:00.073
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:31:53.287
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:25:36.982
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:19:46.826
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 18:05:23.116
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-16 17:45:02.189
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
    Percentage of memory in use: 63%
    Total physical RAM: 3062.92 MB
    Available physical RAM: 1128.73 MB
    Total Pagefile: 6134.92 MB
    Available Pagefile: 3272.9 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1909.32 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1863.01 GB) (Free:1630.54 GB) NTFS
    Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.93 GB) NTFS
    Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
    Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    # AdwCleaner v4.110 - Logfile created 17/02/2015 at 09:10:32
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [Server]
    # Operating system : Windows 8.1 (x86)
    # Username : Lawrence - HAL
    # Running from : C:\Users\Lawrence\Desktop\Download\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : ColorMedia

    ***** [ Files / Folders ] *****

    File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
    File Found : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
    Folder Found : C:\Program Files\pastaleads
    Folder Found : C:\Program Files\QuickRef_1.10.0.8
    Folder Found : C:\Program Files\youtubeadblocker
    Folder Found : C:\ProgramData\2abfacb28a86414db67072195669c416
    Folder Found : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
    Folder Found : C:\ProgramData\apn
    Folder Found : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
    Folder Found : C:\ProgramData\pastaleads
    Folder Found : C:\Users\Lawrence\AppData\Local\PackageAware
    Folder Found : C:\Users\Lawrence\AppData\Local\wincheck

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
    Key Found : HKCU\Software\Microsoft\KanarCore
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
    Key Found : HKLM\SOFTWARE\NpApp
    Key Found : HKLM\SOFTWARE\QuickRef_1.10.0.8
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Google Chrome v40.0.2214.111

    *************************

    AdwCleaner[R0].txt - [2885 bytes] - [17/02/2015 09:10:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2944 bytes] ##########

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Lets start over again, this time have AdwCleaner remove it all

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished click on VIEW DETAILED LOG
    • When it opens click on COPY TO CLIPBOARD
    • Then paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Feb 2015
    Posts
    9

    Default

    Quote Originally Posted by ken545 View Post


    Lets start over again, this time have AdwCleaner remove it all

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.




    ===============================================================================

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished click on VIEW DETAILED LOG
    • When it opens click on COPY TO CLIPBOARD
    • Then paste the log back into this thread for review
    • Exit Malwarebytes

    # AdwCleaner v4.110 - Logfile created 17/02/2015 at 17:33:52
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [Server]
    # Operating system : Windows 8.1 (x86)
    # Username : Lawrence - HAL
    # Running from : C:\Users\Lawrence\Desktop\Utilities\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : ColorMedia

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\pastaleads
    Folder Deleted : C:\ProgramData\2abfacb28a86414db67072195669c416
    Folder Deleted : C:\ProgramData\9e9e7682afdb4368ba941f2b3aa6721e
    Folder Deleted : C:\Program Files\pastaleads
    Folder Deleted : C:\Program Files\QuickRef_1.10.0.8
    Folder Deleted : C:\Program Files\youtubeadblocker
    Folder Deleted : C:\Users\Lawrence\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Lawrence\AppData\Local\wincheck
    Folder Deleted : C:\ProgramData\bfbepojaenklhojbjhhmhhbodikifoal
    File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
    File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKCU\Software\Microsoft\KanarCore
    Key Deleted : HKLM\SOFTWARE\NpApp
    Key Deleted : HKLM\SOFTWARE\QuickRef_1.10.0.8
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8800;hxxps=127.0.0.1:8800
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

    ***** [ Web browsers ] *****

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 8.1 x86
    Ran by Lawrence on Tue 02/17/2015 at 17:38:46.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2443816963-3265071215-2752545654-1001
    Successfully deleted: [File] C:\Windows\System32\Tasks\DriverNavigator Scheduled Scan
    Successfully deleted: [File] C:\Windows\Tasks\DriverNavigator Scheduled Scan.job



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 02/17/2015 at 17:41:09.73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/17/2015
    Scan Time: 5:48:50 PM
    Logfile: MBAM Log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.18.01
    Rootkit Database: v2015.02.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x86
    File System: NTFS
    User: Lawrence

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 308835
    Time Elapsed: 9 min, 25 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 11
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\LolliScan, Quarantined, [48a19e818efc8caa13267c1546bd34cc],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.OneSoftPerDay.A, C:\Program Files\ospd_us_851, Quarantined, [b5341807a0ead165d5bc1b61de25ad53],
    PUP.Optional.SpeedCheck.A, C:\Program Files\ver4SpeedCheck, Quarantined, [0cdd7ea13f4bfd3989e5a4d9847fbb45],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

    Files: 17
    PUP.Optional.TenkiTechnology, C:\Program Files\PlatinumHideIP\PlatinumHideIP.exe, Quarantined, [519820ffe8a2ee483990e1b0e32233cd],
    PUP.Optional.SelectNGo.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [42a73de2deac54e226f0355f748fac54],
    PUP.Optional.SelectNGo.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [7c6dd6493159af8726f0266e857ee11f],
    PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMedia.ini, Quarantined, [94554ed17218fc3acc14d93dab5a7987],
    PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, Quarantined, [27c21d022d5d43f303de61b557ae42be],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMedia.tlb, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMedia64.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ColorMediaCrt.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\nssckbi.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\nssdbm3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RfndNSIS.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia.exe, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia.ini, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\RgsBTMedia64.exe, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\softokn3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\sqlite3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],
    PUP.Optional.LolliScan.A, C:\ProgramData\LolliScan\ssl3.dll, Quarantined, [1ecbe639d8b2d06663c5622de023629e],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    No need to quote what I post it just uses up space on this thread

