Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer.exe running in the background?


  • This topic is locked This topic is locked
27 replies to this topic

#1 SyrupWaffle

SyrupWaffle

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 01:36 PM

I've recently noticed that my internet connection is horribly slow, and that there are always 2 iexplorer.exe running in the background even though I never use internet explorer. They seem to be increasing the memory usage as time goes on, and I may fear that I have been infected with malware. Already scanned the pc with Malwarebytes and found some malware, but it doesn't seem to have done the trick of getting rid of the iexplorer.exe. Any suggestion on what I should do? I'm using Windows 7 Home Premium by the way!

 

Heres the FRST Log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Lucas (administrator) on LUCAS-PC on 15-02-2015 19:47:33
Running from C:\Users\Lucas\Documents\Downloads
Loaded Profiles: Lucas &  (Available profiles: Lucas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Language Engineering Corporation, LLC) D:\Powertranslator\LogoMedia TranslateDotNet Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Valve Corporation) D:\Applications\Steam\Steam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(TV) C:\Users\Lucas\AppData\Roaming\show.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Dropbox, Inc.) C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Applications\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) D:\e12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) D:\Applications\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => D:\Applications\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-17] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Applications\Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Google Update] => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-23] (Google Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Steam] => D:\Applications\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [RGSC] => D:\Grand Theft Auto IV\RGSC\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [f.lux] => C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify Web Helper] => C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [iFunBox Price Watch] => D:\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [LUCAS-PC] => C:\Users\Lucas\AppData\Roaming\show.exe [1606072 2014-12-16] (TV)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [YgPack] => regsvr32.exe C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL <===== ATTENTION
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Tuiqryvac] => "C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe"
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [CAHeadless] => D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Agworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify] => C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {5d82d543-6213-11e2-a344-c8600058f512} - F:\CMADownloader.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {dff48bc9-e93d-11e1-866d-c8600058f512} - G:\Autorun.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-23] (Google Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Applications\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Grand Theft Auto IV\RGSC\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iFunBox Price Watch] => D:\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LUCAS-PC] => C:\Users\Lucas\AppData\Roaming\show.exe [1606072 2014-12-16] (TV)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YgPack] => regsvr32.exe C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL <===== ATTENTION
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Tuiqryvac] => "C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe"
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CAHeadless] => D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Agworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5d82d543-6213-11e2-a344-c8600058f512} - F:\CMADownloader.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dff48bc9-e93d-11e1-866d-c8600058f512} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lucas.exe (TV)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> D:\Dark Messah\Dark Messiah of Might and Magic\RegistrationReminder.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: deeAlsimarket -> {9997c176-3c78-48c2-a71a-1f01f4225fef} -> C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: cRazylOwoeReprice -> {d39e133d-037d-4198-a823-fd1dbf7b72a6} -> C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.x64.dll ()
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> D:\Powertranslator\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\ESO\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: Påloggingshjelp for Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: deeAlsimarket -> {9997c176-3c78-48c2-a71a-1f01f4225fef} -> C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: iSkysoft Video Converter Ultimate -> {C7C3BC26-4F2B-4997-A3CB-163337FE975B} -> D:\Applications\Video Converter Ultimate\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
BHO-x32: cRazylOwoeReprice -> {d39e133d-037d-4198-a823-fd1dbf7b72a6} -> C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - D:\Powertranslator\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2FBE43C8-440F-4C31-A848-11EE4F494494}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{3294BD7C-0149-4151-BAA1-5D80411875B1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5309734A-36EC-46C7-926B-4784C7190C0E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8BD2B2C3-A050-4CCD-ADD8-90CDE0AB4FE2}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{98BE0671-7976-4BAF-8258-EFCCADA692A5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9C563302-D8F2-48B8-95B0-5E580F1C17F5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B12CEA13-0EA0-4F6F-B479-C13FD0C29659}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\ESO\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/O1DPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
FF Extension: iSkysoft Video Converter Ultimate - D:\Applications\Video Converter Ultimate\SVRFirefoxExt [2013-09-27]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Users\Lucas\Desktop\Babylon\Utils\ocr@babylon.com
FF HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
FF HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide Fedora) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (4chan X) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2015-01-29]
CHR Extension: (Add to Wunderlist) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlfeafapmnniobpffacckpddijdjgpmj [2015-01-27]
CHR Extension: (Facebook Unseen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-01-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [hlfeafapmnniobpffacckpddijdjgpmj] - D:\Applications\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; D:\e12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-21] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Applications\Hamachi\hamachi-2.exe [2485608 2015-01-20] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LEC TranslateDotNet Server; D:\Powertranslator\LogoMedia TranslateDotNet Server.exe [1955520 2011-07-05] (Language Engineering Corporation, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S3 ArcService; D:\ESO\Arc\ArcService.exe [X]
S3 Origin Client Service; D:\Applications\Origin\OriginClientService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-02] ()
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14759520 2012-05-21] (Intel Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
S1 avdgmctu; \??\C:\Windows\system32\drivers\avdgmctu.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Lucas\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RivaTuner64; \??\C:\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 19:47 - 2015-02-15 19:47 - 00000000 ____D () C:\FRST
2015-02-15 19:04 - 2014-12-16 14:02 - 01606072 ___SH (TV) C:\Users\Lucas\AppData\Roaming\show.exe
2015-02-15 19:01 - 2015-02-15 19:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-15 18:54 - 2015-02-15 19:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 18:54 - 2015-02-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 18:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 18:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 18:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 13:37 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:37 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:12 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:12 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:12 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:12 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:12 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:12 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:12 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:12 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:12 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:12 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:12 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 16:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:11 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:11 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:11 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:11 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:11 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:11 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:11 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:11 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:11 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:11 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:11 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 16:11 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:11 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 16:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 16:11 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:11 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:11 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 16:11 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 16:11 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-09 20:15 - 2015-02-09 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 18:54 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys
2015-02-06 18:54 - 2011-07-22 10:33 - 00025056 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2015-02-06 18:53 - 2015-02-06 18:53 - 00003036 _____ () C:\Windows\System32\Tasks\{5A73C415-FD4B-454D-AB3B-27A08EB793BF}
2015-02-03 20:34 - 2015-02-09 19:39 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Wunderlist
2015-02-03 20:17 - 2015-02-03 20:17 - 00002519 _____ () C:\Users\Public\Desktop\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00002505 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00000000 ____D () C:\Program Files (x86)\Wunderlist
2015-02-01 13:32 - 2015-02-15 19:12 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-01 13:26 - 2015-02-01 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 13:26 - 2015-02-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-02-01 13:25 - 2015-02-01 13:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-01 13:25 - 2015-02-01 13:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-02-01 13:24 - 2015-02-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-01 13:24 - 2015-02-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-01 13:23 - 2015-02-01 13:23 - 00000000 __RHD () C:\MSOCache
2015-01-29 14:49 - 2015-01-29 14:49 - 00003218 _____ () C:\Windows\System32\Tasks\{DC0D883F-D69E-46D7-803A-57A01201D1F8}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003210 _____ () C:\Windows\System32\Tasks\{7656A07E-F55E-40FD-9C57-CA7CD2A551B9}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003208 _____ () C:\Windows\System32\Tasks\{0A495603-CF20-4506-B1C6-9F2DD2B383DC}
2015-01-29 14:37 - 2015-01-29 14:37 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 14:37 - 2015-01-29 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-29 12:23 - 2015-01-29 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\deeAlsimarket
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\cRazylOwoeReprice
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\briowssE2buuy
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\ddeualsmairkEt
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\cRazylowerprice
2015-01-26 17:17 - 2015-01-30 16:55 - 00000000 ____D () C:\Program Files (x86)\Reddit Hover Text
2015-01-26 17:17 - 2015-01-26 17:18 - 00000000 ____D () C:\ProgramData\665828051187791809
2015-01-24 23:02 - 2015-01-24 23:02 - 00000000 ____D () C:\Users\Lucas\Documents\Guild Wars 2
2015-01-17 19:20 - 2015-01-18 11:13 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Yskaunza
2015-01-17 15:34 - 2015-01-17 15:34 - 00000000 ____D () C:\Users\Lucas\AppData\Local\ESN
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 19:34 - 2012-08-23 15:23 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA.job
2015-02-15 19:17 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:17 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:16 - 2010-11-21 17:33 - 08138004 _____ () C:\Windows\system32\perfh014.dat
2015-02-15 19:16 - 2010-11-21 17:33 - 02698172 _____ () C:\Windows\system32\perfc014.dat
2015-02-15 19:16 - 2009-07-14 06:13 - 00006822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 19:14 - 2012-07-09 14:42 - 02054445 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 19:11 - 2014-06-12 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Spotify
2015-02-15 19:11 - 2014-06-12 16:43 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Spotify
2015-02-15 19:11 - 2013-10-24 18:49 - 00000000 ___RD () C:\Users\Lucas\Dropbox
2015-02-15 19:11 - 2013-10-24 18:47 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Dropbox
2015-02-15 19:11 - 2013-08-09 15:26 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 19:11 - 2013-04-10 08:02 - 00000000 ____D () C:\Users\Lucas\AppData\Local\LogMeIn Hamachi
2015-02-15 19:11 - 2012-08-11 13:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-02-15 19:10 - 2013-08-09 15:26 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 19:10 - 2013-01-30 09:47 - 00111122 _____ () C:\Windows\setupact.log
2015-02-15 19:10 - 2012-07-22 15:15 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-15 19:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 19:03 - 2013-01-31 15:14 - 00542666 _____ () C:\Windows\PFRO.log
2015-02-15 19:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 18:50 - 2012-12-22 08:04 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-15 18:50 - 2012-08-10 23:56 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-15 18:39 - 2012-12-22 08:04 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-15 18:03 - 2012-06-29 12:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 14:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 12:11 - 2012-08-10 20:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-15 10:43 - 2014-06-27 07:11 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-02-14 22:34 - 2012-08-23 15:23 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core.job
2015-02-14 21:40 - 2012-07-22 16:12 - 00000000 ____D () C:\Users\Lucas\AppData\Local\CrashDumps
2015-02-14 13:37 - 2013-05-29 15:49 - 00000000 ____D () C:\ProgramData\Codemasters
2015-02-14 13:37 - 2012-08-10 20:31 - 00000000 ____D () C:\Users\Lucas\Documents\My Games
2015-02-14 13:26 - 2012-08-24 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\uTorrent
2015-02-14 11:23 - 2013-05-31 21:03 - 00000000 ____D () C:\Users\Lucas\Zomboid
2015-02-12 12:17 - 2014-12-11 17:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 12:17 - 2014-05-07 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 12:17 - 2009-07-14 05:45 - 05039104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 11:54 - 2013-04-20 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 11:53 - 2012-09-05 13:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 11:53 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 11:51 - 2012-09-09 18:31 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 11:50 - 2013-08-14 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:50 - 2012-09-09 18:31 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 11:50 - 2012-09-09 18:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 11:50 - 2012-09-09 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 11:41 - 2012-08-17 14:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 11:38 - 2013-10-24 18:49 - 00001017 _____ () C:\Users\Lucas\Desktop\Dropbox.lnk
2015-02-12 11:38 - 2013-10-24 18:48 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:36 - 2014-10-27 19:48 - 00000002 _____ () C:\Users\Lucas\Desktop\kjøretimer.txt
2015-02-10 16:54 - 2012-06-29 12:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-09 20:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-02-09 20:26 - 2012-08-18 13:47 - 00000000 ____D () C:\Users\Lucas\AppData\Local\CRE
2015-02-08 21:11 - 2013-11-09 17:40 - 00001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-06 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 21:03 - 2012-06-29 12:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:03 - 2012-06-29 12:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:03 - 2012-06-29 12:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 13:32 - 2012-11-04 18:45 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-01 13:28 - 2012-07-22 15:00 - 00111184 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 13:26 - 2010-11-21 17:43 - 00000000 ____D () C:\Windows\ShellNew
2015-02-01 13:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-01 13:25 - 2012-06-29 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-01 13:25 - 2012-06-29 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-01 13:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-30 21:56 - 2014-01-01 13:02 - 00000000 ____D () C:\Users\Lucas\Documents\BFBC2
2015-01-29 14:48 - 2013-07-29 16:58 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\vlc
2015-01-29 14:37 - 2013-08-09 15:26 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 23:14 - 2015-01-13 20:06 - 00000022 _____ () C:\Users\Lucas\Documents\tempFolderPath.dat
2015-01-27 17:39 - 2015-01-07 14:58 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-27 15:25 - 2015-01-07 14:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Ucdmedia
2015-01-22 19:02 - 2013-11-18 18:58 - 00000000 ____D () C:\Users\Lucas\Documents\Euro Truck Simulator 2
2015-01-22 18:52 - 2014-08-14 12:29 - 00000000 ____D () C:\Users\Lucas\Documents\ETS2MP
2015-01-19 20:57 - 2014-11-27 17:04 - 00000375 _____ () C:\Users\Lucas\Desktop\thing u need to remember mate.txt
2015-01-18 22:26 - 2013-01-19 20:47 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 20:13 - 2012-12-22 08:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-18 20:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 20:01 - 2013-01-20 00:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-18 20:00 - 2013-01-30 19:57 - 01037732 _____ () C:\Windows\DirectX.log
2015-01-17 20:21 - 2012-07-22 15:52 - 00000000 ____D () C:\Users\Lucas\Documents\Mount&Blade Warband Savegames
2015-01-16 13:57 - 2015-01-15 19:13 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Bimefabu
 