    Running from C:\Users\Lawrence\Desktop\Download <-- This is where your running FRST from, most of our tools run better just run from the desktop in lieu of running out a a folder. So go into your download folder and look for FRST, right click on it and select CUT, then come back to your desktop and right click on a blank space and select PASTE

    Open up FRST, make sure your checkmark ADDITIONS and run a new scan and post both logs please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Feb 2015
    Posts
    9

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by Lawrence (administrator) on HAL on 18-02-2015 08:16:36
    Running from C:\Users\Lawrence\Desktop
    Loaded Profiles: Lawrence (Available profiles: Lawrence)
    Platform: Microsoft Windows 8.1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe
    (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
    () C:\Program Files\Unlocker\UnlockerAssistant.exe
    (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
    (Nick Thissen) C:\Program Files\iRacing Setup Sync\bin\iRacingSetupSync.exe
    (GFI Software Development Ltd.) C:\Program Files\GFI\LanGuard 11 Agent\mantle.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Valve Corporation) C:\Program Files\Steam\Steam.exe
    (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
    HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-10-23] (Realtek Semiconductor)
    HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\Run: [PastaLeadsApplication] => C:\Program Files\pastaleads\PastaLeadsApplication.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk
    ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll ()
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-04]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.wnd.com/
    CHR StartupUrls: Default -> "hxxp://www.weather.com/weather/tenday/Hillsboro+OR+97123:4:US"
    CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Angry Birds) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-01]
    CHR Extension: (Mahjong Words 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\akoaibgodkfmengiiainfdbjmmamfall [2015-01-01]
    CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
    CHR Extension: (Adguard AdBlocker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
    CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01]
    CHR Extension: (Pool) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2015-01-01]
    CHR Extension: (AdBlock+) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2015-01-01]
    CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-01-04]
    CHR Extension: (AdBlock Premium) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-01]
    CHR Extension: (Flixster) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-01-01]
    CHR Extension: (Crackle) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-01-01]
    CHR Extension: (Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-01]
    CHR Extension: (Online 8 Ball Pool Multiplayer) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime [2015-01-01]
    CHR Extension: (G Disconnect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook [2015-01-01]
    CHR Extension: (RT News) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-01-01]
    CHR Extension: (Numerics Calculator & Converter) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-01-01]
    CHR Extension: (Summer Fields 2) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkllododjcgdppaocnhcjpncemnmmfon [2015-01-01]
    CHR Extension: (Plants vs Zombies) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-01-01]
    CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01]
    CHR Extension: (Bastion) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2015-01-01]
    CHR Extension: (Edgeworld) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2015-01-01]
    CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [802080 2015-01-31] (iRacing.com Motorsport Simulations, LLC
    Bedford, MA 01730)
    R4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
    R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
    S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
    S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
    S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-23] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
    R3 athr; C:\Windows\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [200704 2014-06-21] (Advanced Micro Devices)
    R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
    S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
    R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-02-26] (EZB Systems, Inc.) [File not signed]
    R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
    R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    S3 OA002Afx; C:\Windows\system32\Drivers\OA002Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
    R3 OA002Ufd; C:\Windows\system32\DRIVERS\OA002Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
    R3 OA002Vid; C:\Windows\system32\DRIVERS\OA002Vid.sys [268672 2008-08-01] (Creative Technology Ltd.)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [283864 2014-12-07] (Realsil Semiconductor Corporation)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
    R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [228048 2013-07-04] (GFI Software)
    S3 SBFWIMCL; C:\Windows\system32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
    R3 SBFWIMCLMP; C:\Windows\system32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
    S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
    R3 sbwtis; C:\Windows\system32\DRIVERS\sbwtis.sys [76064 2012-12-11] (GFI Software)
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
    R3 WmBEnum; C:\Windows\system32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
    R3 WmFilter; C:\Windows\system32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
    R3 WmHidLo; C:\Windows\system32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
    R3 WmVirHid; C:\Windows\system32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
    R3 WmXlCore; C:\Windows\system32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
    R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
    S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-04] (Realsil Semiconductor Corporation)
    S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
    S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
    S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-18 08:16 - 2015-02-18 08:16 - 00017680 _____ () C:\Users\Lawrence\Desktop\FRST.txt
    2015-02-17 18:06 - 2015-02-17 18:52 - 00005366 _____ () C:\Windows\PFRO.log
    2015-02-17 17:47 - 2015-02-18 05:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-17 17:47 - 2015-02-17 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-17 17:46 - 2015-02-17 17:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-17 17:46 - 2015-02-17 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-17 17:46 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-17 17:46 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-17 17:46 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-17 09:10 - 2015-02-17 17:33 - 00000000 ____D () C:\AdwCleaner
    2015-02-17 09:01 - 2015-02-18 08:16 - 00000000 ____D () C:\FRST
    2015-02-17 08:58 - 2015-02-17 08:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAL-Windows-8.1-(32-bit).dat
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\RegBackup
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-02-17 08:56 - 2015-02-17 08:56 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-02-17 08:52 - 2015-02-17 08:52 - 01125888 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST.exe
    2015-02-16 19:57 - 2015-02-18 08:11 - 00001392 _____ () C:\Windows\setupact.log
    2015-02-16 19:57 - 2015-02-16 19:57 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-16 18:32 - 2015-02-18 07:28 - 00287696 _____ () C:\Windows\WindowsUpdate.log
    2015-02-16 18:12 - 2015-02-16 18:12 - 00019056 _____ () C:\Windows\system32\FirewallConfig.xml
    2015-02-16 10:53 - 2013-08-21 22:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150216-105309.backup
    2015-02-16 10:23 - 2015-02-16 13:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-02-16 10:23 - 2015-02-16 11:58 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-02-16 10:23 - 2015-02-16 10:23 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-02-16 10:23 - 2015-02-16 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-02-16 10:23 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-02-15 18:40 - 2015-02-15 18:40 - 00001474 _____ () C:\ProgramData\tempimage.bmp
    2015-02-15 17:59 - 2015-02-15 17:59 - 00002190 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2015-02-15 17:59 - 2015-02-15 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2015-02-15 17:54 - 2015-02-15 17:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf
    2015-02-15 17:45 - 2015-02-16 18:13 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\8F4C56EF-1F90-6647-97B8-F04F569F545F
    2015-02-15 17:44 - 2015-02-15 18:43 - 00000000 ____D () C:\Program Files\Win_SCAN
    2015-02-15 17:44 - 2015-02-15 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\turbodiagnosis
    2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\turbodiagnosis
    2015-02-15 17:44 - 2015-02-15 17:44 - 00000000 ____D () C:\Program Files\download Manager
    2015-02-15 17:42 - 2015-02-15 18:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\OAS
    2015-02-14 18:12 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-13 20:19 - 2015-02-13 20:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Cloud
    2015-02-11 19:09 - 2015-02-12 08:15 - 00000000 ____D () C:\Program Files\Lex Mortis
    2015-02-11 18:20 - 2015-02-11 18:20 - 00000875 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-02-10 17:24 - 2015-01-19 10:36 - 01192552 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2015-02-10 17:24 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 17:24 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 17:23 - 2015-01-15 14:37 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 17:23 - 2015-01-15 14:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 17:23 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 17:23 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 17:23 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 17:23 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 17:23 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-10 17:23 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 17:23 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-02-10 17:23 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-02-10 17:23 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-02-10 17:23 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 17:23 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 17:23 - 2015-01-11 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 17:23 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 17:23 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 17:23 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 17:23 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 17:23 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 17:23 - 2015-01-10 00:28 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 17:23 - 2015-01-10 00:28 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-02-10 17:23 - 2015-01-09 23:38 - 03550720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 17:23 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 17:23 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 17:23 - 2014-12-08 15:11 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-02-10 17:23 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 17:23 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 17:23 - 2014-10-28 17:03 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 14:49 - 2015-02-17 17:59 - 00000000 ____D () C:\Program Files\PlatinumHideIP