==================== Files in the root of some directories =======
 
2013-11-27 15:44 - 2010-01-15 10:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2013-11-09 18:28 - 2013-11-09 18:28 - 0000132 _____ () C:\Users\Lucas\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-03 19:12 - 2014-11-13 17:54 - 0000004 _____ () C:\Users\Lucas\AppData\Roaming\appdataFr2.bin
2014-06-04 10:16 - 2014-06-04 13:45 - 0000097 _____ () C:\Users\Lucas\AppData\Roaming\LauncherSettings_live.cfg
2015-01-10 10:51 - 2014-12-16 14:01 - 1742338 ___SH () C:\Users\Lucas\AppData\Roaming\Lucas.exe
2015-02-15 19:04 - 2014-12-16 14:02 - 1606072 ___SH (TV) C:\Users\Lucas\AppData\Roaming\show.exe
2014-06-04 09:50 - 2014-06-04 09:50 - 0008144 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_live.bin
2014-06-04 09:45 - 2014-06-04 09:45 - 0000039 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-11-09 17:40 - 2015-02-08 21:11 - 0001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-30 17:35 - 2012-08-30 17:35 - 0000093 _____ () C:\Users\Lucas\AppData\Local\fusioncache.dat
2013-03-21 17:50 - 2013-03-21 17:50 - 0000600 _____ () C:\Users\Lucas\AppData\Local\PUTTY.RND
2014-06-15 09:04 - 2014-06-15 09:05 - 0000000 _____ () C:\Users\Lucas\AppData\Local\{12CD92E9-E338-43E1-94D7-9825FCFC1C1D}
 
Some content of TEMP:
====================
C:\Users\Lucas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdxvxe.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-15 14:34
 
==================== End Of Log ============================

Attached Files


Edited by SyrupWaffle, 15 February 2015 - 01:52 PM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 15 February 2015 - 01:52 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 01:55 PM

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Lucas (administrator) on LUCAS-PC on 15-02-2015 19:47:33
Running from C:\Users\Lucas\Documents\Downloads
Loaded Profiles: Lucas &  (Available profiles: Lucas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Language Engineering Corporation, LLC) D:\Powertranslator\LogoMedia TranslateDotNet Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Valve Corporation) D:\Applications\Steam\Steam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(TV) C:\Users\Lucas\AppData\Roaming\show.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Dropbox, Inc.) C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Applications\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) D:\e12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) D:\Applications\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => D:\Applications\Video Converter Ultimate\BrowserPlugInHelper.exe [1960448 2013-06-17] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Applications\Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Google Update] => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-23] (Google Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Steam] => D:\Applications\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [RGSC] => D:\Grand Theft Auto IV\RGSC\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [f.lux] => C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify Web Helper] => C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [iFunBox Price Watch] => D:\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [LUCAS-PC] => C:\Users\Lucas\AppData\Roaming\show.exe [1606072 2014-12-16] (TV)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [YgPack] => regsvr32.exe C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL <===== ATTENTION
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Tuiqryvac] => "C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe"
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [CAHeadless] => D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Agworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify] => C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {5d82d543-6213-11e2-a344-c8600058f512} - F:\CMADownloader.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {dff48bc9-e93d-11e1-866d-c8600058f512} - G:\Autorun.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-23] (Google Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Applications\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Grand Theft Auto IV\RGSC\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iFunBox Price Watch] => D:\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LUCAS-PC] => C:\Users\Lucas\AppData\Roaming\show.exe [1606072 2014-12-16] (TV)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [YgPack] => regsvr32.exe C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL <===== ATTENTION
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Tuiqryvac] => "C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe"
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CAHeadless] => D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Agworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5d82d543-6213-11e2-a344-c8600058f512} - F:\CMADownloader.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {dff48bc9-e93d-11e1-866d-c8600058f512} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lucas.exe (TV)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> D:\Dark Messah\Dark Messiah of Might and Magic\RegistrationReminder.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: deeAlsimarket -> {9997c176-3c78-48c2-a71a-1f01f4225fef} -> C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: cRazylOwoeReprice -> {d39e133d-037d-4198-a823-fd1dbf7b72a6} -> C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.x64.dll ()
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> D:\Powertranslator\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\ESO\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: Påloggingshjelp for Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: deeAlsimarket -> {9997c176-3c78-48c2-a71a-1f01f4225fef} -> C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: iSkysoft Video Converter Ultimate -> {C7C3BC26-4F2B-4997-A3CB-163337FE975B} -> D:\Applications\Video Converter Ultimate\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
BHO-x32: cRazylOwoeReprice -> {d39e133d-037d-4198-a823-fd1dbf7b72a6} -> C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - D:\Powertranslator\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2FBE43C8-440F-4C31-A848-11EE4F494494}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{3294BD7C-0149-4151-BAA1-5D80411875B1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5309734A-36EC-46C7-926B-4784C7190C0E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8BD2B2C3-A050-4CCD-ADD8-90CDE0AB4FE2}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{98BE0671-7976-4BAF-8258-EFCCADA692A5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9C563302-D8F2-48B8-95B0-5E580F1C17F5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B12CEA13-0EA0-4F6F-B479-C13FD0C29659}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\ESO\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/O1DPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
FF Extension: iSkysoft Video Converter Ultimate - D:\Applications\Video Converter Ultimate\SVRFirefoxExt [2013-09-27]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Users\Lucas\Desktop\Babylon\Utils\ocr@babylon.com
FF HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
FF HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide Fedora) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (4chan X) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2015-01-29]
CHR Extension: (Add to Wunderlist) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlfeafapmnniobpffacckpddijdjgpmj [2015-01-27]
CHR Extension: (Facebook Unseen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-01-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [hlfeafapmnniobpffacckpddijdjgpmj] - D:\Applications\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; D:\e12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-21] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Applications\Hamachi\hamachi-2.exe [2485608 2015-01-20] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LEC TranslateDotNet Server; D:\Powertranslator\LogoMedia TranslateDotNet Server.exe [1955520 2011-07-05] (Language Engineering Corporation, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S3 ArcService; D:\ESO\Arc\ArcService.exe [X]
S3 Origin Client Service; D:\Applications\Origin\OriginClientService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-02] ()
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14759520 2012-05-21] (Intel Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
S1 avdgmctu; \??\C:\Windows\system32\drivers\avdgmctu.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Lucas\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RivaTuner64; \??\C:\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 19:47 - 2015-02-15 19:47 - 00000000 ____D () C:\FRST
2015-02-15 19:04 - 2014-12-16 14:02 - 01606072 ___SH (TV) C:\Users\Lucas\AppData\Roaming\show.exe
2015-02-15 19:01 - 2015-02-15 19:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-15 18:54 - 2015-02-15 19:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 18:54 - 2015-02-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 18:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-15 18:54 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-15 18:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-13 13:37 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:37 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:12 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:12 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:12 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:12 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:12 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:12 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:12 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:12 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:12 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:12 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:12 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 16:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:11 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:11 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:11 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:11 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:11 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:11 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:11 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:11 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:11 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:11 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:11 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 16:11 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:11 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 16:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 16:11 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:11 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:11 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 16:11 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 16:11 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-09 20:15 - 2015-02-09 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 18:54 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys
2015-02-06 18:54 - 2011-07-22 10:33 - 00025056 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2015-02-06 18:53 - 2015-02-06 18:53 - 00003036 _____ () C:\Windows\System32\Tasks\{5A73C415-FD4B-454D-AB3B-27A08EB793BF}
2015-02-03 20:34 - 2015-02-09 19:39 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Wunderlist
2015-02-03 20:17 - 2015-02-03 20:17 - 00002519 _____ () C:\Users\Public\Desktop\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00002505 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00000000 ____D () C:\Program Files (x86)\Wunderlist
2015-02-01 13:32 - 2015-02-15 19:12 - 00003484 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-01 13:26 - 2015-02-01 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-01 13:26 - 2015-02-01 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-02-01 13:25 - 2015-02-01 13:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-01 13:25 - 2015-02-01 13:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-02-01 13:24 - 2015-02-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-01 13:24 - 2015-02-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-01 13:23 - 2015-02-01 13:23 - 00000000 __RHD () C:\MSOCache
2015-01-29 14:49 - 2015-01-29 14:49 - 00003218 _____ () C:\Windows\System32\Tasks\{DC0D883F-D69E-46D7-803A-57A01201D1F8}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003210 _____ () C:\Windows\System32\Tasks\{7656A07E-F55E-40FD-9C57-CA7CD2A551B9}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003208 _____ () C:\Windows\System32\Tasks\{0A495603-CF20-4506-B1C6-9F2DD2B383DC}
2015-01-29 14:37 - 2015-01-29 14:37 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 14:37 - 2015-01-29 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-29 12:23 - 2015-01-29 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\deeAlsimarket
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\cRazylOwoeReprice
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\briowssE2buuy
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\ddeualsmairkEt
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\cRazylowerprice
2015-01-26 17:17 - 2015-01-30 16:55 - 00000000 ____D () C:\Program Files (x86)\Reddit Hover Text
2015-01-26 17:17 - 2015-01-26 17:18 - 00000000 ____D () C:\ProgramData\665828051187791809
2015-01-24 23:02 - 2015-01-24 23:02 - 00000000 ____D () C:\Users\Lucas\Documents\Guild Wars 2
2015-01-17 19:20 - 2015-01-18 11:13 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Yskaunza
2015-01-17 15:34 - 2015-01-17 15:34 - 00000000 ____D () C:\Users\Lucas\AppData\Local\ESN
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 19:34 - 2012-08-23 15:23 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA.job
2015-02-15 19:17 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:17 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:16 - 2010-11-21 17:33 - 08138004 _____ () C:\Windows\system32\perfh014.dat
2015-02-15 19:16 - 2010-11-21 17:33 - 02698172 _____ () C:\Windows\system32\perfc014.dat
2015-02-15 19:16 - 2009-07-14 06:13 - 00006822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 19:14 - 2012-07-09 14:42 - 02054445 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 19:11 - 2014-06-12 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Spotify
2015-02-15 19:11 - 2014-06-12 16:43 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Spotify
2015-02-15 19:11 - 2013-10-24 18:49 - 00000000 ___RD () C:\Users\Lucas\Dropbox
2015-02-15 19:11 - 2013-10-24 18:47 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Dropbox
2015-02-15 19:11 - 2013-08-09 15:26 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 19:11 - 2013-04-10 08:02 - 00000000 ____D () C:\Users\Lucas\AppData\Local\LogMeIn Hamachi
2015-02-15 19:11 - 2012-08-11 13:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-02-15 19:10 - 2013-08-09 15:26 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 19:10 - 2013-01-30 09:47 - 00111122 _____ () C:\Windows\setupact.log
2015-02-15 19:10 - 2012-07-22 15:15 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-15 19:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 19:03 - 2013-01-31 15:14 - 00542666 _____ () C:\Windows\PFRO.log
2015-02-15 19:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 18:50 - 2012-12-22 08:04 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-15 18:50 - 2012-08-10 23:56 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-15 18:39 - 2012-12-22 08:04 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-15 18:03 - 2012-06-29 12:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 14:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 12:11 - 2012-08-10 20:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-15 10:43 - 2014-06-27 07:11 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-02-14 22:34 - 2012-08-23 15:23 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core.job
2015-02-14 21:40 - 2012-07-22 16:12 - 00000000 ____D () C:\Users\Lucas\AppData\Local\CrashDumps
2015-02-14 13:37 - 2013-05-29 15:49 - 00000000 ____D () C:\ProgramData\Codemasters
2015-02-14 13:37 - 2012-08-10 20:31 - 00000000 ____D () C:\Users\Lucas\Documents\My Games
2015-02-14 13:26 - 2012-08-24 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\uTorrent
2015-02-14 11:23 - 2013-05-31 21:03 - 00000000 ____D () C:\Users\Lucas\Zomboid
2015-02-12 12:17 - 2014-12-11 17:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 12:17 - 2014-05-07 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 12:17 - 2009-07-14 05:45 - 05039104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 11:54 - 2013-04-20 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 11:53 - 2012-09-05 13:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 11:53 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 11:51 - 2012-09-09 18:31 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 11:50 - 2013-08-14 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:50 - 2012-09-09 18:31 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 11:50 - 2012-09-09 18:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 11:50 - 2012-09-09 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-12 11:41 - 2012-08-17 14:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 11:38 - 2013-10-24 18:49 - 00001017 _____ () C:\Users\Lucas\Desktop\Dropbox.lnk
2015-02-12 11:38 - 2013-10-24 18:48 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:36 - 2014-10-27 19:48 - 00000002 _____ () C:\Users\Lucas\Desktop\kjøretimer.txt
2015-02-10 16:54 - 2012-06-29 12:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-09 20:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-02-09 20:26 - 2012-08-18 13:47 - 00000000 ____D () C:\Users\Lucas\AppData\Local\CRE
2015-02-08 21:11 - 2013-11-09 17:40 - 00001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-06 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 21:03 - 2012-06-29 12:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:03 - 2012-06-29 12:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:03 - 2012-06-29 12:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 13:32 - 2012-11-04 18:45 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-01 13:28 - 2012-07-22 15:00 - 00111184 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 13:26 - 2010-11-21 17:43 - 00000000 ____D () C:\Windows\ShellNew
2015-02-01 13:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-01 13:25 - 2012-06-29 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-01 13:25 - 2012-06-29 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-01 13:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-30 21:56 - 2014-01-01 13:02 - 00000000 ____D () C:\Users\Lucas\Documents\BFBC2
2015-01-29 14:48 - 2013-07-29 16:58 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\vlc
2015-01-29 14:37 - 2013-08-09 15:26 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 23:14 - 2015-01-13 20:06 - 00000022 _____ () C:\Users\Lucas\Documents\tempFolderPath.dat
2015-01-27 17:39 - 2015-01-07 14:58 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-27 15:25 - 2015-01-07 14:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Ucdmedia
2015-01-22 19:02 - 2013-11-18 18:58 - 00000000 ____D () C:\Users\Lucas\Documents\Euro Truck Simulator 2
2015-01-22 18:52 - 2014-08-14 12:29 - 00000000 ____D () C:\Users\Lucas\Documents\ETS2MP
2015-01-19 20:57 - 2014-11-27 17:04 - 00000375 _____ () C:\Users\Lucas\Desktop\thing u need to remember mate.txt
2015-01-18 22:26 - 2013-01-19 20:47 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 20:13 - 2012-12-22 08:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-18 20:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 20:01 - 2013-01-20 00:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-18 20:00 - 2013-01-30 19:57 - 01037732 _____ () C:\Windows\DirectX.log
2015-01-17 20:21 - 2012-07-22 15:52 - 00000000 ____D () C:\Users\Lucas\Documents\Mount&Blade Warband Savegames
2015-01-16 13:57 - 2015-01-15 19:13 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Bimefabu
 
==================== Files in the root of some directories =======
 
2013-11-27 15:44 - 2010-01-15 10:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2013-11-09 18:28 - 2013-11-09 18:28 - 0000132 _____ () C:\Users\Lucas\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-03 19:12 - 2014-11-13 17:54 - 0000004 _____ () C:\Users\Lucas\AppData\Roaming\appdataFr2.bin
2014-06-04 10:16 - 2014-06-04 13:45 - 0000097 _____ () C:\Users\Lucas\AppData\Roaming\LauncherSettings_live.cfg
2015-01-10 10:51 - 2014-12-16 14:01 - 1742338 ___SH () C:\Users\Lucas\AppData\Roaming\Lucas.exe
2015-02-15 19:04 - 2014-12-16 14:02 - 1606072 ___SH (TV) C:\Users\Lucas\AppData\Roaming\show.exe
2014-06-04 09:50 - 2014-06-04 09:50 - 0008144 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_live.bin
2014-06-04 09:45 - 2014-06-04 09:45 - 0000039 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-11-09 17:40 - 2015-02-08 21:11 - 0001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-30 17:35 - 2012-08-30 17:35 - 0000093 _____ () C:\Users\Lucas\AppData\Local\fusioncache.dat
2013-03-21 17:50 - 2013-03-21 17:50 - 0000600 _____ () C:\Users\Lucas\AppData\Local\PUTTY.RND
2014-06-15 09:04 - 2014-06-15 09:05 - 0000000 _____ () C:\Users\Lucas\AppData\Local\{12CD92E9-E338-43E1-94D7-9825FCFC1C1D}
 
Some content of TEMP:
====================
C:\Users\Lucas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdxvxe.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-15 14:34
 