    2015-02-06 21:16 - 2015-02-06 21:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AMD
    2015-02-05 18:31 - 2015-02-05 18:31 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Sniper3
    2015-02-04 16:23 - 2015-02-04 16:28 - 00000000 ____D () C:\Program Files\Megacubo
    2015-02-04 09:26 - 2015-02-04 09:27 - 00148616 _____ () C:\Windows\Minidump\020415-18203-01.dmp
    2015-02-04 09:22 - 2014-11-18 18:29 - 00735448 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x86.sys
    2015-02-04 09:22 - 2014-11-18 18:29 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
    2015-02-04 09:21 - 2014-12-07 22:13 - 00283864 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
    2015-02-04 09:21 - 2014-01-26 21:39 - 09889496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
    2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 ____D () C:\ProgramData\ATI
    2015-02-04 09:16 - 2015-02-04 16:29 - 00000000 ____D () C:\Program Files\Raptr
    2015-02-04 09:16 - 2015-02-04 09:16 - 00051762 _____ () C:\Windows\system32\CCCInstall_201502040916007685.log
    2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\library_dir
    2015-02-04 09:16 - 2015-02-04 09:16 - 00000000 ____D () C:\Program Files\AMD AVT
    2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 ____D () C:\Windows\system32\RTCOM
    2015-02-04 09:06 - 2014-10-28 18:47 - 03343832 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
    2015-02-04 09:06 - 2014-10-27 17:44 - 00927448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
    2015-02-04 09:06 - 2014-10-27 16:14 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-02-04 09:06 - 2014-10-27 15:50 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO232.dll
    2015-02-04 09:06 - 2014-10-17 16:53 - 02513264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
    2015-02-04 09:06 - 2014-08-18 11:40 - 02354544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
    2015-02-04 09:06 - 2014-08-06 13:43 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
    2015-02-04 09:06 - 2014-04-10 12:19 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2015-02-04 09:06 - 2014-03-06 16:35 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
    2015-02-04 09:06 - 2014-01-08 15:25 - 00332568 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp32.dll
    2015-02-04 09:06 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX32.dll
    2015-02-04 09:06 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO32.dll
    2015-02-04 09:06 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
    2015-02-04 09:06 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
    2015-02-04 09:06 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2015-02-04 09:06 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
    2015-02-04 09:06 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
    2015-02-04 09:06 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
    2015-02-04 09:05 - 2014-06-07 00:00 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
    2015-02-04 09:05 - 2014-02-18 17:04 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
    2015-02-04 09:05 - 2013-10-11 12:47 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2015-02-04 09:05 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
    2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Program Files\Intel
    2015-02-04 08:58 - 2015-02-04 08:58 - 00000000 ____D () C:\Intel
    2015-02-04 08:58 - 2013-08-01 11:33 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
    2015-01-26 14:45 - 2015-01-26 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\Egosoft
    2015-01-26 13:42 - 2015-02-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Mu
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mu
    2015-01-26 12:18 - 2015-01-26 12:18 - 00000000 ____D () C:\Program Files\Mu
    2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\Lawrence\Documents\MoTeC
    2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\ProgramData\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:15 - 00000000 ____D () C:\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
    2015-01-26 12:04 - 2015-01-26 12:04 - 00000000 ____D () C:\Program Files\MoTeC
    2015-01-25 20:59 - 2015-01-25 21:06 - 00000000 ____D () C:\Users\Public\Documents\s.t.a.l.k.e.r. - call of pripyat
    2015-01-25 15:32 - 2015-01-25 15:32 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Gold 2.5
    2015-01-25 15:28 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Gold 2.5
    2015-01-25 15:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Silver 2.5
    2015-01-25 15:01 - 2015-01-25 15:01 - 00000000 ____D () C:\Users\Lawrence\Documents\ChordWizard Silver 2.5
    2015-01-25 15:00 - 2015-01-25 15:28 - 00000000 ____D () C:\Program Files\ChordWizard
    2015-01-23 18:10 - 2015-01-23 18:10 - 00000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync
    2015-01-23 18:08 - 2015-01-23 18:08 - 00000000 ____D () C:\Program Files\iRacing Setup Sync
    2015-01-22 19:38 - 2015-01-22 19:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\next car game technology sneak peek
    2015-01-22 13:30 - 2015-01-22 13:30 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Logitech
    2015-01-19 21:09 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
    2015-01-19 21:01 - 2015-02-14 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Stock Car 2013
    2015-01-19 20:51 - 2015-01-23 19:26 - 00000000 ____D () C:\GSC2013
    2015-01-19 19:29 - 2015-01-19 19:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Steam