==================== End Of Log ============================

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Lucas at 2015-02-15 19:48:08
Running from C:\Users\Lucas\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\uTorrent) (Version: 3.4.2.38803 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.38803 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.13) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Altitude (HKLM-x32\...\Steam App 41300) (Version:  - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programsupport (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\BeamNG-DRIVE-0.3) (Version:  - )
BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BeamNG-DRIVE-0.3) (Version:  - )
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - )
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Binary Domain (HKLM-x32\...\Binary Domain_is1) (Version:  - )
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{E500DF84-3A0A-4989-93C2-D33B935008C1}) (Version: 2.00.5976.25 - Sony Computer Entertainment Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.3 R2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.3 R2 Alpha - ETS2MP Team)
f.lux (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Flux) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Bethesda Softworks)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FireWarrior (HKLM-x32\...\FireWarriorA00) (Version:  - )
Freelancer 1.5 (HKLM-x32\...\Freelancer) (Version: 1.5 - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.15.0 - International GeoGebra Institute)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.43.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.27.0 - International GeoGebra Institute)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GOTABetaTest (HKLM\...\UDK-f72da54b-014d-4141-9520-0932a7637eaf) (Version:  - Epic Games, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Half-Life 2) (Version:  - )
Half-Life 2 (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Half-Life 2) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Happy Cloud Client (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Immersion Overhaul Mutator version v1.14 (HKLM-x32\...\{F6F43717-CC6A-4424-A20A-F3BC1378704E}_is1) (Version: v1.14 - dibbler67)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
Initial D Mountain Vengeance (HKLM-x32\...\{B773B178-2C91-4E90-A082-F2875AAEAF48}) (Version:  - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Iron Europe (HKLM-x32\...\{7735559E-F41A-480F-A5FC-174F8B9EB58E}_is1) (Version: 1.0.0 - Iron Europe Development Team)
Iron Europe (HKLM-x32\...\{957609F3-9CF1-4726-8F8F-1C1AAC063917}_is1) (Version: 1.1.0 - Iron Europe Development Team)
iSkysoft Video Converter Ultimate(Build 4.5.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 4.5.1.0 - iSkysoft Software)
iSkysoft Video Converter(Build 4.5.1.0) (HKLM-x32\...\iSkysoft Video Converter_is1) (Version: 4.5.1.0 - iSkysoft Software)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Killing Floor - Toy Master (HKLM-x32\...\Steam App 326960) (Version:  - David Hensley)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LEC Translate (HKLM-x32\...\{B593248E-8CD9-4C54-AD3C-F6848C6A4209}) (Version: 1.00.0004 - Language Engineering, LLC)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klikk og bruk 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
muvee Turbo Video Stabilizer (HKLM-x32\...\{E02F87B9-51B6-BFBF-BC47-03F4B8352B95}) (Version: 1.0.0.23 - muvee Technologies Pte Ltd)
My Game Long Name (HKLM\...\UDK-a73e5708-d086-4a5e-88a6-cd8d814108a1) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-fafe3b61-42f4-4a42-a443-047bb4e51110) (Version:  - Epic Games, Inc.)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nuclear Dawn (HKLM-x32\...\Steam App 17710) (Version:  - InterWave Studios)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
proDAD Mercalli 3.0 (64bit) (HKLM\...\proDAD-Mercalli-3.0) (Version: 3.0.215.1 - proDAD GmbH)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire)
Romae Bellum 3.0 (HKLM-x32\...\Romae Bellum) (Version: 3.0 - )
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version:  - Modulaatio Games)
Running with rifles version 0.98.1 (HKLM-x32\...\{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1) (Version: 0.98.1 - Modulaatio Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Spotify (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR) (Version: 10.0.50903 - Microsoft Corporation)
Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version:  - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steppe Wolf DW 5.2 1.18 (HKLM-x32\...\Steppe_0) (Version: 1.18 - Vitosha Pictures Studio)
Supraball (HKLM-x32\...\Supraball) (Version:  - Supra Games Gbr)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version:  - Epic Games, Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-driverpakke - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows-driverpakke - AMD (amd_sata) HDC  (12/12/2011 1.2.001.0327) (HKLM\...\A5D031AFF71545BA033FE9D172F140CF6489429D) (Version: 12/12/2011 1.2.001.0327 - AMD)
Windows-driverpakke - Asmedia Technology (asahci64) hdc  (01/05/2012 1.3.4.000) (HKLM\...\9F0D1862051CCCF11D3FE4A4F2517A079A563B99) (Version: 01/05/2012 1.3.4.000 - Asmedia Technology)
Windows-driverpakke - ATK (MTsensor) System  (01/21/2008 1043.5.0.0) (HKLM\...\505F021F1B23359ACC152FEFEB18B3C2C5FF82EA) (Version: 01/21/2008 1043.5.0.0 - ATK)
Windows-driverpakke - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
Windows-driverpakke - ATK (MTsensor) System  (10/19/2006 1043.4.0.0) (HKLM\...\0CA7189BDF03FE9EFA6911458ECB1F37C74E4CFD) (Version: 10/19/2006 1043.4.0.0 - ATK)
Windows-driverpakke - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows-driverpakke - Intel (MEIx64) System  (11/09/2011 8.0.0.1262) (HKLM\...\5BAE65AE70F37BAD5B5BC2D358218AB28C626240) (Version: 11/09/2011 8.0.0.1262 - Intel)
Windows-driverpakke - Intel Corporation (igfx) Display  (05/21/2012 8.15.10.2761) (HKLM\...\D21A3D21BF8B8E64F27AC298B74AA3713389054C) (Version: 05/21/2012 8.15.10.2761 - Intel Corporation)
Windows-driverpakke - Intel hdc  (08/26/2011 9.3.0.1011) (HKLM\...\A7E82C89A6D6643325B95A4FEDAB3DB18640208F) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D0582B173B2570B545D0C7ACCEA42F87BA6CC0D) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel® Corporation (IntcDAud) MEDIA  (12/06/2011 6.14.00.3090) (HKLM\...\8384654D490AA4CB537BE669DA59242CA3D85FF0) (Version: 12/06/2011 6.14.00.3090 - Intel® Corporation)
Windows-driverpakke - Realtek (RTL8167) Net  (02/16/2012 7.053.0216.2012) (HKLM\...\DA3790DCDC19081D644D1C0BFB49C2B5CC983990) (Version: 02/16/2012 7.053.0216.2012 - Realtek)
Windows-driverpakke - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\0F1F6C2D22EAC1721EA3B836446321AF2C8DF2C6) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows-driverpakke - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\4A5EF81C80190F479C6FB16BC8CF595275AAC778) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
Your Doodles Are Bugged! (HKLM-x32\...\Steam App 95500) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
14-02-2015 09:17:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-26 15:29 - 2015-01-27 17:39 - 00001515 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
94.242.254.157 www.google-analytics.com.
94.242.254.157 google-analytics.com.
94.242.254.157 connect.facebook.net.
212.83.161.214 www.google-analytics.com.
212.83.161.214 google-analytics.com.
212.83.161.214 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E3E5217-8517-46AC-924B-32F028A81054} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {1C994BD3-304A-4AFB-9C74-03FE7793CD61} - System32\Tasks\{7656A07E-F55E-40FD-9C57-CA7CD2A551B9} => pcalua.exe -a "C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {2A3ED117-9197-400E-A3FB-33669653FD14} - \Security Center Update - 2222866330 No Task File <==== ATTENTION
Task: {2B0308F8-0393-4E07-A0E7-2110B854C756} - System32\Tasks\{D7792A54-4438-457B-BC32-FE2EDC2855F4} => pcalua.exe -a "D:\Applications\Steam\steamapps\common\Grand Theft Auto San Andreas\rikintoshgfx.exe" -d "D:\Applications\Steam\steamapps\common\Grand Theft Auto San Andreas"
Task: {352D0AF1-AA05-4E01-9554-F874E55F095F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F09DB49-AE2B-4399-9752-7587575E8C2F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {4D5C318A-ACDB-41D9-A56D-B1C293E936FA} - System32\Tasks\{CCB0FE80-2C7C-4018-9E00-7003A3CEFF25} => C:\Users\Lucas\Documents\Downloads\Remember Me PC full game + DLC ^^nosTEAM^^\Remember Me nosTEAM.part1.exe
Task: {56A5387E-268A-4B94-A915-6520071A7C7D} - \Security Center Update - 481490062 No Task File <==== ATTENTION
Task: {648446A1-C946-4800-9BCA-8557B759D0B0} - System32\Tasks\AdobeAAMUpdater-1.0-Lucas-PC-Lucas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {723FA49F-0A45-4F9B-BDE9-76F3E41ECE6A} - System32\Tasks\{5A73C415-FD4B-454D-AB3B-27A08EB793BF} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {72BCD7E4-CBD6-416C-941C-96E7DD6752A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: {791ABCC5-9841-4076-8680-55975F731F57} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-01] ()
Task: {7F76F1A0-0C01-4D7A-A070-BF0198735A2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: {8300DC94-B632-4180-B7D2-F074566D663A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {A3B76E68-24AE-4250-96B5-275FDCB981C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A6354FAD-AED8-4975-98C6-C39622289A0D} - System32\Tasks\{DC0D883F-D69E-46D7-803A-57A01201D1F8} => pcalua.exe -a "C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {B4BA9EAD-0A7C-4393-83AE-D2CF24090EC9} - System32\Tasks\{BE3B1E4C-5B7A-45A5-9D2C-34F6C5E7EA10} => pcalua.exe -a "D:\Applications\Republic Commando\GameData\System\SWRepublicCommando.exe" -d "D:\Applications\Republic Commando\GameData\System"
Task: {BCC7ECE3-565B-4A0F-867D-806855265D53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {DFD7DE08-F326-4405-9BE4-200B6FDD279B} - System32\Tasks\{0A495603-CF20-4506-B1C6-9F2DD2B383DC} => pcalua.exe -a "C:\Program Files (x86)\briowssE2buuy\briowssE2buuy.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {E8D497B0-EC8B-493B-98B7-1744C4C18C35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {EC9E8F0E-C842-4788-8451-DEBBED01B62B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core.job => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA.job => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-22 08:04 - 2015-01-18 20:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-03 17:46 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2012-08-03 17:46 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-06-12 16:44 - 2014-12-11 14:29 - 00374840 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-04-17 21:29 - 2014-04-17 21:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-07 14:57 - 2015-01-07 14:57 - 01303552 _____ () C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL
2014-08-29 14:48 - 2014-12-01 22:31 - 02396672 _____ () D:\Applications\Steam\libavcodec-56.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00442880 _____ () D:\Applications\Steam\libavutil-54.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00479744 _____ () D:\Applications\Steam\libavformat-56.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00332800 _____ () D:\Applications\Steam\libavresample-2.dll
2013-02-28 10:52 - 2014-11-11 19:47 - 00774656 _____ () D:\Applications\Steam\SDL2.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 05002752 _____ () D:\Applications\Steam\v8.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 01612800 _____ () D:\Applications\Steam\icui18n.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 01210368 _____ () D:\Applications\Steam\icuuc.dll
2014-05-22 13:43 - 2015-01-23 23:34 - 02227904 _____ () D:\Applications\Steam\video.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00485888 _____ () D:\Applications\Steam\libswscale-3.dll
2012-08-31 18:01 - 2015-01-23 23:33 - 00696512 _____ () D:\Applications\Steam\bin\chromehtml.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-03 17:46 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-04-17 21:13 - 2014-04-17 21:13 - 00078848 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraNon.dll
2015-01-25 17:15 - 2015-01-25 17:15 - 01286656 _____ () C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 36966968 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libcef.dll
2012-08-03 17:46 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 19:11 - 2015-02-15 19:11 - 00043008 _____ () c:\users\lucas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdxvxe.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-06 10:26 - 2014-12-11 14:29 - 00867896 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 00886840 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 00108600 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libegl.dll
2012-08-31 18:01 - 2015-01-16 00:42 - 34641288 _____ () D:\Applications\Steam\bin\libcef.dll
2015-01-26 17:18 - 2015-01-26 17:18 - 00561664 _____ () C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.dll
2015-01-26 17:18 - 2015-01-26 17:18 - 00561664 _____ () C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.dll
2014-08-15 10:00 - 2015-01-16 00:42 - 01709960 _____ () D:\Applications\Steam\bin\ffmpegsumo.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38128486.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38128486.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-501375823-945938198-3930272533-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.213.112.4 - 130.67.15.198
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: GameCompanion => "C:\Users\Lucas\Desktop\GameCompanion\GameCompanion.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Applications\Hamachi\hamachi-2-ui.exe" --auto-start
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-501375823-945938198-3930272533-500 - Administrator - Disabled)
ASPNET (S-1-5-21-501375823-945938198-3930272533-1006 - Limited - Enabled)
Gjest (S-1-5-21-501375823-945938198-3930272533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-501375823-945938198-3930272533-1003 - Limited - Enabled)
Lucas (S-1-5-21-501375823-945938198-3930272533-1001 - Administrator - Enabled) => C:\Users\Lucas
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden.
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:16:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden.
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 01:19:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden.
 
Error: (02/15/2015 01:19:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
 
System errors:
=============
Error: (02/15/2015 07:11:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:54 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (02/15/2015 07:11:54 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (02/15/2015 07:11:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 07:11:42 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (02/15/2015 07:10:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten AODDriver4.3 kan ikke starte på grunn av følgende feil: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:16:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 01:19:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/15/2015 01:19:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-17 16:18:38.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-17 16:18:25.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-14 16:51:20.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:20.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:19.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:19.006
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:17.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:17.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:16.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:16.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 52%
Total physical RAM: 8174.12 MB
Available physical RAM: 3848.63 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 11172.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:13.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:79.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 0C02B7BD)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0C02B7B5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 15 February 2015 - 02:08 PM

Yep, there is malware running.