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-18 08:16 - 2015-01-01 13:23 - 00000000 ____D () C:\Users\Lawrence\Desktop\Utilities
    2015-02-18 08:09 - 2015-01-01 11:59 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-18 08:02 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-18 05:29 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-02-17 22:39 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
    2015-02-17 20:25 - 2015-01-01 13:30 - 00000000 ____D () C:\Program Files\Steam
    2015-02-17 19:36 - 2015-01-01 11:54 - 00000000 ___DO () C:\Users\Lawrence\OneDrive
    2015-02-17 19:36 - 2014-03-18 00:01 - 00756816 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-17 19:33 - 2015-01-01 11:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-17 19:32 - 2015-01-01 11:52 - 00000000 ____D () C:\Users\Lawrence
    2015-02-17 19:32 - 2013-08-21 23:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-17 18:46 - 2015-01-09 16:43 - 00040960 ___SH () C:\Users\Lawrence\Desktop\Thumbs.db
    2015-02-17 18:46 - 2015-01-02 08:07 - 00000000 ____D () C:\Users\Lawrence\Desktop\Download
    2015-02-17 18:06 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\WinStore
    2015-02-17 18:05 - 2013-08-21 22:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-02-16 10:58 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\rescache
    2015-02-16 09:39 - 2015-01-14 19:41 - 00000000 ____D () C:\ProgramData\{d454b6a4-bc7f-a58e-d454-4b6a4bc7da92}
    2015-02-16 09:21 - 2015-01-01 14:02 - 00013501 _____ () C:\missing.ini
    2015-02-16 09:21 - 2015-01-01 14:01 - 00000000 ____D () C:\ProgramData\TEMP
    2015-02-15 18:12 - 2015-01-01 13:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\uTorrent
    2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Google
    2015-02-15 17:58 - 2015-01-01 11:59 - 00000000 ____D () C:\Program Files\Google
    2015-02-15 14:17 - 2015-01-01 16:27 - 00000000 ____D () C:\Users\Lawrence\Desktop\Library
    2015-02-15 02:36 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\AppReadiness
    2015-02-14 19:31 - 2013-08-22 00:05 - 00000000 ____D () C:\Windows\CbsTemp
    2015-02-14 10:51 - 2015-01-01 15:15 - 00000000 ____D () C:\Users\Lawrence\Desktop\Games
    2015-02-14 08:48 - 2013-08-21 23:22 - 00397552 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-10 21:38 - 2015-01-03 22:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-10 21:35 - 2015-01-03 22:00 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-09 12:57 - 2015-01-01 11:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-09 07:41 - 2015-01-01 16:18 - 00000000 ____D () C:\Program Files\e-Sword
    2015-02-08 23:08 - 2015-01-01 12:27 - 00000000 ____D () C:\ProgramData\VIPRE
    2015-02-08 19:25 - 2013-08-22 00:17 - 00000000 ____D () C:\Windows\LiveKernelReports
    2015-02-05 16:58 - 2015-01-01 13:44 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-02-04 09:26 - 2015-01-07 08:28 - 422979526 _____ () C:\Windows\MEMORY.DMP
    2015-02-04 09:26 - 2015-01-07 08:28 - 00000000 ____D () C:\Windows\Minidump
    2015-02-04 09:22 - 2015-01-04 13:55 - 00000000 ____D () C:\Windows\system32\sda
    2015-02-04 09:22 - 2015-01-04 13:50 - 00000000 ____D () C:\Program Files\Realtek
    2015-02-04 09:16 - 2015-01-04 13:54 - 00000000 ____D () C:\ProgramData\AMD
    2015-02-04 09:15 - 2015-01-04 13:51 - 00000000 ____D () C:\Program Files\ATI Technologies
    2015-02-04 09:15 - 2015-01-01 11:56 - 00000000 ____D () C:\Program Files\AMD
    2015-02-04 09:11 - 2015-01-01 11:56 - 00000000 ____D () C:\AMD
    2015-02-04 09:06 - 2015-01-04 13:50 - 00000000 ___HD () C:\Program Files\Temp
    2015-02-04 09:05 - 2015-01-02 12:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2015-02-03 11:31 - 2015-01-03 22:07 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-02-03 11:31 - 2015-01-03 22:07 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-02-02 18:34 - 2015-01-09 17:44 - 00096744 _____ () C:\Users\Lawrence\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-31 12:09 - 2015-01-13 09:45 - 00000000 ____D () C:\Program Files\iRacing
    2015-01-27 22:00 - 2015-01-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\vlc
    2015-01-26 12:18 - 2015-01-13 18:09 - 00000000 ____D () C:\Users\Lawrence\Documents\iRacing
    2015-01-26 12:03 - 2015-01-01 16:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Downloaded Installations
    2015-01-25 08:05 - 2015-01-01 13:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
    2015-01-23 18:06 - 2015-01-06 17:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\WinZip
    2015-01-23 18:06 - 2015-01-02 06:08 - 00000000 ____D () C:\ProgramData\WinZip
    2015-01-23 14:27 - 2015-01-06 16:01 - 00000000 ____D () C:\Windows\Patches
    2015-01-20 13:45 - 2015-01-02 11:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\AVS4YOU
    2015-01-19 20:47 - 2015-01-18 14:45 - 00000000 ____D () C:\Users\Lawrence\Documents\rFactor2
    2015-01-19 20:47 - 2015-01-18 14:44 - 00000000 ____D () C:\Program Files\rFactor2