 

I'm curious about it...

Step 1

Upload File(s) to virustotal.png
I want you to upload the following file(s) to an online virus-scanner to scan.

  • Click the Choose File button.
  • Please copy/paste the following text into the 'File name:' box:
    C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL
    
  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Copy and Paste the link of the result page in your reply;

Follow the procedure for the following file(s) too:
C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe
C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll


Edited by deeprybka, 15 February 2015 - 02:08 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 02:16 PM

https://www.virustotal.com/en/file/5291852d2843d4f1239f40be52d6b7fbe9f269220f45d34ed2b936bf2272707c/analysis/1424027636/

https://www.virustotal.com/en/file/2a2c078a463628201584f3d58b364ce5bcf5a424c75c3c31b2aebd8fbe7a9df5/analysis/1424027697/

 

I can't seem to find C:\Users\Lucas\AppData\Roaming\Asluibl\icomil.exe



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 15 February 2015 - 02:25 PM

No problem!
 
warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
 
 
Step 1
 
emsisoft_emergency_kit.pnglogo.png

  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.

EKK.gif
 
 
 
Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 15 February 2015 - 02:28 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 05:22 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 15.02.2015 20:28:54
User account: Lucas-PC\Lucas
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, Q:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 15.02.2015 20:29:24
C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.dll detected: Gen:Variant.Adware.Zusy.121779 (B)
C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.dll detected: Gen:Variant.Adware.Zusy.121779 (B)
C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll detected: Gen:Variant.Symmi.46796 (B)
C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL detected: Gen:Variant.Symmi.46796 (B)
C:\Users\Lucas\AppData\Roaming\show.exe detected: Gen:Variant.Kazy.504289 (B)
C:\Users\Lucas\AppData\Local\Conduit detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755} detected: Application.AdReg (A)
C:\Users\Lucas\AppData\Local\cre detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} detected: Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER detected: Application.AdStart (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> OCR@BABYLON.COM detected: Application.FireExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} detected: Application.InstallMood (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{6536801B-F50C-449B-9476-093DFD3789E3} detected: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} detected: Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} detected: Application.AdFix (A)
C:\Program Files (x86)\Conduit detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1DBAB667-A486-421E-AFE4-CF07DD0088E5} detected: Trojan.Win32.Suspicious (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {1DBAB667-A486-421E-AFE4-CF07DD0088E5} detected: Trojan.Win32.Suspicious (A)
Key: HKEY_USERS\S-1-5-21-501375823-945938198-3930272533-1001\SOFTWARE\CONDUIT detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} detected: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP detected: Application.AdReg (A)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll detected: Application.Win32.WebToolbar (A)
C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.dll detected: Gen:Variant.Adware.Zusy.121779 (B)
C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.x64.dll detected: Application.Generic.1137493 (B)
C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.dll detected: Gen:Variant.Adware.Zusy.121779 (B)
C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.x64.dll detected: Application.Generic.1137493 (B)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll detected: Riskware.Win32.CrackTool (A)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{03FAEE24-4001-1435-A769-536A13A6B503}-tmpFEAD.exe -> (Quarantine-PE) detected: Trojan.Dropper.XHN (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4A0E1055-E50A-96B7-506C-61D268BDF4EF}-TSL.dll -> (Quarantine-PE) detected: Gen:Variant.Symmi.46935 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{61057B9C-79A8-385E-FF4F-12928CC86185}-52E2.tmp -> (Quarantine-PE) detected: Trojan.Simda.BS (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{765DB315-0FF3-9921-856C-B196BDB55E71}-ficuomy.exe -> (Quarantine-PE) detected: Gen:Variant.Kazy.537584 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A500F45D-687B-096B-741A-E578E14AE6D5}-TSL.dll -> (Quarantine-PE) detected: Gen:Variant.Symmi.46935 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{AF89BF77-8561-53CB-0B43-23A1C9B4848C}-tmp4562.exe -> (Quarantine-PE) detected: Gen:Variant.Symmi.50500 (B)
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll detected: Trojan.Generic.12505600 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA9A7.exe detected: Trojan.GenericKD.2109908 (B)
C:\TDSSKiller_Quarantine\15.02.2015_18.58.56\uds0000\file0000\tsk0000.dta detected: Gen:Variant.Kazy.504289 (B)
C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll detected: Gen:Variant.Symmi.46796 (B)
C:\Users\Lucas\AppData\Local\YgPack\EModelUtils.DLL detected: Gen:Variant.Symmi.46796 (B)
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lucas.exe detected: Gen:Variant.Kazy.504289 (B)
C:\Users\Lucas\AppData\Roaming\show.exe detected: Gen:Variant.Kazy.504289 (B)
D:\FLASH\DLL FILE\64bit\amtlib.dll detected: Riskware.Win32.CrackTool (A)
D:\GRID Autosport\steam_api.dll detected: Riskware.Win32.GameHack (A)
 
Scanned 622955
Found 47
 
Scan end: 15.02.2015 23:10:01
Scan time: 2:40:37
 
D:\GRID Autosport\steam_api.dll Quarantined Riskware.Win32.GameHack (A)
D:\FLASH\DLL FILE\64bit\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lucas.exe Quarantined Gen:Variant.Kazy.504289 (B)
C:\TDSSKiller_Quarantine\15.02.2015_18.58.56\uds0000\file0000\tsk0000.dta Quarantined Gen:Variant.Kazy.504289 (B)
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA9A7.exe Quarantined Trojan.GenericKD.2109908 (B)
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll Quarantined Trojan.Generic.12505600 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{AF89BF77-8561-53CB-0B43-23A1C9B4848C}-tmp4562.exe Quarantined Gen:Variant.Symmi.50500 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A500F45D-687B-096B-741A-E578E14AE6D5}-TSL.dll Quarantined Gen:Variant.Symmi.46935 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{765DB315-0FF3-9921-856C-B196BDB55E71}-ficuomy.exe Quarantined Gen:Variant.Kazy.537584 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{61057B9C-79A8-385E-FF4F-12928CC86185}-52E2.tmp Quarantined Trojan.Simda.BS (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4A0E1055-E50A-96B7-506C-61D268BDF4EF}-TSL.dll Quarantined Gen:Variant.Symmi.46935 (B)
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{03FAEE24-4001-1435-A769-536A13A6B503}-tmpFEAD.exe Quarantined Trojan.Dropper.XHN (B)
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll Quarantined Riskware.Win32.CrackTool (A)
C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.x64.dll Quarantined Application.Generic.1137493 (B)
C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.x64.dll Quarantined Application.Generic.1137493 (B)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Quarantined Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Quarantined Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP Quarantined Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-501375823-945938198-3930272533-1001\SOFTWARE\CONDUIT Quarantined Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR -> {1DBAB667-A486-421E-AFE4-CF07DD0088E5} Quarantined Trojan.Win32.Suspicious (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1DBAB667-A486-421E-AFE4-CF07DD0088E5} Quarantined Trojan.Win32.Suspicious (A)
C:\Program Files (x86)\Conduit Quarantined Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Quarantined Application.AdFix (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Quarantined Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{6536801B-F50C-449B-9476-093DFD3789E3} Quarantined Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Quarantined Application.InstallMood (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS -> OCR@BABYLON.COM Quarantined Application.FireExt (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> BROWSERPLUGINHELPER Quarantined Application.AdStart (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Quarantined Application.AdReg (A)
C:\Users\Lucas\AppData\Local\cre Quarantined Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Quarantined Application.AdGenie (A)
C:\Users\Lucas\AppData\Local\Conduit Quarantined Application.AppInstall (A)
 
Quarantined 37
 

 



#8 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 05:23 PM

FRST.txt:

 

 
LastRegBack: 2015-02-15 14:34
 
==================== End Of Log ==========
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Lucas at 2015-02-15 23:18:05
Running from C:\Users\Lucas\Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\uTorrent) (Version: 3.4.2.38803 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ace of Spades (HKLM-x32\...\{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}) (Version: 0.75.015 - Ben Aksoy)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.13) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Altitude (HKLM-x32\...\Steam App 41300) (Version:  - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programsupport (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlefront Extreme 2.2 (HKLM-x32\...\{AFD834CA-4579-49DF-9CF0-EA58822A7C2E}_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\BeamNG-DRIVE-0.3) (Version:  - )
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - )
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Binary Domain (HKLM-x32\...\Binary Domain_is1) (Version:  - )
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version:  - Forward Development)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{E500DF84-3A0A-4989-93C2-D33B935008C1}) (Version: 2.00.5976.25 - Sony Computer Entertainment Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM-x32\...\Steam App 30) (Version:  - Valve)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - )
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.3 R2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.3 R2 Alpha - ETS2MP Team)
f.lux (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Flux) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Bethesda Softworks)
ffdshow v1.3.4530 [2014-02-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4530.0 - )
FireWarrior (HKLM-x32\...\FireWarriorA00) (Version:  - )
Freelancer 1.5 (HKLM-x32\...\Freelancer) (Version: 1.5 - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.15.0 - International GeoGebra Institute)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.43.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.27.0 - International GeoGebra Institute)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GOTABetaTest (HKLM\...\UDK-f72da54b-014d-4141-9520-0932a7637eaf) (Version:  - Epic Games, Inc.)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
GRID Autosport (HKLM-x32\...\R1JJREF1dG9zcG9ydA==_is1) (Version: 1 - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Half-Life 2) (Version:  - )
Happy Cloud Client (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Immersion Overhaul Mutator version v1.14 (HKLM-x32\...\{F6F43717-CC6A-4424-A20A-F3BC1378704E}_is1) (Version: v1.14 - dibbler67)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
Initial D Mountain Vengeance (HKLM-x32\...\{B773B178-2C91-4E90-A082-F2875AAEAF48}) (Version:  - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Iron Europe (HKLM-x32\...\{7735559E-F41A-480F-A5FC-174F8B9EB58E}_is1) (Version: 1.0.0 - Iron Europe Development Team)
Iron Europe (HKLM-x32\...\{957609F3-9CF1-4726-8F8F-1C1AAC063917}_is1) (Version: 1.1.0 - Iron Europe Development Team)
iSkysoft Video Converter Ultimate(Build 4.5.1.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 4.5.1.0 - iSkysoft Software)
iSkysoft Video Converter(Build 4.5.1.0) (HKLM-x32\...\iSkysoft Video Converter_is1) (Version: 4.5.1.0 - iSkysoft Software)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Killing Floor - Toy Master (HKLM-x32\...\Steam App 326960) (Version:  - David Hensley)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LEC Translate (HKLM-x32\...\{B593248E-8CD9-4C54-AD3C-F6848C6A4209}) (Version: 1.00.0004 - Language Engineering, LLC)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klikk og bruk 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Taleworlds Entertainment)
muvee Turbo Video Stabilizer (HKLM-x32\...\{E02F87B9-51B6-BFBF-BC47-03F4B8352B95}) (Version: 1.0.0.23 - muvee Technologies Pte Ltd)
My Game Long Name (HKLM\...\UDK-a73e5708-d086-4a5e-88a6-cd8d814108a1) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-fafe3b61-42f4-4a42-a443-047bb4e51110) (Version:  - Epic Games, Inc.)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Nuclear Dawn (HKLM-x32\...\Steam App 17710) (Version:  - InterWave Studios)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
proDAD Mercalli 3.0 (64bit) (HKLM\...\proDAD-Mercalli-3.0) (Version: 3.0.215.1 - proDAD GmbH)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire)
Romae Bellum 3.0 (HKLM-x32\...\Romae Bellum) (Version: 3.0 - )
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version:  - Modulaatio Games)
Running with rifles version 0.98.1 (HKLM-x32\...\{E2948988-2C6C-4070-BC8B-A1D77FE97D09}_is1) (Version: 0.98.1 - Modulaatio Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Spotify (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Språkpakke for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) – NOR (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NOR) (Version: 10.0.50903 - Microsoft Corporation)
Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version:  - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steppe Wolf DW 5.2 1.18 (HKLM-x32\...\Steppe_0) (Version: 1.18 - Vitosha Pictures Studio)
Supraball (HKLM-x32\...\Supraball) (Version:  - Supra Games Gbr)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 2004 (HKLM-x32\...\Steam App 13230) (Version:  - Epic Games, Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-driverpakke - Advanced Micro Devices, Inc System  (04/15/2010 5.12.0.13) (HKLM\...\219D5BE6B14468E687B5EFF7979E68AA355A5299) (Version: 04/15/2010 5.12.0.13 - Advanced Micro Devices, Inc)
Windows-driverpakke - AMD (amd_sata) HDC  (12/12/2011 1.2.001.0327) (HKLM\...\A5D031AFF71545BA033FE9D172F140CF6489429D) (Version: 12/12/2011 1.2.001.0327 - AMD)
Windows-driverpakke - Asmedia Technology (asahci64) hdc  (01/05/2012 1.3.4.000) (HKLM\...\9F0D1862051CCCF11D3FE4A4F2517A079A563B99) (Version: 01/05/2012 1.3.4.000 - Asmedia Technology)
Windows-driverpakke - ATK (MTsensor) System  (01/21/2008 1043.5.0.0) (HKLM\...\505F021F1B23359ACC152FEFEB18B3C2C5FF82EA) (Version: 01/21/2008 1043.5.0.0 - ATK)
Windows-driverpakke - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
Windows-driverpakke - ATK (MTsensor) System  (10/19/2006 1043.4.0.0) (HKLM\...\0CA7189BDF03FE9EFA6911458ECB1F37C74E4CFD) (Version: 10/19/2006 1043.4.0.0 - ATK)
Windows-driverpakke - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032) (HKLM\...\64A62163FE43328D13305746CB8BCC93F2DF6545) (Version: 11/29/2011 11.0.0.1032 - Intel)
Windows-driverpakke - Intel (MEIx64) System  (11/09/2011 8.0.0.1262) (HKLM\...\5BAE65AE70F37BAD5B5BC2D358218AB28C626240) (Version: 11/09/2011 8.0.0.1262 - Intel)
Windows-driverpakke - Intel Corporation (igfx) Display  (05/21/2012 8.15.10.2761) (HKLM\...\D21A3D21BF8B8E64F27AC298B74AA3713389054C) (Version: 05/21/2012 8.15.10.2761 - Intel Corporation)
Windows-driverpakke - Intel hdc  (08/26/2011 9.3.0.1011) (HKLM\...\A7E82C89A6D6643325B95A4FEDAB3DB18640208F) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D0582B173B2570B545D0C7ACCEA42F87BA6CC0D) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows-driverpakke - Intel® Corporation (IntcDAud) MEDIA  (12/06/2011 6.14.00.3090) (HKLM\...\8384654D490AA4CB537BE669DA59242CA3D85FF0) (Version: 12/06/2011 6.14.00.3090 - Intel® Corporation)
Windows-driverpakke - Realtek (RTL8167) Net  (02/16/2012 7.053.0216.2012) (HKLM\...\DA3790DCDC19081D644D1C0BFB49C2B5CC983990) (Version: 02/16/2012 7.053.0216.2012 - Realtek)
Windows-driverpakke - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\0F1F6C2D22EAC1721EA3B836446321AF2C8DF2C6) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)
Windows-driverpakke - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\4A5EF81C80190F479C6FB16BC8CF595275AAC778) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
Your Doodles Are Bugged! (HKLM-x32\...\Steam App 95500) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-501375823-945938198-3930272533-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-26 15:29 - 2015-01-27 17:39 - 00001515 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.140 www.google-analytics.com.
89.163.213.140 google-analytics.com.
89.163.213.140 connect.facebook.net.
94.242.254.157 www.google-analytics.com.
94.242.254.157 google-analytics.com.
94.242.254.157 connect.facebook.net.
212.83.161.214 www.google-analytics.com.
212.83.161.214 google-analytics.com.
212.83.161.214 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E3E5217-8517-46AC-924B-32F028A81054} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {1C994BD3-304A-4AFB-9C74-03FE7793CD61} - System32\Tasks\{7656A07E-F55E-40FD-9C57-CA7CD2A551B9} => pcalua.exe -a "C:\Program Files (x86)\deeAlsimarket\epNi3YgfVj8CRk.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {2A3ED117-9197-400E-A3FB-33669653FD14} - \Security Center Update - 2222866330 No Task File <==== ATTENTION
Task: {2B0308F8-0393-4E07-A0E7-2110B854C756} - System32\Tasks\{D7792A54-4438-457B-BC32-FE2EDC2855F4} => pcalua.exe -a "D:\Applications\Steam\steamapps\common\Grand Theft Auto San Andreas\rikintoshgfx.exe" -d "D:\Applications\Steam\steamapps\common\Grand Theft Auto San Andreas"
Task: {352D0AF1-AA05-4E01-9554-F874E55F095F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3F09DB49-AE2B-4399-9752-7587575E8C2F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {43932CD3-3564-4D5B-89D2-3BFD3F84C0AC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-01] ()
Task: {4D5C318A-ACDB-41D9-A56D-B1C293E936FA} - System32\Tasks\{CCB0FE80-2C7C-4018-9E00-7003A3CEFF25} => C:\Users\Lucas\Documents\Downloads\Remember Me PC full game + DLC ^^nosTEAM^^\Remember Me nosTEAM.part1.exe
Task: {56A5387E-268A-4B94-A915-6520071A7C7D} - \Security Center Update - 481490062 No Task File <==== ATTENTION
Task: {648446A1-C946-4800-9BCA-8557B759D0B0} - System32\Tasks\AdobeAAMUpdater-1.0-Lucas-PC-Lucas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {723FA49F-0A45-4F9B-BDE9-76F3E41ECE6A} - System32\Tasks\{5A73C415-FD4B-454D-AB3B-27A08EB793BF} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {72BCD7E4-CBD6-416C-941C-96E7DD6752A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: {7F76F1A0-0C01-4D7A-A070-BF0198735A2F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23] (Google Inc.)
Task: {8300DC94-B632-4180-B7D2-F074566D663A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {A3B76E68-24AE-4250-96B5-275FDCB981C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A6354FAD-AED8-4975-98C6-C39622289A0D} - System32\Tasks\{DC0D883F-D69E-46D7-803A-57A01201D1F8} => pcalua.exe -a "C:\Program Files (x86)\cRazylOwoeReprice\rcoowrQoaG4eA0.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {B4BA9EAD-0A7C-4393-83AE-D2CF24090EC9} - System32\Tasks\{BE3B1E4C-5B7A-45A5-9D2C-34F6C5E7EA10} => pcalua.exe -a "D:\Applications\Republic Commando\GameData\System\SWRepublicCommando.exe" -d "D:\Applications\Republic Commando\GameData\System"
Task: {BCC7ECE3-565B-4A0F-867D-806855265D53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {DFD7DE08-F326-4405-9BE4-200B6FDD279B} - System32\Tasks\{0A495603-CF20-4506-B1C6-9F2DD2B383DC} => pcalua.exe -a "C:\Program Files (x86)\briowssE2buuy\briowssE2buuy.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {E8D497B0-EC8B-493B-98B7-1744C4C18C35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {EC9E8F0E-C842-4788-8451-DEBBED01B62B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core.job => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA.job => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-17 21:29 - 2014-04-17 21:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-17 21:29 - 2014-04-17 21:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-12-22 08:04 - 2015-01-18 20:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-08-03 17:46 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-27 17:02 - 2013-03-25 09:57 - 00721917 _____ () C:\Windows\SysWOW64\ISCM64.dll
2012-08-03 17:46 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-06-12 16:44 - 2014-12-11 14:29 - 00374840 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-03 17:46 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-17 21:13 - 2014-04-17 21:13 - 00078848 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraNon.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 36966968 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libcef.dll
2012-08-03 17:46 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 23:13 - 2015-02-15 23:13 - 00043008 _____ () c:\users\lucas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqqdmlc.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Lucas\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-08-06 10:26 - 2014-12-11 14:29 - 00867896 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 00886840 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-06-12 16:44 - 2014-12-11 14:29 - 00108600 _____ () C:\Users\Lucas\AppData\Roaming\Spotify\Data\libegl.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-29 14:37 - 2015-01-25 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 02396672 _____ () D:\Applications\Steam\libavcodec-56.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00442880 _____ () D:\Applications\Steam\libavutil-54.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00479744 _____ () D:\Applications\Steam\libavformat-56.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00332800 _____ () D:\Applications\Steam\libavresample-2.dll
2013-02-28 10:52 - 2014-11-11 19:47 - 00774656 _____ () D:\Applications\Steam\SDL2.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 05002752 _____ () D:\Applications\Steam\v8.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 01612800 _____ () D:\Applications\Steam\icui18n.dll
2015-01-20 16:53 - 2014-12-02 01:29 - 01210368 _____ () D:\Applications\Steam\icuuc.dll
2014-05-22 13:43 - 2015-01-23 23:34 - 02227904 _____ () D:\Applications\Steam\video.dll
2014-08-29 14:48 - 2014-12-01 22:31 - 00485888 _____ () D:\Applications\Steam\libswscale-3.dll
2012-08-31 18:01 - 2015-01-23 23:33 - 00696512 _____ () D:\Applications\Steam\bin\chromehtml.DLL
2012-08-31 18:01 - 2015-01-16 00:42 - 34641288 _____ () D:\Applications\Steam\bin\libcef.dll
2014-08-15 10:00 - 2015-01-16 00:42 - 01709960 _____ () D:\Applications\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38128486.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38128486.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.213.112.4 - 130.67.15.198
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for PlayStation®.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: GameCompanion => "C:\Users\Lucas\Desktop\GameCompanion\GameCompanion.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Applications\Hamachi\hamachi-2-ui.exe" --auto-start
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-501375823-945938198-3930272533-500 - Administrator - Disabled)
ASPNET (S-1-5-21-501375823-945938198-3930272533-1006 - Limited - Enabled)
Gjest (S-1-5-21-501375823-945938198-3930272533-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-501375823-945938198-3930272533-1003 - Limited - Enabled)
Lucas (S-1-5-21-501375823-945938198-3930272533-1001 - Administrator - Enabled) => C:\Users\Lucas
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/15/2015 11:15:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 10:20:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet chrome.exe versjon 40.0.2214.93 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.
 