    ==================== Files in the root of some directories =======

    2015-01-04 10:13 - 2008-03-19 15:50 - 0097280 _____ () C:\Program Files\Common Files\pcsbClean.exe
    2015-01-04 09:53 - 2008-03-06 19:31 - 0134656 _____ () C:\Program Files\Common Files\PCSBoff.exe
    2015-01-10 11:13 - 2015-01-10 11:13 - 0022328 _____ () C:\Users\Lawrence\AppData\Roaming\PnkBstrK.sys
    2015-01-23 18:10 - 2015-01-23 18:10 - 0000103 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-02-15 18:40 - 2015-02-15 18:40 - 0001474 _____ () C:\ProgramData\tempimage.bmp

    Some content of TEMP:
    ====================
    C:\Users\Lawrence\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lawrence\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-16 03:41

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
    Ran by Lawrence at 2015-02-18 08:17:13
    Running from C:\Users\Lawrence\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
    FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AOE 3 HC Editor (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\AOE 3 HC Editor) (Version: - )
    Assetto Corsa (HKLM\...\Steam App 244210) (Version: - Kunos Simulazioni)
    AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
    AVS Audio Editor 7.3 (HKLM\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
    AVS Disc Creator 5.2 (HKLM\...\AVS Disc Creator_is1) (Version: 5.2.2.532 - Online Media Technologies Ltd.)
    AVS Document Converter 2.3.2 (HKLM\...\AVS Document Converter_is1) (Version: 2.3.2.233 - Online Media Technologies Ltd.)
    AVS Image Converter 3.2.1.277 (HKLM\...\AVS Image Converter_is1) (Version: 3.2.1.277 - Online Media Technologies Ltd.)
    AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
    AVS Photo Editor 2.3.1.144 (HKLM\...\AVS Photo Editor_is1) (Version: 2.3.1.144 - Online Media Technologies Ltd.)
    AVS Registry Cleaner 2.3.4.261 (HKLM\...\AVS Registry Cleaner_is1) (Version: 2.3.4.261 - Online Media Technologies Ltd.)
    AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
    AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
    AVS Video ReMaker 4.3.2.166 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.3.2.166 - Online Media Technologies Ltd.)
    Battlefield: Bad Company 2 (HKLM\...\Steam App 24960) (Version: - DICE)
    Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward)
    Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Crysis (HKLM\...\{8D19172A-45DB-4B0B-92B5-728BFB0F7FE1}_is1) (Version: 1.2.1 - Crytek)
    Crysis (HKLM\...\Steam App 17300) (Version: - Crytek)
    Crysis WARHEAD (HKLM\...\{C3165492-9F0B-4490-A798-0B8B45B8E524}_is1) (Version: - )
    Crysis Warhead (HKLM\...\Steam App 17330) (Version: - Crytek)
    Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    DriverNavigator 3.6.0 (HKLM\...\DriverNavigator_is1) (Version: 3.6.0.0 - Easeware)
    e-Sword (HKLM\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
    F1 2011 (HKLM\...\Steam App 44360) (Version: - Codemasters Birmingham)
    Far Cry (HKLM\...\Steam App 13520) (Version: - Crytek Studios)
    Game Stock Car 2013 version 1.10 (HKLM\...\{0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1) (Version: 1.10 - Reiza Studios Ltda.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    GT Power Expansion (HKLM\...\Steam App 44650) (Version: - SimBin)
    GTR Evolution (HKLM\...\Steam App 8660) (Version: - SimBin)
    iRacing Setup Sync version 3.0 (HKLM\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
    iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations)
    iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    J.C. Ryle Expository Thoughts.cmtx version e-Sword (HKLM\...\{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1) (Version: e-Sword - BibleSupport.com)
    Living Cookbook 2015 (HKLM\...\Living Cookbook 2015) (Version: 5.0.76 - Radium Technologies, Inc.)
    Living Cookbook 2015 (Version: 5.0.76 - Radium Technologies) Hidden
    Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Monitor Webcam Driver (1.01.02.0804) (HKLM\...\Creative OA002) (Version: - )
    MoTeC i2 Pro 1.1 (HKLM\...\{2D9DF9DB-8DEC-4F15-B982-48EAEA5AC681}) (Version: 7.00.3631 - MoTeC)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
    Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Mu (HKLM\...\{4D404DEB-6877-407E-89DE-F32748ABC5E8}) (Version: 1.6.7.0 - Patrick Moore)
    New 3 Editor XY (HKLM\...\New 3 Editor XY) (Version: - )
    PC Study Bible (remove only) (HKLM\...\PC Study Bible) (Version: - )
    Platinum Hide IP (HKLM\...\PlatinumHideIP) (Version: 3.4.1.8 - )
    Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
    Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
    Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit)
    RACE 07 (HKLM\...\Steam App 8600) (Version: - SimBin)
    Race Injection (HKLM\...\Steam App 44680) (Version: - SimBin Studios AB)
    RACE On (HKLM\...\Steam App 8640) (Version: - SimBin)
    Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
    Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Sniper Elite 3 (HKLM\...\Steam App 238090) (Version: - Rebellion)
    Sniper Elite V2 (HKLM\...\Steam App 63380) (Version: - Rebellion)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    STCC II (HKLM\...\Steam App 44620) (Version: - SimBin)
    STCC: The Game (HKLM\...\Steam App 8690) (Version: - SimBin)
    Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Retro Expansion (HKLM\...\Steam App 44660) (Version: - SimBin)
    The WTCC 2010 Pack (HKLM\...\Steam App 44670) (Version: - SimBin)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
    UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
    World of Tanks (HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
    XML Notepad 2007 (HKLM\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
    Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    12-02-2015 08:11:21 Before uninstalling Lex Mortis
    14-02-2015 10:47:15 Backup_2015_02_14
    15-02-2015 18:31:59 Before uninstalling AnySend
    15-02-2015 18:34:38 Backup_2015_02_15