Prosess-ID: 19cc
 
Starttidspunkt: 01d04951ddf16ec4
 
Avslutningstidspunkt: 60000
 
Programbane: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Rapport-ID: 4f96c40e-b558-11e4-ab77-c8600058f512
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden.
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:16:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden.
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen.
 
Error: (02/15/2015 07:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/15/2015 11:14:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:23 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (02/15/2015 11:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:20 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (02/15/2015 11:14:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Peer Networking Grouping avhenger av tjenesten Peer Name Resolution Protocol som ikke kan starte på grunn av følgende feil: 
%%-2140993535
 
Error: (02/15/2015 11:14:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten Peer Name Resolution Protocol terminerte med følgende feil: 
%%-2140993535
 
 
Microsoft Office Sessions:
=========================
Error: (02/15/2015 11:15:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 10:20:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.9319cc01d04951ddf16ec460000C:\Program Files (x86)\Google\Chrome\Application\chrome.exe4f96c40e-b558-11e4-ab77-c8600058f512
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/15/2015 07:16:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:16:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-MYNDIGHET)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:09:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-MYNDIGHET)
Description: Performance1637070000000000000000000009030000
 
Error: (02/15/2015 07:05:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-17 16:18:38.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-17 16:18:25.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-14 16:51:20.176
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:20.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:19.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:19.006
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:17.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:17.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:16.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-14 16:51:16.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 42%
Total physical RAM: 8174.12 MB
Available physical RAM: 4677.93 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 12748.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:15.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:79.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 0C02B7BD)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0C02B7B5)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 15 February 2015 - 05:29 PM

FRST.txt is missing...

 

 

 

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 15 February 2015 - 05:46 PM

Hello, I was not aware that this computer has cracked software installed as it is a shared computer. Do I uninstall the cracked software ones? Is there a way you can tell me which programs are cracked?

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 16 February 2015 - 01:07 PM

Is there a way you can tell me which programs are cracked?


Yes. Seems to be that Office and Photoshop are cracked.

Please post the FRST.txt as well.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 16 February 2015 - 02:08 PM

I've uninstalled Office and Photoshop, I apologize for the inconvenience!

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015

Ran by Lucas (administrator) on LUCAS-PC on 16-02-2015 20:03:30
Running from C:\Users\Lucas\Documents\Downloads
Loaded Profiles: Lucas (Available profiles: Lucas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Language Engineering Corporation, LLC) D:\Powertranslator\LogoMedia TranslateDotNet Server.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
(LogMeIn Inc.) D:\Applications\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Applications\Hamachi\LMIGuardianSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Google Inc.) C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe
(Valve Corporation) D:\Applications\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
(Spotify Ltd) C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Dropbox, Inc.) C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Applications\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-02-16] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Applications\Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Google Update] => C:\Users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-23] (Google Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Steam] => D:\Applications\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lucas\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [f.lux] => C:\Users\Lucas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify Web Helper] => C:\Users\Lucas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [CAHeadless] => D:\e12\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Agworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Lucas\AppData\Local\Ucdmedia\bcqsehj.dll
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Spotify] => C:\Users\Lucas\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-16] (Bitdefender)
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: F - F:\DisneySplash.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {5d82d543-6213-11e2-a344-c8600058f512} - F:\CMADownloader.exe
HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\MountPoints2: {dff48bc9-e93d-11e1-866d-c8600058f512} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK -> D:\Dark Messah\Dark Messiah of Might and Magic\RegistrationReminder.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lucas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.info
HKU\S-1-5-21-501375823-945938198-3930272533-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
SearchScopes: HKU\S-1-5-21-501375823-945938198-3930272533-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> D:\Powertranslator\Applications\LEC IE Translation Extension.dll (Language Engineering Corporation, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\ESO\Arc\Plugins\ArcPluginIE.dll No File
BHO-x32: Påloggingshjelp for Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: iSkysoft Video Converter Ultimate -> {C7C3BC26-4F2B-4997-A3CB-163337FE975B} -> D:\Applications\Video Converter Ultimate\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2FBE43C8-440F-4C31-A848-11EE4F494494}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{3294BD7C-0149-4151-BAA1-5D80411875B1}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5309734A-36EC-46C7-926B-4784C7190C0E}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8BD2B2C3-A050-4CCD-ADD8-90CDE0AB4FE2}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{98BE0671-7976-4BAF-8258-EFCCADA692A5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9C563302-D8F2-48B8-95B0-5E580F1C17F5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B12CEA13-0EA0-4F6F-B479-C13FD0C29659}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\ESO\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @talk.google.com/O1DPlugin -> C:\Users\Lucas\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lucas\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin HKU\S-1-5-21-501375823-945938198-3930272533-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lucas\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
FF Extension: iSkysoft Video Converter Ultimate - D:\Applications\Video Converter Ultimate\SVRFirefoxExt [2013-09-27]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-02-16]
FF HKU\S-1-5-21-501375823-945938198-3930272533-1001\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - D:\Applications\Video Converter Ultimate\SVRFirefoxExt
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide Fedora) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-29]
CHR Extension: (4chan X) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2015-01-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-02-16]
CHR Extension: (AdBlock) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-29]
CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlfeafapmnniobpffacckpddijdjgpmj [2015-01-27]
CHR Extension: (Facebook Unseen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-01-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hlfeafapmnniobpffacckpddijdjgpmj] - D:\Applications\Video Converter Ultimate\SVRChromePlugin.crx [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeActiveFileMonitor12.0; D:\e12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-21] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Applications\Hamachi\hamachi-2.exe [2485608 2015-01-20] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LEC TranslateDotNet Server; D:\Powertranslator\LogoMedia TranslateDotNet Server.exe [1955520 2011-07-05] (Language Engineering Corporation, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-02-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S3 ArcService; D:\ESO\Arc\ArcService.exe [X]
S3 Origin Client Service; D:\Applications\Origin\OriginClientService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-12-02] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-16] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-02-16] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-16] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-16] (BitDefender SRL)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cleanhlp; C:\bin\cleanhlp64.sys [57024 2015-02-15] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-10-22] (BitDefender LLC)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14759520 2012-05-21] (Intel Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-12-02] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
S1 avdgmctu; \??\C:\Windows\system32\drivers\avdgmctu.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\Lucas\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RivaTuner64; \??\C:\Users\Lucas\Desktop\Ny mappe\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 10:40 - 2015-02-16 10:40 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-16 10:40 - 2015-02-16 10:40 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-16 10:40 - 2015-02-16 10:40 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-02-16 10:40 - 2015-02-16 10:40 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-02-16 10:40 - 2015-02-16 10:40 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-02-16 10:37 - 2015-02-16 10:42 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Bitdefender
2015-02-16 10:37 - 2015-02-16 10:41 - 00000000 ____D () C:\ProgramData\BDLogging
2015-02-16 10:37 - 2015-02-16 10:40 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-16 10:37 - 2015-02-16 10:40 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-02-16 10:37 - 2015-02-16 10:37 - 00483005 _____ () C:\ProgramData\1424079236.bdinstall.bin
2015-02-16 10:37 - 2015-02-16 10:37 - 00002122 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2015.lnk
2015-02-16 10:37 - 2015-02-16 10:37 - 00000684 ____H () C:\bdr-cf01
2015-02-16 10:37 - 2015-02-16 10:37 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-02-16 10:37 - 2015-02-16 10:37 - 00000385 _____ () C:\Users\Lucas\AppData\Roaminguser_gensett.xml
2015-02-16 10:37 - 2015-02-16 10:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-16 10:37 - 2015-02-16 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-02-16 10:37 - 2014-12-02 16:37 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-02-16 10:37 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-02-16 10:36 - 2015-02-16 10:37 - 00253404 ____H () C:\bdr-ld01
2015-02-16 10:36 - 2015-02-16 10:37 - 00009216 ____H () C:\bdr-ld01.mbr
2015-02-16 10:36 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-02-16 10:36 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-02-16 10:35 - 2015-02-16 10:40 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-02-16 10:35 - 2015-02-16 10:37 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-02-16 10:35 - 2015-02-16 10:35 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-16 10:35 - 2014-10-22 09:29 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-16 10:35 - 2014-10-15 16:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-16 10:33 - 2015-02-16 10:33 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\QuickScan
2015-02-16 10:30 - 2015-02-16 10:35 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-15 23:13 - 2015-02-15 23:13 - 00001490 _____ () C:\EamClean.log
2015-02-15 20:27 - 2015-02-15 23:22 - 00000000 ____D () C:\bin
2015-02-15 20:27 - 2015-02-15 20:27 - 00000653 _____ () C:\Users\Lucas\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-15 20:27 - 2015-02-15 00:14 - 00432328 ____N (Emsisoft GmbH) C:\Start Emergency Kit Scanner.exe
2015-02-15 20:27 - 2015-02-15 00:14 - 00432328 ____N (Emsisoft GmbH) C:\Start Commandline Scanner.exe
2015-02-15 20:27 - 2015-02-15 00:14 - 00423064 ____N (Emsisoft GmbH) C:\Start BlitzBlank.exe
2015-02-15 20:27 - 2015-02-15 00:14 - 00004079 ____N () C:\readme.txt
2015-02-15 19:47 - 2015-02-16 20:03 - 00000000 ____D () C:\FRST
2015-02-15 19:01 - 2015-02-15 19:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-13 13:37 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 13:37 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 13:37 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 16:12 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 16:12 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 16:12 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 16:12 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 16:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 16:12 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 16:12 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 16:12 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 16:12 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 16:12 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 16:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 16:12 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 16:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 16:12 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 16:12 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 16:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 16:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 16:12 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 16:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 16:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 16:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 16:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 16:12 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 16:12 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 16:12 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 16:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 16:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 16:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 16:12 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 16:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 16:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 16:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 16:12 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 16:12 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 16:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 16:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 16:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 16:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 16:12 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 16:11 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 16:11 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 16:11 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 16:11 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 16:11 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 16:11 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 16:11 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 16:11 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 16:11 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 16:11 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 16:11 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 16:11 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 16:11 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 16:11 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 16:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 16:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 16:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 16:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 16:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 16:11 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 16:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 16:11 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 16:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 16:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 16:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 16:11 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 16:11 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 16:11 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 16:11 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 16:11 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 16:11 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 16:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-09 20:15 - 2015-02-09 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 18:54 - 2011-12-12 17:42 - 01256192 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh664.sys
2015-02-06 18:54 - 2011-07-22 10:33 - 00025056 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2015-02-06 18:53 - 2015-02-06 18:53 - 00003036 _____ () C:\Windows\System32\Tasks\{5A73C415-FD4B-454D-AB3B-27A08EB793BF}
2015-02-03 20:34 - 2015-02-09 19:39 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Wunderlist
2015-02-03 20:17 - 2015-02-03 20:17 - 00002519 _____ () C:\Users\Public\Desktop\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00002505 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-02-03 20:17 - 2015-02-03 20:17 - 00000000 ____D () C:\Program Files (x86)\Wunderlist
2015-02-01 13:32 - 2015-02-16 11:04 - 00003482 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-01-29 14:49 - 2015-01-29 14:49 - 00003218 _____ () C:\Windows\System32\Tasks\{DC0D883F-D69E-46D7-803A-57A01201D1F8}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003210 _____ () C:\Windows\System32\Tasks\{7656A07E-F55E-40FD-9C57-CA7CD2A551B9}
2015-01-29 14:49 - 2015-01-29 14:49 - 00003208 _____ () C:\Windows\System32\Tasks\{0A495603-CF20-4506-B1C6-9F2DD2B383DC}
2015-01-29 14:37 - 2015-01-29 14:37 - 00002249 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 14:37 - 2015-01-29 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-29 12:23 - 2015-01-29 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-26 17:18 - 2015-02-15 23:13 - 00000000 ____D () C:\Program Files (x86)\deeAlsimarket
2015-01-26 17:18 - 2015-02-15 23:13 - 00000000 ____D () C:\Program Files (x86)\cRazylOwoeReprice
2015-01-26 17:18 - 2015-01-29 14:49 - 00000000 ____D () C:\Program Files (x86)\briowssE2buuy
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\ddeualsmairkEt
2015-01-26 17:17 - 2015-01-30 17:00 - 00000000 ____D () C:\Program Files (x86)\cRazylowerprice
2015-01-26 17:17 - 2015-01-30 16:55 - 00000000 ____D () C:\Program Files (x86)\Reddit Hover Text
2015-01-26 17:17 - 2015-01-26 17:18 - 00000000 ____D () C:\ProgramData\665828051187791809
2015-01-24 23:02 - 2015-01-24 23:02 - 00000000 ____D () C:\Users\Lucas\Documents\Guild Wars 2
2015-01-17 19:20 - 2015-01-18 11:13 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Yskaunza
2015-01-17 15:34 - 2015-01-17 15:34 - 00000000 ____D () C:\Users\Lucas\AppData\Local\ESN
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 20:04 - 2012-08-11 13:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Skype
2015-02-16 20:03 - 2014-06-12 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Spotify
2015-02-16 20:03 - 2014-06-12 16:43 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Spotify
2015-02-16 20:03 - 2013-10-24 18:49 - 00000000 ___RD () C:\Users\Lucas\Dropbox
2015-02-16 20:03 - 2013-10-24 18:47 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Dropbox
2015-02-16 20:03 - 2013-04-10 08:02 - 00000000 ____D () C:\Users\Lucas\AppData\Local\LogMeIn Hamachi
2015-02-16 20:03 - 2012-06-29 12:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 20:02 - 2013-08-09 15:26 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 20:02 - 2013-01-31 15:14 - 00546836 _____ () C:\Windows\PFRO.log
2015-02-16 20:02 - 2013-01-30 09:47 - 00112056 _____ () C:\Windows\setupact.log
2015-02-16 20:02 - 2012-07-22 15:15 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-16 20:02 - 2012-07-09 14:42 - 01103586 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 20:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 20:02 - 2009-07-14 05:45 - 05038304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 20:01 - 2012-09-05 13:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 20:01 - 2012-06-29 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-16 20:01 - 2012-06-29 12:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-16 20:00 - 2010-11-21 17:43 - 00000000 ____D () C:\Windows\ShellNew
2015-02-16 20:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-16 20:00 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-02-16 19:59 - 2012-06-29 12:57 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-16 19:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-16 19:58 - 2013-11-06 15:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-16 19:34 - 2012-08-23 15:23 - 00001002 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001UA.job
2015-02-16 19:23 - 2012-12-22 08:04 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-16 19:23 - 2012-08-10 23:56 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-16 19:11 - 2013-08-09 15:26 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:58 - 2012-12-22 08:04 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-16 18:13 - 2012-08-24 16:44 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\uTorrent
2015-02-16 16:43 - 2012-07-22 16:12 - 00000000 ____D () C:\Users\Lucas\AppData\Local\CrashDumps
2015-02-16 11:23 - 2010-11-21 17:33 - 08200694 _____ () C:\Windows\system32\perfh014.dat
2015-02-16 11:23 - 2010-11-21 17:33 - 02719882 _____ () C:\Windows\system32\perfc014.dat
2015-02-16 11:23 - 2009-07-14 06:13 - 00006822 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 11:20 - 2012-07-22 15:00 - 00111184 _____ () C:\Users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 11:19 - 2014-06-27 07:11 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Adobe
2015-02-16 11:11 - 2013-11-06 15:36 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-02-16 11:10 - 2013-11-06 15:36 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-02-16 11:10 - 2012-07-22 16:17 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Adobe
2015-02-16 11:09 - 2013-11-06 15:36 - 00001519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-02-16 11:09 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 11:09 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 11:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 10:42 - 2012-08-16 16:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 10:42 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-16 10:36 - 2012-06-29 12:57 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-16 10:32 - 2012-09-09 18:31 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-15 23:13 - 2015-01-07 14:57 - 00000000 ____D () C:\Users\Lucas\AppData\Local\YgPack
2015-02-15 23:13 - 2015-01-07 14:43 - 00000000 ____D () C:\Users\Lucas\AppData\Local\Ucdmedia
2015-02-15 22:34 - 2012-08-23 15:23 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-501375823-945938198-3930272533-1001Core.job
2015-02-15 14:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 12:11 - 2012-08-10 20:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-14 13:37 - 2013-05-29 15:49 - 00000000 ____D () C:\ProgramData\Codemasters
2015-02-14 13:37 - 2012-08-10 20:31 - 00000000 ____D () C:\Users\Lucas\Documents\My Games
2015-02-14 11:23 - 2013-05-31 21:03 - 00000000 ____D () C:\Users\Lucas\Zomboid
2015-02-12 12:17 - 2014-12-11 17:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 12:17 - 2014-05-07 15:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 11:54 - 2013-04-20 09:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 11:50 - 2013-08-14 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 11:41 - 2012-08-17 14:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 11:38 - 2013-10-24 18:49 - 00001017 _____ () C:\Users\Lucas\Desktop\Dropbox.lnk
2015-02-12 11:38 - 2013-10-24 18:48 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 11:36 - 2014-10-27 19:48 - 00000002 _____ () C:\Users\Lucas\Desktop\kjøretimer.txt
2015-02-10 16:54 - 2012-06-29 12:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-09 20:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2015-02-08 21:11 - 2013-11-09 17:40 - 00001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-06 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 21:03 - 2012-06-29 12:53 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:03 - 2012-06-29 12:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:03 - 2012-06-29 12:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 13:32 - 2012-11-04 18:45 - 00000000 ____D () C:\Windows\AutoKMS
2015-01-30 21:56 - 2014-01-01 13:02 - 00000000 ____D () C:\Users\Lucas\Documents\BFBC2
2015-01-29 14:48 - 2013-07-29 16:58 - 00000000 ____D () C:\Users\Lucas\AppData\Roaming\vlc
2015-01-29 14:37 - 2013-08-09 15:26 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-28 23:14 - 2015-01-13 20:06 - 00000022 _____ () C:\Users\Lucas\Documents\tempFolderPath.dat
2015-01-27 17:39 - 2015-01-07 14:58 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-22 19:02 - 2013-11-18 18:58 - 00000000 ____D () C:\Users\Lucas\Documents\Euro Truck Simulator 2
2015-01-22 18:52 - 2014-08-14 12:29 - 00000000 ____D () C:\Users\Lucas\Documents\ETS2MP
2015-01-19 20:57 - 2014-11-27 17:04 - 00000375 _____ () C:\Users\Lucas\Desktop\thing u need to remember mate.txt
2015-01-18 22:26 - 2013-01-19 20:47 - 00000000 ____D () C:\ProgramData\Origin
2015-01-18 20:13 - 2012-12-22 08:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-18 20:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-18 20:01 - 2013-01-20 00:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-01-18 20:00 - 2013-01-30 19:57 - 01037732 _____ () C:\Windows\DirectX.log
2015-01-17 20:21 - 2012-07-22 15:52 - 00000000 ____D () C:\Users\Lucas\Documents\Mount&Blade Warband Savegames
 
==================== Files in the root of some directories =======
 
2013-11-27 15:44 - 2010-01-15 10:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2013-11-09 18:28 - 2013-11-09 18:28 - 0000132 _____ () C:\Users\Lucas\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-03 19:12 - 2014-11-13 17:54 - 0000004 _____ () C:\Users\Lucas\AppData\Roaming\appdataFr2.bin
2014-06-04 10:16 - 2014-06-04 13:45 - 0000097 _____ () C:\Users\Lucas\AppData\Roaming\LauncherSettings_live.cfg
2015-01-10 10:51 - 2014-12-16 14:01 - 1742338 ___SH () C:\Users\Lucas\AppData\Roaming\Lucas.exe
2014-06-04 09:50 - 2014-06-04 09:50 - 0008144 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_live.bin
2014-06-04 09:45 - 2014-06-04 09:45 - 0000039 _____ () C:\Users\Lucas\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-11-09 17:40 - 2015-02-08 21:11 - 0001456 _____ () C:\Users\Lucas\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-30 17:35 - 2012-08-30 17:35 - 0000093 _____ () C:\Users\Lucas\AppData\Local\fusioncache.dat
2013-03-21 17:50 - 2013-03-21 17:50 - 0000600 _____ () C:\Users\Lucas\AppData\Local\PUTTY.RND
2014-06-15 09:04 - 2014-06-15 09:05 - 0000000 _____ () C:\Users\Lucas\AppData\Local\{12CD92E9-E338-43E1-94D7-9825FCFC1C1D}
2015-02-16 10:37 - 2015-02-16 10:37 - 0483005 _____ () C:\ProgramData\1424079236.bdinstall.bin
 
Some content of TEMP:
====================
C:\Users\Lucas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpolubfz.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-15 14:34
 
==================== End Of Log ============================


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 16 February 2015 - 02:14 PM

  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2015

:rolleyes:


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 SyrupWaffle

SyrupWaffle
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:12:40 PM

Posted 16 February 2015 - 02:17 PM

Very sorry, I did not install this program. Do I uninstall that one too?



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:40 PM

Posted 16 February 2015 - 02:24 PM

No.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users