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-21 22:13 - 2015-02-16 10:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00A4B02C-D7A1-4E79-BCAA-5C757E670146} - System32\Tasks\{D9BF4D15-306C-41F2-86FE-512F777C8A72} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\PlatinumHideIP-3.4.1.8.Setup.exe -d C:\Users\Lawrence\Desktop\Download
    Task: {0AD4AE99-E2E3-45D6-8796-5223983DBB6D} - System32\Tasks\Microsoft\Windows\Maintenance\Advanced IC Updating => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
    Task: {1DA50B40-940A-4F25-AF7A-7A0BFDEC0F45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {3321B7D5-DF40-487A-998C-5B5EB6A7288B} - System32\Tasks\Special IC Runner => %LOCALAPPDATA%\8F4C56EF-1F90-6647-97B8-F04F569F545F\Runner.exe
    Task: {4DF5BD81-FF92-4884-891E-0676F18C33F1} - System32\Tasks\{B475A164-2DDB-40A9-AFC3-4EFB1BFAB821} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001124JOBINTRP.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {585C5A65-7276-411E-B096-DD00B7FAA632} - System32\Tasks\{37F099FC-14B3-4156-A702-9FB96C88A6C8} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000120GRACEABD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {59F5920B-E0A7-43A7-A8BC-F462CAEB005B} - System32\Tasks\{AB8A3491-5DF9-4C7A-BDD3-5F6543E5E4EE} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {67E9DC32-7267-4146-87E9-E8D4160E8988} - System32\Tasks\{55F1F4AC-6A6B-4EA1-BD29-75FCAFA28C30} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000208TRAIN12.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {6846BEA3-D043-4A26-87C7-514C17A1B0F4} - System32\Tasks\{8394D802-9149-491A-9738-A8C830A02F08} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000176CHSCOMM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {6EB2115E-F951-40AB-9CD6-D63EE04F58BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {775D6F64-3739-47E8-9B08-CCE706FFD3BF} - System32\Tasks\{BF5415D6-CF2F-4ED9-867D-C2BFFB2AAE79} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000119HOLYWAR.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {7983CDE4-E57D-420E-8D11-1CD4D43E75A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
    Task: {7A28690F-B7E0-4CF3-B96E-3FC6506F2C96} - System32\Tasks\{1C93FB29-FBA4-4DAA-A72F-2375B199FA68} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000187GUYONPO.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {816B3A58-9D34-438C-A00B-2C6ECF4FB150} - System32\Tasks\CXFYCNE => C:\ProgramData\2abfacb28a86414db67072195669c416\2abfacb28a86414db67072195669c416.exe
    Task: {8C5FD9E5-4136-4806-808F-8C7755933664} - System32\Tasks\{C9BF7C87-AB13-4E0E-AA21-E36047DC95A3} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RMSGeneratorAoE3_10LE.exe -d C:\Users\Lawrence\Desktop\Download
    Task: {9A93320F-D8C5-4607-9148-7F92851FFDF1} - System32\Tasks\{E35FC523-AA21-4577-9FBC-94AE40E6776A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000209WATTSHYM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A1450527-2F8C-4B3E-8DEC-908F9D16D37A} - System32\Tasks\{AD2DB5EC-FB1B-4929-AE06-88184DD9EC53} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001105BSPROPH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A2EC0AA0-AA43-46C0-9E1B-6168884B7E21} - System32\Tasks\{E8FCC46D-BA56-49B7-838A-7743019951A7} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001101FREVIVL.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {A86F8B03-D14C-451A-A4C5-F76A5F3930E8} - System32\Tasks\{72D0B385-DF9D-4C26-9999-2DEFEAB89BF4} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001115WHTFIELD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {AD05C108-3710-4BB7-840B-682A15992F92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
    Task: {B9D5B60F-65AC-416B-B5BD-78CDE903DC6F} - System32\Tasks\{D487DED9-ED95-452D-8D45-C980AC4BD006} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001125PROMISLD.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {C829FC9E-ACEC-4152-8344-9C075E6353C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.)
    Task: {C9E108BB-2CE6-4CD9-85D1-22DC72D28FA3} - System32\Tasks\{94E8A300-183B-4355-9EEA-DA41CFB81F16} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000195JFKEEP.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {CD167435-E825-43BB-AA4B-2D99A85F4F52} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {CFF8AFA4-F0C9-4832-9779-D8497E977125} - System32\Tasks\{C6ED5847-35CE-48F3-A5CF-85B41FBD6A8A} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001107ENEMYREC.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {D8BEEEA9-BAE3-4EF5-88F0-7B1F4A242D5C} - System32\Tasks\{A6320549-8626-41EA-90CB-7C75D150832C} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000171JESERM.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {E0594B1A-015A-422C-9019-A317EE6A6B83} - System32\Tasks\{A8A20EAB-661D-4496-8DAB-CF0213CC33CA} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000118PILGRIMS.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {E4D0D4D0-33C1-4A70-AE8B-8D50F3E480C1} - System32\Tasks\{FEE18F95-FF01-43B1-80E0-FBC1269FA29B} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW001128LIFEOFCH.EXE -d C:\Users\Lawrence\Desktop\Download
    Task: {ED4263A0-E27A-4C95-B307-5C668B53A564} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {EF27F2D5-57DF-4D2E-BBFA-6C64FBE0783A} - System32\Tasks\PastaLeads => C:\Program Files\pastaleads\ScheduledTask.exe
    Task: {F1205FF5-6FF5-471D-A32D-12B633629D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search &amp; Destroy 2\SDOnAccess.exe
    Task: {FDC538E6-FF25-4C82-BFD6-33599D4A8276} - System32\Tasks\{3110D307-CD4E-4FCF-8721-D063943CEC29} => pcalua.exe -a C:\Users\Lawrence\Desktop\Download\RW000183FREVIVA.EXE -d C:\Users\Lawrence\Desktop\Download

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files\GFI\LanGuard 11 Agent\apistrings.dll
    2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files\GFI\LanGuard 11 Agent\modlop.dll
    2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files\GFI\LanGuard 11 Agent\httpserverattplugin.dll
    2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files\GFI\LanGuard 11 Agent\crmimodule.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files\GFI\LanGuard 11 Agent\patchautodownload.dll
    2013-08-21 15:55 - 2013-06-18 04:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
    2014-07-17 06:30 - 2014-07-17 06:30 - 00449136 _____ () C:\Program Files\GFI\LanGuard 11 Agent\remediationattplugin.dll
    2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files\GFI\LanGuard 11 Agent\scanmngsys.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedcompactdb.dll
    2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files\GFI\LanGuard 11 Agent\schedupdates.dll
    2012-02-20 22:26 - 2012-02-20 22:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
    2015-02-16 10:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-02-16 10:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-02-16 10:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-02-16 10:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-02-16 10:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2010-07-04 13:32 - 2010-07-04 13:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
    2010-07-04 13:32 - 2010-07-04 13:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2015-01-01 12:28 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
    2015-01-01 12:28 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
    2010-07-04 11:51 - 2010-07-04 11:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
    2015-01-01 13:32 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
    2015-01-01 13:32 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files\Steam\SDL2.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files\Steam\v8.dll
    2015-01-01 13:32 - 2015-01-23 14:34 - 02227904 _____ () C:\Program Files\Steam\video.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files\Steam\icui18n.dll
    2015-01-19 15:55 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files\Steam\icuuc.dll
    2015-01-01 13:32 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
    2015-01-01 13:32 - 2015-01-23 14:33 - 00696512 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
    2015-01-01 13:32 - 2015-01-15 15:42 - 34641288 _____ () C:\Program Files\Steam\bin\libcef.dll
    2015-01-01 13:32 - 2015-01-15 15:42 - 01709960 _____ () C:\Program Files\Steam\bin\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
    AlternateDataStreams: C:\Users\Lawrence\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2443816963-3265071215-2752545654-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2443816963-3265071215-2752545654-500 - Administrator - Disabled)
    Guest (S-1-5-21-2443816963-3265071215-2752545654-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2443816963-3265071215-2752545654-1003 - Limited - Enabled)
    Lawrence (S-1-5-21-2443816963-3265071215-2752545654-1001 - Administrator - Enabled) => C:\Users\Lawrence

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/18/2015 05:41:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume (E was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (02/18/2015 05:29:43 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/17/2015 07:36:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/17/2015 06:57:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/17/2015 06:13:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

    Error: (02/17/2015 06:10:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
    Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


    System errors:
    =============
    Error: (02/17/2015 07:32:23 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:53:04 PM on ‎2/‎17/‎2015 was unexpected.

    Error: (02/17/2015 06:05:30 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:05:00 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:04:08 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:03:37 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:03:07 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:02:37 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:02:07 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:01:17 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (02/17/2015 06:00:47 PM) (Source: DCOM) (EventID: 10010) (User: HAL)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-18 08:12:47.728
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-18 05:29:18.939
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

    Date: 2015-02-18 05:29:18.439
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

    Date: 2015-02-18 05:29:18.327
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

    Date: 2015-02-18 05:29:18.091
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

    Date: 2015-02-18 05:29:18.091
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.

    Date: 2015-02-17 20:35:00.572
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-17 20:01:49.739
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-17 19:54:46.235
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-02-17 19:42:00.583
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz
    Percentage of memory in use: 36%
    Total physical RAM: 3062.92 MB
    Available physical RAM: 1943.46 MB
    Total Pagefile: 6134.92 MB
    Available Pagefile: 3725.52 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1893.11 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1863.01 GB) (Free:1626.58 GB) NTFS
    Drive d: (BitBox) (Fixed) (Total:1862.3 GB) (Free:1243.43 GB) NTFS
    Drive e: () (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 77E3ED41)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=06)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=1862.9 GB) - (Type=06)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 336C9387)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: BA7C33AC)
    Partition 1: (Active) - (Size=1862.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I see a lot of files in your download folder running as a task but they dont Google so I dont know what they are, can you tell me about them ?
    C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE


    While I am looking over your logs run this quick scan and post the log

    Download CKScanner by askey127 from Here & save it to your Desktop.
    • Doubleclick CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Please Run this program only once
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Feb 2015
    Posts
    9

    Default

    As far as file: C:\Users\Lawrence\Desktop\Download\RW000175CHESORTH.EXE I have no idea what it was as it is not presently in the download folder or the recycle bin.


    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\games\world_of_tanks\res\audio\objects_ice_crack.fsb
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack.gmt
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack01.gmt
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack02.gmt
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\models\road_crack03.gmt
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\anderstorp_2007\textures\road_crack.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\hockenheim\textures\road_crack1.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\jyllandsringen\textures\road_crack01.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp\textures\road_crack.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\mantorp_10\textures\road_crack.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\portimao09\texturas\road_crack1_blend.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\valerbanen\textures\road_crack.dds
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\models\pitlane_crack.gmt
    c:\program files\steam\steamapps\common\race 07\gamedata\locations\vara\textures\road_crack.dds
    c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\age3.exe
    c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\age3y.exe
    c:\users\lawrence\downloads\age of empires ultimate collection full\age_of_empires_iii_the_asian_dynasties-flt\age_of_empires_iii_the_asian_dynasties_crack_fix-tnt\tnt-fix.rar
    scanner sequence 3.KG.11.JRNAPZ
    ----- EOF -----

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    age of empires ultimate collection full

    Did you download and install this program through the torrents ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Feb 2015
    Posts
    9

    Default

    Yes. Although I have the same that I purchased from Steam. The ones in the Steam directory will not let me use legal utilities and such from HeavenGames site for some reason so I downloaded torrents instead versions to use instead.

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I am afraid unless you uninstall that program this is as far as we can go because this forum as well as all the other malware removal forums do not support illegal software. The greater percentage of of programs downloaded through the torrents have some malicious code installed with them. If I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime.

    If you decide to uninstall that program, after your done run a new scan with CKScanner and post the new log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •