Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
27 replies to this topic

#1 DavidS139

DavidS139

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 03 April 2015 - 05:59 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:56:28 PM, on 4/03/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
CHROME: 1.5.1383.0
 
Boot mode: Normal
 
Running processes:
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe
C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe
C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\Razer\Razer Cortex\main.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Anthony\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar: Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Anthony\AppData\Roaming\Dashlane\ie\KWIEBar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [AMDToggler] C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe
O4 - HKCU\..\Run: [Winfy] C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\winf..tion_0373d5dfee511524_0002.0000_c590cf976323fa95\Winfy.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [f.lux] "C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - HKCU\..\Run: [Spotify] "C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\man" --flag-switches-begin --flag-switches-end --restore-last-session
O4 - Startup: Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk = ?
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: http://*.hola.org
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{46DFB8CF-A705-44DA-9B96-0D0E98EA3133}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Celavimus Client Host (celavimushost) - altPUG LLC - C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 17961 bytes
 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 04 April 2015 - 03:10 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 04 April 2015 - 03:54 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Anthony (administrator) on COMPUTER on 04-04-2015 04:12:50
Running from C:\Users\Anthony\Downloads
Loaded Profiles: Anthony (Available profiles: Angie & Dennis & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(TeamSpeak Systems GmbH) C:\Users\Anthony\Downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(KEMiCZA) C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe
(Flux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe
(TeamSpeak Systems GmbH) C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Razer, Inc.) C:\Users\Anthony\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.242\deploy\LoLLauncher.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\ProcessCapturer.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.26\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.138\deploy\LolClient.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Aequus Gaming) C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-08-02] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-24] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-02] (Valve Corporation)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [AMDToggler] => C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe [548352 2014-06-19] (KEMiCZA)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Winfy] => C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\winf..tion_0373d5dfee511524_0002.0000_c590cf976323fa95\Winfy.exe [349808 2014-08-12] (Maximilian Krauss)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Spotify Web Helper] => C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Google Update] => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-24] (Google Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [f.lux] => C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6780256 2014-12-16] (Binary Fortress Software)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Dashlane] => C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Spotify] => C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\MountPoints2: J - "J:\setup.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> {46576975-4905-4CC8-8E70-B4AAE322156F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Anthony\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-02-17] (Dashlane)
Toolbar: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{46DFB8CF-A705-44DA-9B96-0D0E98EA3133}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-11-19] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1406094422-3886840985-1751211432-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1406094422-3886840985-1751211432-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-04-03]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.swagbucks.com/g/noso", "hxxp://www.swagbucks.com/polls", "hxxp://sc-s.com/", "hxxp://clandevastationhvk.enjin.com/home", "https://www.youtube.com/", "hxxp://www.surrenderat20.net/"
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-27]
CHR Extension: (Hide Fedora) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2014-12-09]
CHR Extension: (BetterTTV) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-11-16]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-04]
CHR Extension: (Slinky Elegant) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-02-13]
CHR Extension: (Google Cast) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-24]
CHR Extension: (Adblock Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-17]
CHR Extension: (Pushbullet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-20]
CHR Extension: (Steam inventory helper) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2014-10-31]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-06]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-04]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2015-02-12]
CHR Extension: (Tampermonkey) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-06]
CHR Extension: (Timer) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-06-22]
CHR Extension: (TekSavvy Usage Meter) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchiggjpbjfgkeflpbfnnlffbpeajnof [2014-12-07]
CHR Extension: (Dashlane) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-01-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2014-10-18]
CHR Extension: (Decline Unavailable Trade Offers) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafaokedcfcpllcpjjkdopdpafonhpen [2014-10-29]
CHR Extension: (Steam Market - Favorite Items) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpdlcimnbahbfecmnmcpicpejbmkoho [2014-12-18]
CHR Extension: (Twitch Live) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-06-17]
CHR Extension: (Deathamns) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-06-17]
CHR Extension: (CS:GO Lounge Multiple Accounts) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphkofafppppgihimdikacclfepeodme [2015-02-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-10-29]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Auto Refresh Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2014-07-12]
CHR Extension: (Enhanced Steam) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-04]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2014-06-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Anthony\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx [2015-02-19]
CHR HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Anthony\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Anthony\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx [2015-02-19]
CHR HKLM-x32\...\Chrome\Extension: [iehjklkgijkjfcfmmjmjlmcccholamaf] - C:\Users\Anthony\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-08] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-02-27] (altPUG LLC)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3075440 2014-12-16] (Binary Fortress Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-11-21] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [573736 2014-11-25] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-05-31] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [161744 2015-03-25] (RaMMicHaeL)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-10-04] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-03-29] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-11-21] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150401.001\IDSvia64.sys [671448 2015-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150403.002\ENG64.SYS [129752 2015-03-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150403.002\EX64.SYS [2137304 2015-03-18] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2512016 2014-06-13] (MediaTek Inc.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [38240 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38368 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-11-21] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 04:12 - 2015-04-04 04:13 - 00039265 _____ () C:\Users\Anthony\Downloads\FRST.txt
2015-04-04 04:12 - 2015-04-04 04:12 - 02095616 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe
2015-04-04 04:12 - 2015-04-04 04:12 - 00000000 ____D () C:\FRST
2015-04-03 18:56 - 2015-04-03 18:56 - 00017963 _____ () C:\Users\Anthony\Documents\hijackthis.log
2015-04-03 02:00 - 2015-04-03 02:00 - 00000000 ____D () C:\Users\Anthony\AppData\Local\openvr
2015-04-03 01:48 - 2015-04-03 01:49 - 12927440 _____ () C:\Users\Anthony\Downloads\ts3_recording_15_04_03_1_48_1.wav
2015-04-01 12:32 - 2015-04-01 12:32 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Stardock
2015-03-31 16:05 - 2015-03-31 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 16:05 - 2015-03-31 16:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-30 22:53 - 2015-04-04 02:51 - 00626185 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-30 22:48 - 2015-04-03 16:26 - 00000385 _____ () C:\WINDOWS\setupact.log
2015-03-30 22:48 - 2015-04-02 15:27 - 00079666 _____ () C:\WINDOWS\PFRO.log
2015-03-30 22:48 - 2015-03-30 22:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-30 21:01 - 2015-03-30 21:41 - 00000024 _____ () C:\Users\Anthony\random.dat
2015-03-30 21:01 - 2015-03-30 21:01 - 00000046 _____ () C:\Users\Anthony\jagex_cl_oldschool_LIVE.dat
2015-03-30 21:01 - 2015-03-30 21:01 - 00000000 ____D () C:\Users\Anthony\jagexcache
2015-03-30 17:02 - 2015-03-30 17:02 - 00000000 ____D () C:\Device
2015-03-30 17:00 - 2015-03-30 17:00 - 00000000 ____D () C:\ProgramData\Doctor Web
2015-03-30 16:44 - 2015-03-30 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HijackThis.exe
2015-03-30 16:34 - 2015-03-30 17:02 - 00000000 ____D () C:\Users\Anthony\Doctor Web
2015-03-30 16:32 - 2015-03-30 16:32 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\LavasoftStatistics
2015-03-30 16:24 - 2015-03-30 16:24 - 00000000 ____D () C:\Users\Anthony\AppData\Local\tbccint
2015-03-30 16:24 - 2015-03-30 16:24 - 00000000 ____D () C:\Users\Anthony\AppData\Local\TB
2015-03-30 16:24 - 2015-03-30 16:24 - 00000000 ____D () C:\Users\Anthony\AppData\Local\NativeMessaging
2015-03-30 16:24 - 2015-03-30 16:24 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CRE
2015-03-30 15:28 - 2015-03-30 15:28 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-03-29 17:25 - 2015-03-29 17:25 - 00000000 _____ () C:\autoexec.bat
2015-03-29 14:49 - 2015-03-29 14:49 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-03-29 14:45 - 2015-03-29 14:45 - 00001226 _____ () C:\WINDOWS\system32\.crusader
2015-03-29 14:32 - 2015-03-29 14:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-29 14:16 - 2015-03-29 14:16 - 11028616 _____ (SurfRight B.V.) C:\Users\Anthony\Desktop\HitmanPro_x64.exe
2015-03-29 14:16 - 2015-03-29 14:16 - 02168320 _____ () C:\Users\Anthony\Desktop\adwcleaner_4.113.exe
2015-03-29 14:15 - 2015-03-29 14:15 - 01389240 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2015-03-26 03:59 - 2015-03-26 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-26 01:06 - 2015-03-26 01:06 - 00000000 ____D () C:\Users\Anthony\Tracing
2015-03-25 17:32 - 2015-03-29 14:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Stardock
2015-03-25 17:32 - 2015-03-25 17:32 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Stardock
2015-03-25 17:32 - 2015-03-25 17:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-25 17:31 - 2015-03-25 17:31 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-25 17:28 - 2015-03-26 01:05 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-25 17:28 - 2015-03-25 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-03-25 17:28 - 2015-03-25 17:28 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-03-25 15:57 - 2015-03-25 15:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2015-03-24 22:10 - 2015-03-24 22:10 - 00001054 _____ () C:\Users\Anthony\Desktop\PBE.lnk
2015-03-20 18:07 - 2015-03-20 18:07 - 00000000 ____D () C:\Users\Anthony\Documents\My Games
2015-03-18 08:29 - 2015-03-18 08:29 - 00000000 _____ () C:\Recovery.txt
2015-03-18 04:02 - 2015-03-18 04:02 - 00000000 ____D () C:\KVRT_Data
2015-03-17 04:55 - 2015-03-17 04:55 - 00000000 ____D () C:\Users\Anthony\.tikione
2015-03-16 22:30 - 2015-03-17 01:25 - 15622194 _____ () C:\Users\Anthony\Documents\123.psd
2015-03-14 01:49 - 2015-03-14 01:49 - 00009728 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
2015-03-10 18:48 - 2015-04-03 03:24 - 65416909 _____ () C:\Users\Anthony\Downloads\The_Avengers+alvin+lee-colouring.psd
2015-03-10 16:24 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 16:24 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 16:24 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 16:24 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 16:24 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 16:24 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-10 16:24 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 16:24 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-10 16:24 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 16:23 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 16:23 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 16:23 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 16:23 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 16:23 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 16:23 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 16:23 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 16:23 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 16:23 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 16:23 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 16:23 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 16:23 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 16:23 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 16:23 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 16:23 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 16:23 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 16:23 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 16:23 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 16:23 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 16:23 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 16:23 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 16:23 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 16:23 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 16:23 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 16:23 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 16:23 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 16:23 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 16:23 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 16:23 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 16:23 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 16:23 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 16:23 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 16:23 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 16:23 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 16:23 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 16:23 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 16:23 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 16:23 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 16:23 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 16:23 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 16:23 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 16:23 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 16:23 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 16:23 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-10 16:23 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 16:23 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-10 16:23 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-10 16:23 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 16:23 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-10 16:23 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 16:23 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-10 16:23 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-10 16:23 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 16:23 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 16:23 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 16:23 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-10 16:23 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-10 16:23 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-10 16:23 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 16:23 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 16:23 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 16:23 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-10 16:23 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 16:23 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-10 16:23 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 16:23 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 16:23 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-10 16:23 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 16:23 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 16:23 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 16:23 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-10 16:23 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 16:23 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 16:23 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-10 16:23 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-10 16:23 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 16:23 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-10 16:23 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-10 16:23 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 16:23 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 16:23 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 16:23 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 16:23 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 16:23 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-10 16:23 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 16:23 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 16:23 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 16:23 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-10 16:23 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 16:23 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 16:23 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 16:23 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 16:23 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 16:23 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-07 18:18 - 2015-03-07 18:18 - 00001061 _____ () C:\Users\Public\Desktop\qBittorrent.lnk
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\Users\Anthony\AppData\Local\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-03-06 19:26 - 2015-03-06 19:26 - 00000000 ____D () C:\ProgramData\RzSurroundVAD_1.1.60.0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 04:11 - 2014-10-10 21:12 - 00000000 ____D () C:\Users\Anthony\Downloads\LSI
2015-04-04 04:11 - 2014-08-24 18:55 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA.job
2015-04-04 04:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-04 03:58 - 2013-04-04 17:13 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-04 03:35 - 2014-01-17 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-04 01:14 - 2013-10-15 20:53 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2015-04-03 23:56 - 2013-04-06 21:38 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\TS3Client
2015-04-03 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-03 22:50 - 2013-11-24 05:45 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4132109-15E5-4A0F-B001-B6CD88768C3F}
2015-04-03 22:43 - 2014-08-12 12:18 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Spotify
2015-04-03 22:18 - 2014-08-12 12:19 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Spotify
2015-04-03 22:18 - 2013-05-27 19:46 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Skype
2015-04-03 22:11 - 2014-08-24 18:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core.job
2015-04-03 22:06 - 2014-11-30 21:41 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ClassicShell
2015-04-03 19:36 - 2013-05-22 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 19:33 - 2013-12-26 07:55 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnthony
2015-04-03 19:33 - 2013-12-26 07:55 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAnthony.job
2015-04-03 18:37 - 2013-04-05 08:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1406094422-3886840985-1751211432-1004
2015-04-03 16:33 - 2014-11-15 01:36 - 00003242 _____ () C:\WINDOWS\System32\Tasks\Run LSI
2015-04-03 16:30 - 2014-05-10 18:55 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Raptr
2015-04-03 16:27 - 2015-02-18 00:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-03 16:27 - 2014-05-16 17:43 - 00000000 ____D () C:\Users\Anthony\AppData\Local\LogMeIn Hamachi
2015-04-03 16:27 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-03 16:26 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-03 03:31 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-03 03:25 - 2014-08-12 12:19 - 00001865 _____ () C:\Users\Anthony\Desktop\Spotify.lnk
2015-04-03 03:25 - 2014-08-12 12:19 - 00001851 _____ () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-03 02:00 - 2014-12-26 01:37 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Plex Media Server
2015-04-03 00:59 - 2013-11-17 14:20 - 00001734 _____ () C:\Users\Anthony\Desktop\Single Minecraft.txt
2015-04-02 21:55 - 2014-01-04 03:36 - 00001486 _____ () C:\Users\Anthony\Desktop\Tags.txt
2015-04-02 19:07 - 2015-01-05 00:58 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Dashlane
2015-04-02 17:53 - 2014-11-01 23:02 - 00001720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2015-04-02 17:53 - 2014-11-01 23:02 - 00000000 ____D () C:\Program Files\Rainmeter
2015-04-02 17:53 - 2014-11-01 21:48 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Rainmeter
2015-04-01 21:13 - 2014-05-10 18:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-01 16:43 - 2014-02-14 17:38 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Deployment
2015-04-01 15:37 - 2013-04-04 17:13 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Apps\2.0
2015-04-01 13:03 - 2014-12-19 17:34 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\ClassicShell
2015-04-01 12:57 - 2013-04-04 17:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1406094422-3886840985-1751211432-1002
2015-04-01 12:53 - 2014-12-09 11:42 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Raptr
2015-04-01 12:37 - 2013-11-17 08:33 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{642179AA-6CE2-4B8C-B7FD-2F8394648329}
2015-04-01 12:32 - 2014-09-04 07:35 - 00000000 ____D () C:\Users\Angie\AppData\Local\LogMeIn Hamachi
2015-03-30 22:56 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Anthony
2015-03-30 17:30 - 2014-12-06 03:32 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-03-30 17:22 - 2015-03-03 00:15 - 00000051 _____ () C:\Users\Anthony\Desktop\Twitch Stream.bat
2015-03-30 16:48 - 2013-04-04 17:11 - 00000000 ____D () C:\Users\Anthony\AppData\Local\VirtualStore
2015-03-30 16:36 - 2014-12-20 05:03 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 14:19 - 2014-11-23 23:42 - 00000000 ____D () C:\AdwCleaner
2015-03-27 19:51 - 2013-04-12 19:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-26 16:44 - 2014-08-16 02:00 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-03-26 16:42 - 2014-01-17 22:38 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-26 16:32 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-26 01:04 - 2014-10-13 18:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 01:04 - 2013-05-27 19:46 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 15:52 - 2014-11-25 18:42 - 00002341 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-03-25 15:52 - 2014-11-25 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-03-25 15:52 - 2013-04-06 21:12 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-03-25 15:52 - 2013-04-06 21:12 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2015-03-20 04:21 - 2014-10-19 14:16 - 00129136 _____ () C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 16:53 - 2014-10-17 20:58 - 05186032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-19 05:16 - 2014-11-19 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 04:40 - 2015-01-26 15:27 - 00000000 ____D () C:\WINDOWS\SysWOW64\DCS
2015-03-19 04:35 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Dennis
2015-03-19 04:35 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Angie
2015-03-19 04:34 - 2013-02-06 18:57 - 00000000 ____D () C:\ProgramData\Norton
2015-03-19 04:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-19 04:27 - 2013-04-04 17:13 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Google
2015-03-17 04:51 - 2015-02-15 20:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-17 01:26 - 2014-04-08 15:43 - 00000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CC Prefs
2015-03-16 22:08 - 2013-09-30 00:04 - 00960608 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-14 05:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 13:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 16:39 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 16:38 - 2013-04-06 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 16:27 - 2013-08-14 20:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 16:18 - 2013-04-06 21:20 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-07 18:14 - 2013-10-03 19:06 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2014-04-08 15:43 - 2015-03-17 01:26 - 0000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-02 21:06 - 2014-11-12 17:31 - 0000004 _____ () C:\Users\Anthony\AppData\Roaming\appdataFr2.bin
2015-01-06 19:38 - 2015-01-06 22:08 - 0000299 _____ () C:\Users\Anthony\AppData\Roaming\BreakingPoint_Login.ini
2015-01-06 19:38 - 2015-01-06 22:20 - 0001408 _____ () C:\Users\Anthony\AppData\Roaming\BreakingPoint_Options.ini
2013-12-12 07:10 - 2013-12-12 07:19 - 0000077 _____ () C:\Users\Anthony\AppData\Roaming\Rim.Desktop.Exception.log
2013-12-12 07:09 - 2015-01-06 00:39 - 0001937 _____ () C:\Users\Anthony\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-12-12 07:10 - 2013-12-12 07:19 - 0000077 _____ () C:\Users\Anthony\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-07 10:12 - 2014-10-10 21:01 - 0050176 _____ () C:\Users\Anthony\AppData\Roaming\RZR_00705a5c4653a60426e5fc30d0dc.db
2014-10-19 17:55 - 2015-03-20 04:38 - 0001445 _____ () C:\Users\Anthony\AppData\Roaming\SpeedRunnersLog.txt
2014-11-05 20:02 - 2014-11-10 20:37 - 0002930 _____ () C:\Users\Anthony\AppData\Roaming\TargetInvocationLog.txt
2014-12-14 23:32 - 2014-12-16 17:37 - 0000357 _____ () C:\Users\Anthony\AppData\Roaming\turing_files.ini
2014-02-19 17:41 - 2014-02-19 17:41 - 158105199 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_4_1_351.zip.aamdownload
2014-02-19 17:41 - 2014-02-19 17:41 - 0001943 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_4_1_351.zip.aamdownload.aamd
2013-12-26 07:57 - 2015-01-25 03:31 - 0007609 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
2013-12-01 23:45 - 2013-12-01 23:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-13 18:03 - 2014-05-13 18:04 - 0000688 _____ () C:\ProgramData\csgobm.project
2014-05-13 18:03 - 2014-05-13 18:04 - 0000146 _____ () C:\ProgramData\csgobm2.project
2014-05-13 17:52 - 2014-05-13 17:52 - 0000097 _____ () C:\ProgramData\csgobmsettings.ini
2013-05-13 17:21 - 2014-02-14 17:45 - 0001349 _____ () C:\ProgramData\hpzinstall.log
2013-04-04 16:20 - 2013-04-04 16:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Anthony\jagex_cl_oldschool_LIVE.dat
C:\Users\Anthony\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Germain\AppData\Local\Temp\ose00000.exe
C:\Users\Germain\AppData\Local\Temp\swt-win32-3740.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-03 18:37
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 04 April 2015 - 04:00 AM

Hi, 

please post the Addition.txt as well. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 04 April 2015 - 04:02 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Anthony at 2015-04-04 04:15:05
Running from C:\Users\Anthony\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
altPUG (HKLM-x32\...\{4FC41018-ABBF-47A0-B917-2DA88C04DA7D}) (Version: 1.2 - altPUG LLC)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
ChromecastApp (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Dashlane) (Version: 3.2.3.77451 - Dashlane SAS)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}) (Version: 0.92.85 - Dotjosh Studios)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
DisplayFusion 7.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.0.0.0 - Binary Fortress Software)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
f.lux (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Flux) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Hotspot Shield 4.01 (HKLM-x32\...\HotspotShield) (Version: 4.01 - AnchorFree Inc.)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IdleMaster (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\64f315a695d36dc0) (Version: 0.7.0.3 - IdleMaster)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Livestreamer 1.12.0 (HKLM-x32\...\Livestreamer) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Browser Server (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Media Browser Server) (Version: 3.0 - Media Browser Team)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OnTopReplica (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.48.0 - Mediatek)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.82.15 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.3.25.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2189.2 - Hi-Rez Studios)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Winfy (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\5d66c283c55326db) (Version: 2.0.2.0 - Winfy)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.3.400 - Initex & AAA Internet Publishing)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
26-03-2015 18:29:16 Scheduled Checkpoint
29-03-2015 14:43:55 Checkpoint by HitmanPro
30-03-2015 16:31:00 AA11
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-04-03 16:27 - 00002043 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03F96110-A4A7-4A95-812E-A884C2861744} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {066AF6D2-8B46-42DC-8D04-399D394AB0ED} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {079D147D-043C-460E-975C-9D397D921836} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {156067D9-5457-4F1A-8E80-FB1A633A5E9D} - System32\Tasks\{A967D9E9-BED9-4D93-8813-9A2FA33B01D4} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: {32E163F7-13AC-450D-99A6-CE60BF357D32} - System32\Tasks\{5EB04AD6-1923-40C3-9AFD-207A7EA4DF76} => pcalua.exe -a J:\setup.exe -d J:\ -c /autorun
Task: {34D876D5-AB15-433D-90D6-215551811F5D} - System32\Tasks\{998BA75A-A62F-451A-8A37-6C86E452B0B4} => pcalua.exe -a C:\Users\Anthony\AppData\Local\Roblox\Versions\version-8484f0d4199b4d0f\RobloxPlayerLauncher.exe -c -uninstall
Task: {34F7CEDA-D05C-438A-8F1D-F7C410AE450D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: {42858ED1-D4FB-4E24-833F-D549EB96D6B2} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()
Task: {5A844D38-AF41-4045-B908-7701E3CA4042} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DAE9C96-F289-43DB-BD8C-3575188FD6BE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {6241F63F-D6E6-4F4B-8B40-C4DBEFCD8B25} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {6F6D29F4-AFA7-40F4-BCA2-8BCDE53496B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {73E87636-0B4A-4362-9D18-7D6B00F8ECB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7464D8EC-863C-4834-BB46-F76C7DF92240} - System32\Tasks\HPCeeScheduleForAnthony => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {74FAF77F-41D3-4022-A9AB-1C27D2BBF992} - System32\Tasks\{D60739A4-9A8F-447A-99A6-1018C4847F71} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: {85F2CA54-7545-4411-9F56-D2B30228FCE4} - System32\Tasks\{C234EC8D-23FF-4B17-92BE-43509287DEC6} => pcalua.exe -a C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\laun...app_59711684aa47878d_0001.0021_4417046937e6ec53\Uninstaller.exe
Task: {87C8F845-7DDA-4CE3-96E5-193756538B83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {8F916577-ACE6-46ED-B63F-8B26437BD555} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {97CA9ACD-CFFE-4C9E-88F0-D1EC03ABE952} - System32\Tasks\BaronReplays => C:\Users\Anthony\Downloads\BaronReplays\BaronReplays.exe
Task: {A7852FDE-B12C-41DD-990B-2D0308F074EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B66ED3CB-A4A2-463B-B806-21F6C656A498} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B7FF040E-198A-4BF6-BE37-0B9D7FD40313} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BCC76ECA-A9E9-4244-BCA4-980E64C3032C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C7CE8159-EFD9-41A9-863C-BF901A9D7685} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D3F0C65F-1384-4BAA-9EF3-2D00E1258FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {E76F2EFF-B2A2-4256-963C-BDBD442162E0} - System32\Tasks\Run LSI => C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe [2015-04-01] (Aequus Gaming)
Task: {EB0306E1-A967-498F-95E7-741159DFF7FC} - System32\Tasks\{5FECB796-E333-41A0-86B3-35141E179030} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {F119E9C0-7958-4501-AA8E-652876717821} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {F28624D0-5CEA-47F5-AEDC-FFA24DECEEC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FC2D62E3-18BC-4AA2-B48B-7AC4DC7E6B82} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnthony.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-25 18:51 - 2014-11-25 18:51 - 00573736 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-07-31 14:59 - 2014-05-31 17:55 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-04 20:24 - 2015-02-04 20:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-09-25 14:38 - 2015-02-17 23:59 - 00864200 _____ () C:\Users\Anthony\Downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3db_sqlite3.dll
2015-01-05 00:59 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe
2014-03-13 14:36 - 2014-03-13 14:36 - 00173568 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 01080832 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00833024 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00102344 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00108488 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00030208 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00233984 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00563656 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-09 15:41 - 2014-08-06 15:39 - 00579016 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-12-14 14:43 - 2014-10-28 23:59 - 01029952 _____ () C:\Windows\System32\speech\engines\tts\MSTTSEngine.dll
2014-12-14 14:42 - 2014-10-28 20:46 - 00531456 _____ () C:\Windows\System32\speech\engines\tts\MSTTSLoc.DLL
2015-03-24 09:28 - 2015-03-24 09:28 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-24 09:27 - 2015-03-24 09:27 - 00408576 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00020992 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00058368 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00016896 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00033792 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2012-10-12 21:22 - 2012-10-12 21:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2015-03-14 01:49 - 2015-03-14 01:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2013-11-09 10:53 - 2013-11-09 10:53 - 00120224 _____ () C:\Users\Anthony\AppData\Local\assembly\dl3\NLPJ0JJQ.LE0\1WV7BO31.O6M\5c6a8a9e\00f33f28_e1a8cd01\HPItunesModule.DLL
2013-05-07 10:26 - 2013-05-07 10:26 - 01302080 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2015-04-01 17:00 - 2015-04-01 17:00 - 02353656 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.242\deploy\LoLLauncher.exe
2015-04-01 17:00 - 2015-04-01 17:00 - 03826680 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.26\deploy\LoLPatcher.exe
2014-09-01 02:53 - 2014-09-01 02:53 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.138\deploy\LolClient.exe
2015-03-19 17:39 - 2015-03-27 20:12 - 19062264 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\League of Legends.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-25 18:47 - 2014-11-25 18:47 - 00960808 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-12-11 23:31 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2015-03-03 17:27 - 2015-03-03 17:27 - 40622592 _____ () C:\Users\Anthony\Downloads\LSI\libcef.dll
2014-10-10 21:12 - 2014-10-10 21:12 - 00570947 _____ () C:\Users\Anthony\Downloads\LSI\sqlite3.dll
2013-02-06 18:45 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-17 17:07 - 2015-03-10 02:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-17 17:07 - 2015-04-02 19:02 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-17 17:07 - 2015-04-02 19:02 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-12-21 23:31 - 2014-12-21 23:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-02-05 05:20 - 2015-02-05 05:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 20:37 - 2014-08-13 20:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 20:37 - 2014-08-13 20:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2015-03-24 19:50 - 2015-03-24 19:50 - 02539776 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2014-11-14 17:16 - 2014-11-25 22:12 - 40622592 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-06-17 17:07 - 2015-02-24 21:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-14 17:16 - 2014-11-25 22:12 - 00911360 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-11-14 17:16 - 2014-11-25 22:12 - 00134144 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-03-03 17:27 - 2015-03-03 17:27 - 00911360 _____ () C:\Users\Anthony\Downloads\LSI\libglesv2.dll
2015-03-03 17:27 - 2015-03-03 17:27 - 00134144 _____ () C:\Users\Anthony\Downloads\LSI\libegl.dll
2015-03-03 17:27 - 2015-03-03 17:27 - 00950272 _____ () C:\Users\Anthony\Downloads\LSI\ffmpegsumo.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-12-21 23:31 - 2014-12-21 23:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 23:31 - 2014-12-21 23:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-08-14 17:18 - 2015-02-24 21:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-03-16 01:59 - 2015-04-03 03:24 - 40506936 _____ () C:\Users\Anthony\AppData\Roaming\Spotify\libcef.dll
2015-03-16 01:59 - 2015-04-03 03:24 - 01365560 _____ () C:\Users\Anthony\AppData\Roaming\Spotify\libglesv2.dll
2015-03-16 01:59 - 2015-04-03 03:24 - 00219192 _____ () C:\Users\Anthony\AppData\Roaming\Spotify\libegl.dll
2015-03-16 01:59 - 2015-03-22 17:23 - 09305656 _____ () C:\Users\Anthony\AppData\Roaming\Spotify\pdf.dll
2015-03-16 01:59 - 2015-04-03 03:24 - 00990776 _____ () C:\Users\Anthony\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-04-01 17:00 - 2015-04-01 17:00 - 01706488 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.26\deploy\RiotLauncher.dll
2014-09-01 02:51 - 2014-09-01 02:51 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.138\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2014-09-01 02:51 - 2014-09-01 02:51 - 16032616 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.138\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
2015-03-19 17:39 - 2015-03-27 20:12 - 01806328 _____ () C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.84\deploy\RiotLauncher.dll
2014-09-01 03:13 - 2015-04-01 17:00 - 01794040 _____ () C:\Riot Games\League of Legends\RADS\RiotRadsIO.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:x7MgFkacxUrTkVd98VK3IXp
AlternateDataStreams: C:\ProgramData\Microsoft:b5dbWwRzhgEfDjbrHSnus
AlternateDataStreams: C:\ProgramData\Microsoft:ROxy27RjXwOLMJfQ3up0Y9D2GsvC
AlternateDataStreams: C:\Users\Anthony\Cookies:6SGovLIzxb0x3GiXb3f3sxMQ
AlternateDataStreams: C:\Users\Anthony\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Anthony\AppData\Local\Temporary Internet Files:rRGjxb9t3UQcWP3TYzrC76Tm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony\AppData\Local\DisplayFusion\Wallpaper_1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Fences"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\StartupFolder: => "Fences.lnk"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "TeamSpeak 3 Client"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Winfy"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "WTFast Tray"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1406094422-3886840985-1751211432-500 - Administrator - Disabled)
Angie (S-1-5-21-1406094422-3886840985-1751211432-1002 - Limited - Enabled) => C:\Users\Angie
Anthony (S-1-5-21-1406094422-3886840985-1751211432-1004 - Administrator - Enabled) => C:\Users\Anthony
Dennis (S-1-5-21-1406094422-3886840985-1751211432-1003 - Limited - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-1406094422-3886840985-1751211432-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2015 01:14:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0x3e10
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
Faulting package full name: rads_user_kernel.exe4
Faulting package-relative application ID: rads_user_kernel.exe5
 
Error: (04/03/2015 06:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LoLSummonerInfo.exe, version: 4.6.0.2, time stamp: 0x551a9af6
Faulting module name: MMDevApi.dll, version: 6.3.9600.17415, time stamp: 0x54503afb
Exception code: 0xc0000005
Fault offset: 0x0001be48
Faulting process id: 0x75c
Faulting application start time: 0xLoLSummonerInfo.exe0
Faulting application path: LoLSummonerInfo.exe1
Faulting module path: LoLSummonerInfo.exe2
Report Id: LoLSummonerInfo.exe3
Faulting package full name: LoLSummonerInfo.exe4
Faulting package-relative application ID: LoLSummonerInfo.exe5
 
Error: (04/03/2015 04:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b8c
 
Start Time: 01d06e4c8ef14538
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 846e943b-da40-11e4-8198-78e3b5baf780
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (04/02/2015 03:33:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1384
 
Start Time: 01d06d7b315d6b92
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 25b0fcf9-d96f-11e4-8197-9c2a703721af
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (04/02/2015 03:31:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Computer)
Description: Package Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c+App was terminated because it took too long to suspend.
 
Error: (04/02/2015 03:30:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Computer)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/02/2015 03:29:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Computer)
Description: App Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c+App did not launch within its allotted time.
 
Error: (04/01/2015 09:17:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Computer)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/01/2015 05:14:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 16592.  Message ID: [0x2509].
 
Error: (04/01/2015 05:04:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Computer)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/03/2015 06:38:42 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/03/2015 06:38:12 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/03/2015 03:30:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/03/2015 01:46:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (04/03/2015 01:46:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (04/02/2015 07:46:55 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cS-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734
 
Error: (04/02/2015 06:47:26 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/01/2015 11:08:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (04/01/2015 11:08:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (04/01/2015 04:14:13 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A10-5800K APU with Radeon™ HD Graphics 
Percentage of memory in use: 49%
Total physical RAM: 12183.29 MB
Available physical RAM: 6178.3 MB
Total Pagefile: 14039.29 MB
Available Pagefile: 4882.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:911.27 GB) (Free:464.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.42 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6017CFC8)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

I am hearing random ads from my computer even though everything is closed. Its getting really annoying.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 04 April 2015 - 04:43 AM

I am hearing random ads from my computer even though everything is closed. Its getting really annoying.


How long have you had this issue?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 04 April 2015 - 02:23 PM

For the past month ive tried fixing it myself, but came to a dead end



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 04 April 2015 - 02:47 PM


Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 1

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 04 April 2015 - 03:06 PM

 
Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by Anthony on 04/04/2015 at 15:50:18.88.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anthony\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
4/04/2015 3:56:16 PM Zoek.exe System Restore Point Created Successfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe
C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\Razer\Razer Cortex\main.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
C:\Users\Anthony\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 12184 MB
CPU Info: AMD A10-5800K APU with Radeon™ HD Graphics
CPU Speed: 3799.4 MHz
Sound Card: Line 2 (Virtual Audio Cable) | 
Communication Headphones (IDT H | 
Line 1 (Virtual Audio Cable) | 
Speakers (Razer Surround Audio  | 
Display Adapters: AMD Radeon HD 7570 | AMD Radeon HD 7570 | AMD Radeon HD 7570
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TAP-Win32 Adapter V9 (Tunngle) | Anchorfree HSS VPN Adapter | VPN Client Adapter - VPN | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) | Ralink RT5390R 802.11bgn Wi-Fi Adapter | LogMeIn Hamachi Virtual Ethernet Adapter
CD / DVD Drives: 2x (F: | J: | ) F: hp      DVD-RAM SW820    | J:
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  911.3GB | D:  18.4GB
Hard Disks - Free: C:  464.2GB | D:  2.3GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1072009
Time Zone: Eastern Standard Time
Motherboard *: MSI 2AE0
Country: Canada 
Language: ENC 
 
==== System Specs (Software) ======================
 
Anti-Virus: Norton 360 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Norton 360 disabled (Outdated)
Firewall: Norton 360 disabled
Default Browser: Google Chrome 41.0.2272.118
Internet Explorer Version: 11.0.9600.17690 
Google Chrome version: 41.0.2272.118
Sun Java version: 1.8.0_31 (32-bit) 
Sun Java version: 1.8.0_31 (64-bit) 
Flash Player version: 17.0.0.134
Shockwave Player version: 12.1.5r155
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
2015-03-10 20:23:08 C10A66189DC8C090E7C84873EDCEBC88 2501368 ----a-w- C:\WINDOWS\explorer.exe
====== C:\Users\Anthony\AppData\Local\Temp ====
====== Java Cache =====
2015-03-31 01:01:19 D2944DFFBFDA7675F1DA9EFB766E44B6 81 ----a-w- C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\4dbc7f93-c20705459aaeb6480d1636fc7c222aafaa0ad82d5b036fdcd2f9c6616305ec76-6.0.lap
2015-03-31 01:01:30 94B223A9F10268BA66B0D8A7DAA21860 1582452 ----a-w- C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1b59cb65-10f7779c
2015-03-31 01:01:52 0318D3F32678A83FD3BB8F6E2DB7FDF0 67861 ----a-w- C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57726079-56eb118f
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-03-29 18:45:45 241AB30671DB26A7C127771F0F0E79AF 1226 ----a-w- C:\WINDOWS\Sysnative\.crusader
====== C:\WINDOWS\Sysnative\drivers =====
2015-03-30 19:28:52 7797D1580D933056023B822BB5CD0FE2 44296 ---ha-w- C:\WINDOWS\Sysnative\drivers\Hamdrv.sys
2015-03-29 18:49:34 258DE302160DEEAFAB4453BB292CCF8F 43664 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys
2015-03-10 20:24:27 D296D0F0DB2CD1504F90405603664493 264000 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2015-03-10 20:24:26 9F4DF0043965808973023A9B51A11136 114496 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys
2015-03-10 20:24:26 1751F6B031ADAC34724511057D2E455D 44024 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
2015-03-10 20:23:37 6D3A2565E01B3E4B0F1BEDB0D4B00B3F 1113920 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2015-03-10 20:23:36 42F88B57CAE42FC10059C887B3FCFCEA 97792 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidbth.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-03-31 20:05:36 -------- d-----w- C:\PROGRA~2\LogMeIn Hamachi
2015-03-25 21:31:59 -------- d-----w- C:\PROGRA~2\Stardock
2015-03-25 21:28:52 -------- d-----w- C:\PROGRA~2\Unchecky
2015-03-07 22:18:00 -------- d-----w- C:\PROGRA~2\qBittorrent
======= C: =====
2015-03-29 21:25:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2015-03-18 12:29:35 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Recovery.txt
====== C:\Users\Anthony\AppData\Roaming ======
2015-04-03 06:00:04 -------- d-----w- C:\Users\Anthony\AppData\Local\openvr
2015-04-01 16:32:46 -------- d-----w- C:\Users\Angie\AppData\Roaming\Stardock
2015-03-30 20:32:47 -------- d-----w- C:\Users\Anthony\AppData\Roaming\LavasoftStatistics
2015-03-30 20:24:40 -------- d-----w- C:\Users\Anthony\AppData\Local\TB
2015-03-30 20:24:40 -------- d-----w- C:\Users\Anthony\AppData\Local\NativeMessaging
2015-03-30 20:24:26 -------- d-----w- C:\Users\Anthony\AppData\Local\tbccint
2015-03-30 20:24:23 -------- d-----w- C:\Users\Anthony\AppData\Locallow\TB
2015-03-30 20:24:23 -------- d-----w- C:\Users\Anthony\AppData\Local\CRE
2015-03-25 21:32:09 -------- d-----w- C:\Users\Anthony\AppData\Local\Stardock
2015-03-25 21:32:03 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Stardock
2015-03-07 22:18:16 -------- d-----w- C:\Users\Anthony\AppData\Local\qBittorrent
2015-03-07 22:18:06 -------- d-----w- C:\Users\Anthony\AppData\Roaming\qBittorrent
====== C:\Users\Anthony ======
2015-04-04 08:12:06 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Anthony\Downloads\FRST64.exe
2015-03-31 20:05:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 01:01:53 734745752DF8F96A0EBE2A812E21C19E 24 ----a-w- C:\Users\Anthony\random.dat
2015-03-31 01:01:53 0ACECFEEE117EC3154535D51F7D5057E 46 ----a-w- C:\Users\Anthony\jagex_cl_oldschool_LIVE.dat
2015-03-31 01:01:53 -------- d-----w- C:\Users\Anthony\jagexcache
2015-03-30 21:00:32 -------- d-----w- C:\ProgramData\Doctor Web
2015-03-30 20:34:37 -------- d-----w- C:\Users\Anthony\Doctor Web
2015-03-29 18:32:30 -------- d-----w- C:\ProgramData\HitmanPro
2015-03-29 18:16:28 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\Anthony\Desktop\adwcleaner_4.113.exe
2015-03-29 18:16:02 5C80FF85C8644A630D341F27176042BA 11028616 ----a-w- C:\Users\Anthony\Desktop\HitmanPro_x64.exe
2015-03-29 18:15:49 9423B3B5B3BAB52891FE62694304B30C 1389240 ----a-w- C:\Users\Anthony\Desktop\JRT.exe
2015-03-26 07:59:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-26 05:06:20 -------- d-----w- C:\Users\Anthony\Tracing
2015-03-25 21:32:09 -------- d-----w- C:\ProgramData\Stardock
2015-03-25 21:28:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-03-25 21:28:57 -------- d-----w- C:\ProgramData\Unchecky
2015-03-17 08:55:47 -------- d-----w- C:\Users\Anthony\.tikione
2015-03-07 22:18:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-06 23:26:29 -------- d-----w- C:\ProgramData\RzSurroundVAD_1.1.60.0
 
====== C: exe-files ==
2015-04-03 00:59:23 04A8F29E2CB7A633109E6AF1316F6E97 864336 ----a-w- C:\Program Files (x86)\Google\Update\Install\{BA4F76BF-288B-473C-A68C-A1829F6B2BAC}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
2015-04-03 00:59:23 04A8F29E2CB7A633109E6AF1316F6E97 864336 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.118\41.0.2272.118_41.0.2272.101_chrome_updater.exe
=== C: other files ==
2015-03-30 19:28:52 7797D1580D933056023B822BB5CD0FE2 44296 ---ha-w- C:\Program Files (x86)\LogMeIn Hamachi\hamdrv.sys
2015-03-30 19:25:00 1E6438D4EA6E1174A3B3B1EDC4DE660B 33856 ---ha-w- C:\Program Files (x86)\LogMeIn Hamachi\hamachi.sys
2015-03-29 21:25:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"AMDToggler"="C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe"
"Winfy"="C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\winf..tion_0373d5dfee511524_0002.0000_c590cf976323fa95\Winfy.exe"
"Spotify Web Helper"="C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Google Update"="C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"f.lux"="C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"Dashlane"="C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe autoLaunchAtStartup"
"Spotify"="C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
 
[HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app --load-component-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\man --flag-switches-begin --flag-switches-end --restore-last-session"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"AdobeCEPServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe -launchedbylogin"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Raptr"="C:\Program Files (x86)\Raptr\raptrstub.exe --startup"
"StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"RazerCortex"="C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"AMDToggler"="C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe"
"Winfy"="C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\winf..tion_0373d5dfee511524_0002.0000_c590cf976323fa95\Winfy.exe"
"Spotify Web Helper"="C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Google Update"="C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"f.lux"="C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
"DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"Dashlane"="C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe autoLaunchAtStartup"
"Spotify"="C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app --load-component-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\man --flag-switches-begin --flag-switches-end --restore-last-session"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe /startup"
"BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
==== Startup Folders ======================
 
2013-12-02 03:47:33 1960 ----a-w- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk
2014-11-02 03:02:33 1744 ----a-w- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
2013-05-13 21:23:26 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/26/2015 04:42 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/04/2013 05:13 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core.job --a-------- C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [08/24/2014 06:54 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA.job --a-------- C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [08/24/2014 06:54 PM]
C:\WINDOWS\tasks\HPCeeScheduleForAnthony.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\BaronReplays" [C:\Users\Anthony\Downloads\BaronReplays\BaronReplays.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core" [C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA" [C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForAnthony" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Officejet 6500 E710a-f" ["C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe"]
"C:\WINDOWS\SysNative\tasks\HPGenoobeReminder" ["C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe"]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Run LSI" ["C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{642179AA-6CE2-4B8C-B7FD-2F8394648329}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A4132109-15E5-4A0F-B001-B6CD88768C3F}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 04/04/2015 at 16:03:18.69 ======================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 05 April 2015 - 04:22 AM

Step 1

51a612a8b27e2-Zoek.pngFix with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    C:\Users\Anthony\Downloads\LSI;fp
    C:\Users\Anthony\Downloads\BaronReplays;fp
    autoclean;
    emptyclsid;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 05 April 2015 - 02:50 PM

 
Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by Anthony on 04/05/2015 at 14:50:44.83.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anthony\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-04-04-200318.log 19953 bytes
 
==== System Restore Info ======================
 
4/05/2015 2:56:40 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\OpenVPN Technologies deleted successfully
C:\PROGRA~2\Overwolf deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\Users\Anthony\AppData\Roaming\Awesomium deleted successfully
C:\Users\Anthony\AppData\Roaming\Curse Advertising deleted successfully
C:\Users\Anthony\AppData\Roaming\Mozilla deleted successfully
C:\Users\Anthony\AppData\Roaming\uTorrent deleted successfully
C:\Users\Angie\AppData\Local\VirtualStore deleted successfully
C:\Users\Anthony\AppData\Local\HP Quick Start deleted successfully
C:\Users\Anthony\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Anthony\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Anthony\AppData\Local\Secunia PSI deleted successfully
C:\Users\Anthony\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\Dennis\AppData\Local\VirtualStore deleted successfully
C:\Users\Germain\AppData\Local\VirtualStore deleted successfully
 
==== Creating Sample_052015_0316.zip ======================
 
Process C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe killed
Copied folder C:\Users\Anthony\Downloads\LSI to sample\LSI
sample\LSI\cef.pak renamed to 31904A8DBB5CCD071B335127E462672C
sample\LSI\cfct.zip renamed to EB9236065AE077A716EDA60A57ED5427
sample\LSI\d3dcompiler_43.dll renamed to 1C9B45E87528B8BB8CFA884EA0099A85
sample\LSI\d3dcompiler_46.dll renamed to 75895A5668A43F7B8D3CF1F57E937BBE
sample\LSI\d3dx9_43.dll renamed to 86E39E9161C3D930D93822F1563C280D
sample\LSI\devtools_resources.pak renamed to 3FE544F33528D709E764C907C49BDC81
sample\LSI\ffmpegsumo.dll renamed to 0446594CE7CFAA0BDABC735DDA32B657
sample\LSI\games_new.db renamed to 53FE9BAC2C96AD10EB62E8B597684018
sample\LSI\GeneralCharacterData.ini renamed to A0BC2C7CF3FC3166595E816ACEC72EC5
sample\LSI\icudt.dll renamed to 450553EBD50160A48C3822BA08CF4C0F
sample\LSI\libcef.dll renamed to E78CDED7A7769987C52D18340F7028B4
sample\LSI\libeay32.dll renamed to F2246EF47EED6ABC2A1F8A7320819B35
sample\LSI\libEGL.dll renamed to 2D6715E95541B2CE4C5230D00E93EBF9
sample\LSI\libGLESv2.dll renamed to 06C9A78BE50AD2D9CA19880C52E0EABF
sample\LSI\login_screens.db renamed to F4029982B9DBF447D15850919DB253BD
sample\LSI\LoLSummonerInfo.exe renamed to CB0D141A158CFAD14CCD9210CB3C9141
sample\LSI\settings.ini renamed to 60D246FDD2B099F77AC9FE5F75A8F159
sample\LSI\sqlite3.dll renamed to D9E9F9BAF324BB1B954751FB22884B41
sample\LSI\ssleay32.dll renamed to C00F5BE869DE16DF6B3327227308188C
sample\LSI\locales\am.pak renamed to 52056B6EE08F6FCBA1D1571A9672E8D7
sample\LSI\locales\ar.pak renamed to FC6AD60CADC0B017C38B7D1FF092AB1D
sample\LSI\locales\bg.pak renamed to 25269A8D6A22F13C09BD243B15C8E337
sample\LSI\locales\bn.pak renamed to 5934055D02AEBE5E0DE2B8D40C514B68
sample\LSI\locales\ca.pak renamed to 0A2A4F06A5FFCEB139158489CC893548
sample\LSI\locales\cs.pak renamed to DBF8BF7F57FAB032CFE7DABB67E0F3B2
sample\LSI\locales\da.pak renamed to 4570642794D22BC8A66CFC5C10819717
sample\LSI\locales\de.pak renamed to FB8A847EC0D155DF6E0E364DF6177F0D
sample\LSI\locales\el.pak renamed to BEAEC6EA360E6BD4BA51EA92F6FF3362
sample\LSI\locales\en-GB.pak renamed to EFCEB48CB183234684B7EF030EC49C41
sample\LSI\locales\en-US.pak renamed to 4954CB7184DA213E4ED8FEB2EF7E30E9
sample\LSI\locales\es-419.pak renamed to 16276D284D67DD25807F0E675215EA79
sample\LSI\locales\es.pak renamed to 58B3DD770A40FE2204DFC4C0A82C9684
sample\LSI\locales\et.pak renamed to 32EEC7AD7769F6459E6A480F7C52BB6D
sample\LSI\locales\fa.pak renamed to 218AA7D56C7A5812AD9B08D171D1D391
sample\LSI\locales\fi.pak renamed to F7E4308E00DCAF7B2E9CE97D0B4855AC
sample\LSI\locales\fil.pak renamed to 6BD35EF7D3809FA674F4BE58B34E6278
sample\LSI\locales\fr.pak renamed to 42F9A62623003457A705C7AB77E0D3DB
sample\LSI\locales\gu.pak renamed to C3589C3D491C31B34015FA7FB6BD3DFE
sample\LSI\locales\he.pak renamed to AD50BE65F733E6432EC2C2AAA40444C0
sample\LSI\locales\hi.pak renamed to B9608AF75DDD2B2B14716A9DCF829FDE
sample\LSI\locales\hr.pak renamed to B7FC7A7A5F520633125FCAEB58369BDA
sample\LSI\locales\hu.pak renamed to 75A1854BBD53211BDE536F2F25B9C7C0
sample\LSI\locales\id.pak renamed to 2929CD6DC04080A034C64453F89E938A
sample\LSI\locales\it.pak renamed to BF2E39D2C0C3F252EF89FCC0968C17F0
sample\LSI\locales\ja.pak renamed to A8CF81B634F30D774518386851216E9E
sample\LSI\locales\kn.pak renamed to 3208167DEA46E227F68F1EFD09901FD9
sample\LSI\locales\ko.pak renamed to 06FD1FE3EE8FF58366E61CC228AB7AA8
sample\LSI\locales\lt.pak renamed to 188836A6FD0A035FDDD8E54CF9089075
sample\LSI\locales\lv.pak renamed to B73835B7B6F3FD483096514F003B8653
sample\LSI\locales\ml.pak renamed to C022EA898352E3FA1E9C84A83F6DC81C
sample\LSI\locales\mr.pak renamed to D54DFFB6E701CAA4FBD7C7F10093683B
sample\LSI\locales\ms.pak renamed to E41DC4EB5563E2B822EC96604A58555C
sample\LSI\locales\nb.pak renamed to D05F5A74BCB22AE2FFB3B49BEF89BC7A
sample\LSI\locales\nl.pak renamed to 58B35E7D92D93F503E59026225CF692C
sample\LSI\locales\pl.pak renamed to 2047E68BEDE4CA1FB4E05F14899D106F
sample\LSI\locales\pt-BR.pak renamed to 7034B4F7402A294EBD4AAB4EB3A32C7D
sample\LSI\locales\pt-PT.pak renamed to 99A7A6F342531700B236E26B8C29472C
sample\LSI\locales\ro.pak renamed to 2E54EA0A7338D5B5BD93DF606A96338F
sample\LSI\locales\ru.pak renamed to C64E82F17A166A574766975A4C1C88A3
sample\LSI\locales\sk.pak renamed to 2A7D0AADCBB0A3EFD679CAD9F7D9BF01
sample\LSI\locales\sl.pak renamed to 1B2FFC7994B98DBBFD3CD0DA6C82CD47
sample\LSI\locales\sr.pak renamed to F4BD6E9AEB24A3E5299854752FF58685
sample\LSI\locales\sv.pak renamed to BC0B1198F1E7E4AE5D01EB4CEA02D494
sample\LSI\locales\sw.pak renamed to D17B6CD8D97AA0C8E94028CD2B7F5D9C
sample\LSI\locales\ta.pak renamed to 6441FE112321E5483A23F92260C6EB92
sample\LSI\locales\te.pak renamed to A363637B04872DA7C61330F761BA18B0
sample\LSI\locales\th.pak renamed to 965DFF74ED591E64E32E36CF7B0EEC0A
sample\LSI\locales\tr.pak renamed to 351CA382D8D92872044088A408417189
sample\LSI\locales\uk.pak renamed to E2A99CA0D94FA806ED32EF85A8607D9D
sample\LSI\locales\vi.pak renamed to BD553EE20C78869C6ADC889001AC81D9
sample\LSI\locales\zh-CN.pak renamed to A5A1A7EF7AB4034E7BBABA6A185248FB
sample\LSI\locales\zh-TW.pak renamed to 243A6F818D92BC6069FCE38D7FE6BBED
sample\LSI\logs\LSI-Log 01-04-2015 15-42-46-367.txt renamed to B55B6326780E1415C4DBC09BBA83751F
sample\LSI\logs\LSI-Log 01-04-2015 16-38-32-210.txt renamed to 4F3142B9B7792795E29A000FDC33BDD3
sample\LSI\logs\LSI-Log 01-04-2015 17-01-42-575.txt renamed to 8EE5F42CF52DAB5F49E74FD4B99B65F5
sample\LSI\logs\LSI-Log 02-04-2015 15-35-46-995.txt renamed to B0C22F553C69F959F3031D6DEF2BCD33
sample\LSI\logs\LSI-Log 03-04-2015 01-49-44-185.txt renamed to 1FB8492FD82C2A0088A43DBCD7B062D3
sample\LSI\logs\LSI-Log 03-04-2015 16-33-44-760.txt renamed to 2611A690312CFACBA0758CBAF70B0714
sample\LSI\logs\LSI-Log 04-04-2015 14-59-40-885.txt renamed to 6A073A320A83F692D8A80216B1276735
sample\LSI\logs\LSI-Log 04-04-2015 15-24-00-702.txt renamed to 560502A1B737B99A0CE3E8D83895E7F9
sample\LSI\logs\LSI-Log 05-04-2015 14-39-42-181.txt renamed to EF0C6F8377FB1ADC156221B868B8652E
sample\LSI\logs\LSI-Log 24-03-2015 15-46-37-668.txt renamed to EAAC68B195DC2495A91E1C01E4B01A92
sample\LSI\logs\LSI-Log 25-03-2015 16-02-26-966.txt renamed to 8136CA18EE81D7ED31048D5083E93277
sample\LSI\logs\LSI-Log 26-03-2015 16-42-17-065.txt renamed to 0D0C124E749847A57AAE0978A213AD32
sample\LSI\logs\LSI-Log 27-03-2015 15-33-09-120.txt renamed to AA79E78A8C46EBC4D2CECA72F95962D9
sample\LSI\logs\LSI-Log 28-03-2015 17-59-46-508.txt renamed to B3EB0DE8FD17D96F72A5622D7805E9CB
sample\LSI\logs\LSI-Log 29-03-2015 12-22-52-608.txt renamed to 798934C76F42C89409CFED98C4946B71
sample\LSI\logs\LSI-Log 29-03-2015 14-26-01-204.txt renamed to 0F3093F0888C15B8853A9E0B1C35D7CC
sample\LSI\logs\LSI-Log 29-03-2015 14-55-34-141.txt renamed to ADECEADC8C0B801F451F9E8F2DC11ADD
sample\LSI\logs\LSI-Log 29-03-2015 21-38-44-423.txt renamed to 6C4F81098B33A2A4822B64DB67393EB9
sample\LSI\logs\LSI-Log 30-03-2015 15-55-36-691.txt renamed to A631AC94DA4271FFD735D9AC100D6BD8
sample\LSI\logs\LSI-Log 30-03-2015 22-54-46-296.txt renamed to DEE0F0C5FE8BFEF5C1DAA15DFC6F9675
sample\LSI\logs\LSI-Log 31-03-2015 16-13-56-709.txt renamed to 905720F21809FD5934CF30657945E526
sample\LSI\replays\replay_0_NA.replay renamed to 22057111B79248E239C82E6C11CEF70D
sample\LSI\replays\replay_1644197783_NA.replay renamed to 6533256D0784F9C0AE9CFFC991870FB5
sample\LSI\replays\replay_1644306268_NA.replay renamed to A7A678A34BED27E87AC276EDB6ED2378
sample\LSI\replays\replay_1644415556_NA.replay renamed to 213F136B099323C3FE96EC3DC6D47CEC
sample\LSI\replays\replay_1646618296_NA.replay renamed to 001F3CF6D4698B0134D0AF0D6E50CDE9
sample\LSI\replays\replay_1648354068_NA.replay renamed to E1BC4074AFCA06854062F2AF085D283C
sample\LSI\replays\replay_1654653362_NA.replay renamed to 9DC680401B8E4E9A454648BA4D68A0B8
sample\LSI\replays\replay_1654984078_NA.replay renamed to B51FC17D0DF90DF7E18874FAD67C0FD1
sample\LSI\replays\replay_1655781169_NA.replay renamed to 0285ACC9B901605FBA8B0E78A3B3F4BB
sample\LSI\replays\replay_1660664929_NA.replay renamed to 4FDDEE63775F4A1945128440466440A8
sample\LSI\replays\replay_1662294587_NA.replay renamed to C3BD6272179676DBCF1CD4C07179EEBF
sample\LSI\replays\replay_1662295396_NA.replay renamed to 2BB52D5760FF31959674B80308B13580
sample\LSI\replays\replay_1662296235_NA.replay renamed to 5856D135F60BF1EFF6E29A3ACBF85A92
sample\LSI\replays\replay_1664883435_NA.replay renamed to 306C1E8CEA5AEFB20FCF551AC4CA493C
sample\LSI\replays\replay_1664884669_NA.replay renamed to ED47934AFFE40E56F94C72AA9EF002ED
sample\LSI\replays\replay_1664888134_NA.replay renamed to FF757E7354B84C15C3FD2CC5285BBB46
sample\LSI\replays\replay_1665033354_NA.replay renamed to B5C14E0795D8602DE129530ABAA68D1F
sample\LSI\replays\replay_1665167217_NA.replay renamed to 4EF0B68DADE747ED41A1AE4F111AB163
sample\LSI\replays\replay_1665565717_NA.replay renamed to 4BE7807E9F3181E4A0B05956507601D4
sample\LSI\replays\replay_1668138549_NA.replay renamed to F51D1D8EE2135B55467123DA95A0C750
sample\LSI\replays\replay_1668162058_NA.replay renamed to 7048DAF6401FD63BB8C235569A6ECA9D
sample\LSI\replays\replay_1668303847_NA.replay renamed to 051971D4AD3FBCFE4DD67EE242C375C6
sample\LSI\replays\replay_1671070452_NA.replay renamed to BE4007E0E6712FEB2620ED23007EE454
sample\LSI\replays\replay_1671076680_NA.replay renamed to 90E649D681FD50FBD17ECAC4B4E2F4F7
sample\LSI\replays\replay_1675143125_NA.replay renamed to 391B72BC3DC1DE436114D59ADE1D807B
sample\LSI\replays\replay_1679927947_NA.replay renamed to E909775FB52BC6F7341836EDDE3F0237
sample\LSI\replays\replay_1694094858_NA.replay renamed to 910A2FDD93769E8320F459652C8E6597
sample\LSI\replays\replay_1705461849_NA.replay renamed to C33E4BCE8B485AF6E24604DFBBFF4A94
sample\LSI\replays\replay_1708167237_NA.replay renamed to 4BC2171E4AE068BCF8AE093F63E1A5E0
sample\LSI\replays\replay_1708287004_NA.replay renamed to 06BA580F95DBCC54EC87FB6AA29105DC
sample\LSI\replays\replay_1709197134_NA.replay renamed to 38AF5B888B4A6DC76DC018A97AD93103
sample\LSI\replays\replay_1709230141_NA.replay renamed to 7BAA448CF5E58CC380C4951B5FA6C2C1
sample\LSI\replays\replay_1712012176_NA.replay renamed to 88E5F5080CD99CCDFF408AA7E79F3EE0
sample\LSI\replays\replay_1728311254_NA.replay renamed to 8554213E20E02E19D830F674D5F7BE66
sample\LSI\replays\replay_1728401889_NA.replay renamed to E4980168FA654248A3CA3E9EC3989480
sample\LSI\replays\replay_1749093367_NA.replay renamed to D2EA3C62D031EB7033BD74D1AE37297D
sample\LSI\replays\replay_1749135575_NA.replay renamed to 58E35D2DF59DB311DFBCBB74C18E56EC
sample\LSI\replays\replay_1749159030_NA.replay renamed to 33FF066200325A7AA0DDDD47396B45CE
sample\LSI\replays\replay_1749212988_NA.replay renamed to 3182B1A586FB278AD3AF28584D4DB3E4
sample\LSI\replays\replay_1749232621_NA.replay renamed to 971A736F7277119D24A27B91F9F09DCE
sample\LSI\replays\replay_1750194057_NA.replay renamed to 1D13C6AE7994EFD0EBF26CA184245AC4
sample\LSI\replays\replay_1750226336_NA.replay renamed to 93BDB3C0235489DDC9584CA3962EA0BF
sample\LSI\replays\replay_1750274147_NA.replay renamed to D05769E611CC0C16B52E80BB356AD30E
sample\LSI\replays\replay_1750401364_NA.replay renamed to 65B2D7F11F01029A0823CF93B63705A0
sample\LSI\replays\replay_1750942161_NA.replay renamed to 1FCDE655465B4D3000A7B5BAAF47710E
sample\LSI\replays\replay_1751186829_NA.replay renamed to DEA5581A07359ED51B5C618ACA5F0E51
sample\LSI\replays\replay_1751197975_NA.replay renamed to E45ABD3EE48D5ECB4C47AC501DDC33FA
sample\LSI\replays\replay_1751377670_NA.replay renamed to 637982E4CE64D68BA78C281FB98D9010
sample\LSI\replays\replay_1751505387_NA.replay renamed to 41C8439AFF00F29DE37E187AA5BC6694
sample\LSI\replays\replay_1752700837_NA.replay renamed to EA836CBD160DD76E81DBD98DD1907539
sample\LSI\replays\replay_1753278779_NA.replay renamed to 884344984D4700A419795F0F7566A172
sample\LSI\replays\replay_1753478377_NA.replay renamed to 54DA4C86DE38492D0F7CBB17E67553D3
sample\LSI\replays\replay_1753523937_NA.replay renamed to 6A7808A9E970220979876A80995AD3BC
sample\LSI\replays\replay_1753574323_NA.replay renamed to 8577E9AC7F867F99984FEC4E8E3C99A0
sample\LSI\replays\replay_1753642844_NA.replay renamed to 6C1D14119BF99E24D544CF01E1EBD940
sample\LSI\replays\replay_1753708436_NA.replay renamed to 59500314518D33A7F6538F56CDA466FA
sample\LSI\replays\replay_1753826416_NA.replay renamed to 4AA80563C7830E53F2F32A2788773CE4
sample\LSI\replays\replay_1753982123_NA.replay renamed to 5F88157617B85E4F4FCA9CBAF2F5FC79
sample\LSI\replays\replay_1753999160_NA.replay renamed to 656104D4FD6E84967D1E3DB5EBEFDBCE
sample\LSI\replays\replay_1754056990_NA.replay renamed to 9D8C37ED9CEF248671BBB05C59B60A34
sample\LSI\replays\replay_1754390018_NA.replay renamed to BEE27CB2A0A8159BC734D9DBF6A921D2
sample\LSI\replays\replay_1754402965_NA.replay renamed to 851BAF40CB203248F8A5770A487955C0
sample\LSI\replays\replay_1754448166_NA.replay renamed to C2B94A338DAD1D60F8B6217F741CE35D
sample\LSI\replays\replay_1754583003_NA.replay renamed to 1A0F46729EDE29A42E153ACA0ACFC9D5
sample\LSI\replays\replay_1754636046_NA.replay renamed to 9216BD06D4A2BFA683BC6CD1FE64F900
sample\LSI\replays\replay_1754691250_NA.replay renamed to 15F88322C7657BD6B2BA45FABEF6BAF6
sample\LSI\replays\replay_1755382122_NA.replay renamed to 7F72FABFF11CD008FF2A3F95CC787798
sample\LSI\replays\replay_1755702936_NA.replay renamed to 8C560A72B3A52ABEDC32137DA296150E
sample\LSI\replays\replay_1755718666_NA.replay renamed to BFE90F55ED75C96E140F6060FB213BEB
sample\LSI\replays\replay_1756213946_NA.replay renamed to 6EC674F07F2D804B79C4098888B5DAB1
sample\LSI\replays\replay_1756236506_NA.replay renamed to F131E174F0CE3809ED05421A76C9F50C
sample\LSI\replays\replay_1757233943_NA.replay renamed to 9612DDE3D26AD1272C48919CEC204B2D
sample\LSI\replays\replay_1757351920_NA.replay renamed to B7CCD7172A9D6E38348D02A6395FA366
sample\LSI\replays\replay_1757403452_NA.replay renamed to EC5B0439B9336E3D8C5AD842314D53C7
sample\LSI\replays\replay_1757445038_NA.replay renamed to 3EF48F5D43BF98BD8AD1302111D9D99D
sample\LSI\replays\replay_1757876405_NA.replay renamed to AF2D749091D32059446A9D712C93AE5E
sample\LSI\replays\replay_1758037456_NA.replay renamed to 51A1D196F30AE2CD3368B27EAF17AE23
sample\LSI\replays\replay_1758055633_NA.replay renamed to 8A44AB7D1DD5E6171C824DC9132CB746
sample\LSI\replays\replay_1758287133_NA.replay renamed to D5F52C3DF0A8C4C51B8BD85AAF7CA98F
sample\LSI\replays\replay_1758680988_NA.replay renamed to 80E5935AC8D6C31D14A9572B1B6468DB
sample\LSI\replays\replay_1758706201_NA.replay renamed to 1B5D37F92A1D595775113267F2E90821
sample\LSI\replays\replay_1759061873_NA.replay renamed to C2C4133460B5CCE042EA63BAA4A0DAF3
sample\LSI\replays\replay_1759083606_NA.replay renamed to AB91123B8EAD65FB2B86DFEAC89429F4
sample\LSI\replays\replay_1759758588_NA.replay renamed to 6DA21B9AD8F411C20A1BBCDE22BB67B3
sample\LSI\replays\replay_1759801856_NA.replay renamed to 20C444B2D32469592B46DC04F0011AF3
sample\LSI\replays\replay_1759817351_NA.replay renamed to D96C5347EA1408469F4A938DC89CCFE8
sample\LSI\replays\replay_1759843034_NA.replay renamed to 0A2BD8D480D899502CF3DCF6E08FE68C
sample\LSI\replays\replay_1759858240_NA.replay renamed to 1FEE94101AD905C72CE9A0243F47499E
sample\LSI\replays\replay_1759880751_NA.replay renamed to 24122259143767636F8CA514C35CC75D
sample\LSI\replays\replay_1760501901_NA.replay renamed to 239B42DD20C75F53E5F00D3E7D7FC258
sample\LSI\replays\replay_1760549037_NA.replay renamed to 1A7B4E03FD34657C20B92BC577395E12
sample\LSI\replays\replay_1760592366_NA.replay renamed to 6DD2239DF21AB4A3C32512C672724D1C
sample\LSI\replays\replay_1761094400_NA.replay renamed to 3FCFE1DC12667B9EC3D27E515B469E36
sample\LSI\replays\replay_1761140318_NA.replay renamed to FF78845394C81B7F370D32660604B971
sample\LSI\replays\replay_1761684105_NA.replay renamed to E90FC49A015591708F8C4847E698E65E
sample\LSI\replays\replay_1762084207_NA.replay renamed to 1DCF1DA5AF0BA68628CA608C8C813197
sample\LSI\replays\replay_1762131856_NA.replay renamed to D8A3EF0A59C020C5BC7C6DDB3971A5AB
sample\LSI\replays\replay_1762159542_NA.replay renamed to 066E65BEF7E3007F19BD9862877E0BD8
sample\LSI\replays\replay_1762193613_NA.replay renamed to EC46EF1DE0145EAAEF892CCE5AC36F26
sample\LSI\replays\replay_1762220808_NA.replay renamed to 53F1B0F9DA8365292A83594D96EBACF5
sample\LSI\replays\replay_1762643540_NA.replay renamed to 8438BE51AB188243257679007EB9D9F1
sample\LSI\replays\replay_1762644366_NA.replay renamed to AA7EF33E4C6371E2164C32DC2D805722
sample\LSI\replays\replay_1762671737_NA.replay renamed to 9706A8782903A970F6028C39D5C28926
sample\LSI\replays\replay_1762689063_NA.replay renamed to 5C1D5AEF2EC3D311B0E2C81F577BBF8A
sample\LSI\replays\replay_1762689722_NA.replay renamed to EA9BA4300A7BF20B7FCD989FCB3FC344
sample\LSI\replays\replay_1762707737_NA.replay renamed to FC8BA3FD5B991F2596DCC43285CAC9B0
sample\LSI\replays\replay_1762742407_NA.replay renamed to E06BF04C5BB02228FE32ED241E9C7D71
sample\LSI\replays\replay_1763288173_NA.replay renamed to 273DC295141FFAC8FAA13885CAF24BB5
sample\LSI\replays\replay_1763296079_NA.replay renamed to DDFBE2AF5D15BDC95541B3EAF6EEB29B
sample\LSI\replays\replay_1763594475_NA.replay renamed to 46523301DF5C6E815E30C3410B6872DF
sample\LSI\replays\replay_1763731025_NA.replay renamed to 23BBAEB77960A8125879A0B4C945CE68
sample\LSI\replays\replay_1763757959_NA.replay renamed to 8DF79647A26DA16AEE3681CF853BD677
sample\LSI\replays\replay_1763787354_NA.replay renamed to A69B31A92431B8081332CE73376960C9
sample\LSI\replays\replay_1763790363_NA.replay renamed to 68849EB530ED2E7AE7064C4CAA4BFF50
sample\LSI\replays\replay_1764148072_NA.replay renamed to 238FB28D1CDE3FBD1807744414F48A0C
sample\LSI\replays\replay_1764175119_NA.replay renamed to FE23C380C36B5FA025EA1580CE0417E6
sample\LSI\replays\replay_1764210678_NA.replay renamed to 8D25F46A0516C90D43D0AB1A8FAC10F9
sample\LSI\replays\replay_1764267272_NA.replay renamed to 8A08390DAC8039BB1E87880689663239
sample\LSI\replays\replay_1764286226_NA.replay renamed to C37A5548FD4B372F66C6CDFDD2E49955
sample\LSI\replays\replay_1764765274_NA.replay renamed to CBD3D67DCE9C22F63EDAAAB4E5419FAE
sample\LSI\replays\replay_1764766046_NA.replay renamed to 70316F9B43B5A5FA62C794360A5AD393
sample\LSI\replays\replay_1764767000_NA.replay renamed to 698BA50EED6D5CAE36FAE99261AA097B
sample\LSI\replays\replay_1764786733_NA.replay renamed to 16CF95153DF168798339B9BA74BCC0E8
sample\LSI\replays\replay_1764793970_NA.replay renamed to 1AAE4449A9D7E34CE915C9087D5143FB
sample\LSI\replays\replay_1764825117_NA.replay renamed to 984E1C2CBA586C4647B092D8A30CC2BA
sample\LSI\replays\replay_1764863409_NA.replay renamed to 2371EAAFCE8180E794E7327ED857E8DB
sample\LSI\replays\replay_1765298116_NA.replay renamed to 1BECCB904D17B503F0B60EBAA3D66CA4
sample\LSI\replays\replay_1765314080_NA.replay renamed to BAEDC32F18FAE659235CA9E53EF9E7F3
sample\LSI\replays\replay_1765338546_NA.replay renamed to 924C358374212E75DC56CADBF91A2507
sample\LSI\replays\replay_1765341697_NA.replay renamed to 2AE0E44A10870ABDE4515CEBA8016C09
sample\LSI\replays\replay_1765361661_NA.replay renamed to 12A6E9DE0828EF0EE13C3BA22C281C53
sample\LSI\replays\replay_1765984798_NA.replay renamed to 23FE0AA26C5BCD2CCB1328174018FDB8
sample\LSI\replays\replay_1766008966_NA.replay renamed to 6DFA321E47AD39F52E525770029310ED
sample\LSI\replays\replay_1766042819_NA.replay renamed to E171F177E52D8CA8425DA343312F541D
sample\LSI\replays\replay_1766057774_NA.replay renamed to 86C84A32F5C15BEC6E1DC645825D9289
sample\LSI\replays\replay_1766275153_NA.replay renamed to C524305CE24F1D65D0B07648579156F6
sample\LSI\replays\replay_1766405517_NA.replay renamed to E94C5AC838E993E2694B8EABE610312D
sample\LSI\replays\replay_1766513969_NA.replay renamed to A18BDEA998B465EFD6554DC2AA24C4E7
sample\LSI\replays\replay_1766553209_NA.replay renamed to 6D455AC17AFC46EC9F4F5FDE13C9AE7D
sample\LSI\replays\replay_1766678354_NA.replay renamed to F8B9A63CCDD658C595B69A702B888132
sample\LSI\replays\replay_1766743575_NA.replay renamed to 5FF04E0204D7DBF46AA2478E3351ADB2
sample\LSI\replays\replay_1766805231_NA.replay renamed to D244EBBAE5D616E314F3F770F8542B4C
sample\LSI\replays\replay_1767167929_NA.replay renamed to 949B9B8BDB62E5357DAEFC110BD8BA18
sample\LSI\replays\replay_1767210305_NA.replay renamed to 65B05CD2255B101E09564F99BEFB4008
sample\LSI\replays\replay_1767881664_NA.replay renamed to 2F4413839B8BB5CDE60DE351618F595D
sample\LSI\replays\replay_1767910350_NA.replay renamed to 862F73B05E50CE7A6B04B22302CE2F9E
sample\LSI\replays\replay_1767918974_NA.replay renamed to BE50D4B0F0E00BFDFAC982A1E3D5429F
sample\LSI\replays\replay_1768378305_NA.replay renamed to 6F8C74B4012C3A5234EABB8E301B8F36
sample\LSI\replays\replay_1768435934_NA.replay renamed to 2CB200D87D9FD3771F156443EBD0CC99
sample\LSI\replays\replay_1768443585_NA.replay renamed to A2B237208EACD7E2E7EC5A968F5FDC57
sample\LSI\replays\replay_1768465905_NA.replay renamed to 19724EFE09C10EC7A6F2A1F1F9BBAFA0
sample\LSI\replays\replay_1769052146_NA.replay renamed to D2DEFAD322E6CA8E1A6A5F0DC4B1EB7C
sample\LSI\replays\replay_1769289891_NA.replay renamed to 5E20068E5FA2CF7627DF55D5ECDBC33E
sample\LSI\replays\replay_1769317025_NA.replay renamed to DE9812C1FD9B7CDA1E2EB7908D5B0E4C
sample\LSI\replays\replay_1769936310_NA.replay renamed to 4946EF33A61E8C97FB9757D170AB3E2D
sample\LSI\replays\replay_1770058996_NA.replay renamed to 71EED127392A28154D8DBC5C25F0CFF8
sample\LSI\replays\replay_1770908453_NA.replay renamed to 1E4F7D98F355EDF5A27EB4D604B04283
sample\LSI\replays\replay_1771626591_NA.replay renamed to C71348FD89D19D8CCB4E3C61D1C4B83F
sample\LSI\replays\replay_1771635011_NA.replay renamed to 3DFABBBB4534DEB8714F3B97CEDF6778
sample\LSI\replays\replay_1771643191_NA.replay renamed to D7E54D0E8FB8EDB274E8BC806E011FB3
sample\LSI\replays\replay_1771755342_NA.replay renamed to 25DF043157A3ACB5C3C37511DB4DA421
sample\LSI\replays\replay_1771854823_NA.replay renamed to 345E6E944931E3628C03DDFB29F430FB
sample\LSI\replays\replay_1772246499_NA.replay renamed to DAB43541263D20FA4121370F1FE77AD5
sample\LSI\replays\replay_1772247265_NA.replay renamed to C559F50F32989F043E623EDE28D85B0B
sample\LSI\replays\replay_1772285504_NA.replay renamed to 5811E61D7700AB16B20D95296AB3A838
sample\LSI\replays\replay_1772286879_NA.replay renamed to 0B9FBBA4817D1BCC9CB1AB8D9A8A1D95
sample\LSI\replays\replay_1772530880_NA.replay renamed to 6CA500071A0F2DAB4F664AD0FC468C5E
sample\LSI\replays\replay_1774090231_NA.replay renamed to 028EC122B9BBD33E2A9E40E9D3083189
sample\LSI\replays\replay_1774190814_NA.replay renamed to 8FDFA34AEA18816D0C44FE8C090AF1CA
sample\LSI\replays\replay_1774295760_NA.replay renamed to E59DF81F2BA32F43766B47AFE8504B55
sample\LSI\replays\replay_1774345866_NA.replay renamed to 51392DBF773209A558E4D76A78CA48F6
sample\LSI\replays\replay_1775482449_NA.replay renamed to D680BD7818175EB0670FFA3C035564CA
sample\LSI\replays\replay_1775518100_NA.replay renamed to 6BF3D857D197F7ECEF9E056A17063B74
sample\LSI\replays\replay_1775529605_NA.replay renamed to D85E0A9B37A951F3C9F73860B58E873F
sample\LSI\replays\replay_1775788474_NA.replay renamed to B701C516F16066FF1861D88FC62E5486
sample\LSI\replays\replay_1775791631_NA.replay renamed to B6894114D499BBF71BA992A9F485EC03
sample\LSI\replays\replay_1776142126_NA.replay renamed to 985808230B9191B955EDE3D420D4E66E
sample\LSI\replays\replay_1776214647_NA.replay renamed to 7A7EEFA7A7B50559BB08D3CFAABD8E05
sample\LSI\replays\replay_1776703084_NA.replay renamed to E3D04815CDFC0FA6713E6D40E5D2F6D3
sample\LSI\replays\replay_1777242136_NA.replay renamed to DD4A1A485625CC995FA54E30FF119999
sample\LSI\replays\replay_1777285718_NA.replay renamed to 828FA09F1A925CF56B27361F712C4DC7
sample\LSI\replays\replay_1777350776_NA.replay renamed to 8507D5A98FF60B385AF87F61AD7E36C8
sample\LSI\replays\replay_1778425026_NA.replay renamed to D504A1CF44E30AE1BBD17171ACA88C13
sample\LSI\replays\replay_1778483146_NA.replay renamed to CF4733E2644A354249369DC0B612D261
sample\LSI\replays\replay_1778520257_NA.replay renamed to F78B15EB513A5627D28451FEEC786AE6
sample\LSI\replays\replay_1779575379_NA.replay renamed to 37D730DF12890A3E105FC61C962A4C2A
sample\LSI\replays\replay_1779604782_NA.replay renamed to 9D94A5A48A39B0F7C6849F47409AEBDD
sample\LSI\replays\replay_1779645075_NA.replay renamed to A9B1E4912A819578F0834CCF63CAB1D1
sample\LSI\replays\replay_1779681684_NA.replay renamed to C4CAD31E07D91CE217669E3E261F06C7
sample\LSI\replays\replay_1779695177_NA.replay renamed to F2E4AB88C1478739888420E45E803A5C
sample\LSI\replays\replay_1780258672_NA.replay renamed to 86A7BB81594228951B8ACE6D2987AFBF
sample\LSI\replays\replay_1781521896_NA.replay renamed to DE1333380A1F65FA83B6F00008C568FC
sample\LSI\replays\replay_1781624059_NA.replay renamed to 795899D11CE84FF37F53728CFB7F7578
sample\LSI\replays\replay_1781677915_NA.replay renamed to B6E297C5A23395C7E497E03B83DB4CF2
sample\LSI\replays\replay_1781747315_NA.replay renamed to 1F84F303836E890F60E03BD7A7F6C829
sample\LSI\replays\replay_1781797409_NA.replay renamed to 8BEAE712F002C2E088267F5B9939DA3F
sample\LSI\replays\replay_1782429496_NA.replay renamed to AB541514CB589D63A722414344D55A8F
sample\LSI\replays\replay_1783076863_NA.replay renamed to 4DE508364BFDE6987C6AEA071115C5FD
sample\LSI\replays\replay_1783110271_NA.replay renamed to B78A4ACC68D6AE3474A6C26C823CCB1E
sample\LSI\replays\replay_1783151395_NA.replay renamed to E16ED62098EAF87B1BFD988D4752D940
sample\LSI\replays\replay_1783306337_NA.replay renamed to 58208736035FB00456DBDBC5A99A5791
sample\LSI\replays\replay_1783355811_NA.replay renamed to 915C2EBF7C362C1C37EE3587FA488233
sample\LSI\replays\replay_1783375297_NA.replay renamed to 4AB0D16B5CE2D2183A4E2AE1BC31A929
sample\LSI\replays\replay_1783420059_NA.replay renamed to 6C27E4E05AC4879705BEC1911DF998B7
sample\LSI\replays\replay_1783436683_NA.replay renamed to 9CDCE6DC44F3319BA777D712813EA3EE
sample\LSI\replays\replay_1783442775_NA.replay renamed to 9B9FD29C9E3FC8745BB1D7233F181F53
sample\LSI\replays\replay_1784662416_NA.replay renamed to 8DC4704E5F09B1BD9FFF075DADD11927
sample\LSI\replays\replay_1784685311_NA.replay renamed to EA5D9191C440EE33119728374BD75311
sample\LSI\replays\replay_1784716751_NA.replay renamed to 2E0416B927A801354501701E53305B4E
 
C:\Users\Public\Desktop\sample_052015_0316.zip created successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Internet Explorer\SearchScopes\{46576975-4905-4CC8-8E70-B4AAE322156F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{46576975-4905-4CC8-8E70-B4AAE322156F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46576975-4905-4CC8-8E70-B4AAE322156F} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\OpenVPN Technologies not found
C:\PROGRA~2\Overwolf not found
C:\PROGRA~2\R.G. Mechanics not found
"C:\Users\Anthony\Downloads\BaronReplays" not found
C:\PROGRA~2\DAEMON Tools Pro deleted
C:\Users\Anthony\AppData\Roaming\.minecraft deleted
C:\Users\Anthony\AppData\Roaming\.technic deleted
C:\Users\Anthony\AppData\Roaming\livestreamer deleted
C:\Users\Anthony\AppData\Roaming\Winfy deleted
C:\PROGRA~3\Overwolf deleted
C:\PROGRA~2\Hotspot Shield deleted
C:\install.exe deleted
C:\Users\Anthony\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Anthony\AppData\Roaming\BreakingPoint_Login.ini deleted
C:\Users\Anthony\AppData\Roaming\BreakingPoint_Options.ini deleted
C:\Users\Anthony\AppData\Roaming\turing_files.ini deleted
C:\Users\Anthony\AppData\Roaming\SpeedRunnersLog.txt deleted
C:\Users\Anthony\AppData\Roaming\TargetInvocationLog.txt deleted
C:\Users\Anthony\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\Anthony\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\Anthony\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\Users\Anthony\AppData\Roaming\Common deleted
C:\Users\Anthony\AppData\Roaming\Hotspot Shield deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Anthony\AppData\Local\CRE deleted
C:\Users\Anthony\AppData\Local\TB deleted
C:\Users\Anthony\AppData\Local\tbccint deleted
C:\Users\Anthony\AppData\Local\NativeMessaging deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Clip Converter deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Anthony\AppData\LocalLow\TB deleted
C:\components deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
C:\WINDOWS\Syswow64\Hotspot Shield deleted
C:\Users\Public\Desktop\Hotspot Shield.lnk deleted
"C:\Users\Anthony\Downloads\LSI\cef.pak" deleted
"C:\Users\Anthony\Downloads\LSI\cfct.zip" deleted
"C:\Users\Anthony\Downloads\LSI\d3dcompiler_43.dll" deleted
"C:\Users\Anthony\Downloads\LSI\d3dcompiler_46.dll" deleted
"C:\Users\Anthony\Downloads\LSI\d3dx9_43.dll" deleted
"C:\Users\Anthony\Downloads\LSI\devtools_resources.pak" deleted
"C:\Users\Anthony\Downloads\LSI\ffmpegsumo.dll" deleted
"C:\Users\Anthony\Downloads\LSI\games_new.db" deleted
"C:\Users\Anthony\Downloads\LSI\GeneralCharacterData.ini" deleted
"C:\Users\Anthony\Downloads\LSI\icudt.dll" deleted
"C:\Users\Anthony\Downloads\LSI\libcef.dll" deleted
"C:\Users\Anthony\Downloads\LSI\libeay32.dll" deleted
"C:\Users\Anthony\Downloads\LSI\libEGL.dll" deleted
"C:\Users\Anthony\Downloads\LSI\libGLESv2.dll" deleted
"C:\Users\Anthony\Downloads\LSI\login_screens.db" deleted
"C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe" deleted
"C:\Users\Anthony\Downloads\LSI\settings.ini" deleted
"C:\Users\Anthony\Downloads\LSI\sqlite3.dll" deleted
"C:\Users\Anthony\Downloads\LSI\ssleay32.dll" deleted
"C:\Users\Anthony\Downloads\LSI\locales\am.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ar.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\bg.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\bn.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ca.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\cs.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\da.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\de.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\el.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\en-GB.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\en-US.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\es-419.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\es.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\et.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\fa.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\fi.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\fil.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\fr.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\gu.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\he.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\hi.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\hr.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\hu.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\id.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\it.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ja.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\kn.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ko.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\lt.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\lv.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ml.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\mr.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ms.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\nb.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\nl.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\pl.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\pt-BR.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\pt-PT.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ro.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ru.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\sk.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\sl.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\sr.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\sv.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\sw.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\ta.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\te.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\th.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\tr.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\uk.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\vi.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\zh-CN.pak" deleted
"C:\Users\Anthony\Downloads\LSI\locales\zh-TW.pak" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 01-04-2015 15-42-46-367.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 01-04-2015 16-38-32-210.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 01-04-2015 17-01-42-575.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 02-04-2015 15-35-46-995.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 03-04-2015 01-49-44-185.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 03-04-2015 16-33-44-760.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 04-04-2015 14-59-40-885.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 04-04-2015 15-24-00-702.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 05-04-2015 14-39-42-181.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 24-03-2015 15-46-37-668.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 25-03-2015 16-02-26-966.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 26-03-2015 16-42-17-065.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 27-03-2015 15-33-09-120.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 28-03-2015 17-59-46-508.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 29-03-2015 12-22-52-608.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 29-03-2015 14-26-01-204.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 29-03-2015 14-55-34-141.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 29-03-2015 21-38-44-423.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 30-03-2015 15-55-36-691.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 30-03-2015 22-54-46-296.txt" deleted
"C:\Users\Anthony\Downloads\LSI\logs\LSI-Log 31-03-2015 16-13-56-709.txt" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_0_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1644197783_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1644306268_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1644415556_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1646618296_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1648354068_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1654653362_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1654984078_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1655781169_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1660664929_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1662294587_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1662295396_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1662296235_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1664883435_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1664884669_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1664888134_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1665033354_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1665167217_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1665565717_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1668138549_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1668162058_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1668303847_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1671070452_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1671076680_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1675143125_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1679927947_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1694094858_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1705461849_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1708167237_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1708287004_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1709197134_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1709230141_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1712012176_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1728311254_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1728401889_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1749093367_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1749135575_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1749159030_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1749212988_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1749232621_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1750194057_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1750226336_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1750274147_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1750401364_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1750942161_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1751186829_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1751197975_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1751377670_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1751505387_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1752700837_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753278779_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753478377_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753523937_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753574323_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753642844_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753708436_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753826416_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753982123_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1753999160_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754056990_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754390018_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754402965_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754448166_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754583003_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754636046_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1754691250_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1755382122_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1755702936_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1755718666_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1756213946_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1756236506_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1757233943_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1757351920_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1757403452_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1757445038_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1757876405_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1758037456_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1758055633_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1758287133_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1758680988_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1758706201_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759061873_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759083606_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759758588_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759801856_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759817351_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759843034_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759858240_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1759880751_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1760501901_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1760549037_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1760592366_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1761094400_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1761140318_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1761684105_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762084207_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762131856_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762159542_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762193613_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762220808_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762643540_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762644366_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762671737_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762689063_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762689722_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762707737_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1762742407_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763288173_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763296079_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763594475_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763731025_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763757959_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763787354_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1763790363_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764148072_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764175119_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764210678_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764267272_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764286226_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764765274_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764766046_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764767000_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764786733_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764793970_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764825117_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1764863409_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765298116_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765314080_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765338546_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765341697_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765361661_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1765984798_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766008966_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766042819_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766057774_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766275153_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766405517_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766513969_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766553209_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766678354_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766743575_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1766805231_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1767167929_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1767210305_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1767881664_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1767910350_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1767918974_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1768378305_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1768435934_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1768443585_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1768465905_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1769052146_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1769289891_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1769317025_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1769936310_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1770058996_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1770908453_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1771626591_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1771635011_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1771643191_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1771755342_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1771854823_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1772246499_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1772247265_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1772285504_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1772286879_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1772530880_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1774090231_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1774190814_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1774295760_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1774345866_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1775482449_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1775518100_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1775529605_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1775788474_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1775791631_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1776142126_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1776214647_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1776703084_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1777242136_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1777285718_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1777350776_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1778425026_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1778483146_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1778520257_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1779575379_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1779604782_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1779645075_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1779681684_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1779695177_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1780258672_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1781521896_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1781624059_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1781677915_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1781747315_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1781797409_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1782429496_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783076863_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783110271_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783151395_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783306337_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783355811_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783375297_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783420059_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783436683_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1783442775_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1784662416_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1784685311_NA.replay" deleted
"C:\Users\Anthony\Downloads\LSI\replays\replay_1784716751_NA.replay" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll" deleted
"C:\Users\Anthony\Downloads\LSI" deleted
"C:\Users\Anthony\Downloads\LSI\locales" deleted
"C:\Users\Anthony\Downloads\LSI\logs" deleted
"C:\Users\Anthony\Downloads\LSI\replays" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" deleted
"C:\Users\Anthony\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn" [04/05/2015 02:33 PM]
 
==== Chromium Look ======================
 
Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apjkpjchfbckhjhokinlgdbmibpbbjak - C:\Users\Anthony\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx[]
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Anthony\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx[03/05/2015 04:45 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apjkpjchfbckhjhokinlgdbmibpbbjak - C:\Users\Anthony\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx[]
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Anthony\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
 
Chrome Hotword Shared Module - Angie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Hide Fedora - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde
BTTV - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Google Cast - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Pushbullet - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd
SIH - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
Videostream for Google Chromecast™ - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl
Subscriptions Grid For YouTube™ - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed
Tampermonkey - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Dashlane - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg
LoungeDestroyer - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl
Decline Unavailable Trade Offers - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafaokedcfcpllcpjjkdopdpafonhpen
Steam Market - Favorite Items - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpdlcimnbahbfecmnmcpicpejbmkoho
Twitch Live - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm
Imagus - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab
CS GO Lounge Multiple Accounts - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphkofafppppgihimdikacclfepeodme
Reddit Enhancement Suite - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Chrome Hotword Shared Module - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Auto Refresh Plus - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
Enhanced Steam - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg
Flair Linker - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp
AdBlock - Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Norton Identity Protection - Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Docs - Germain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Norton Identity Protection - Germain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
==== Chromium Startpages ======================
 
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://google.ca/" ]
 
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.swagbucks.com/g/noso", "http://www.swagbucks.com/polls", "http://sc-s.com/", "http://clandevastationhvk.enjin.com/home", "https://www.youtube.com/", "http://www.surrenderat20.net/" ]
 
 
==== Chromium Fix ======================
 
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/706-156705-11896-0/4"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
HKEY_USERS\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{669695BC-A811-4A9D-8CDF-BA8C795F261C} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Angie\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Angie\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Germain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Germain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Angie\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Angie\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Anthony\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Angie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Germain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=15456 folders=1942 3978413875 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Angie\AppData\Local\Temp emptied successfully
C:\Users\Anthony\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dennis\AppData\Local\Temp emptied successfully
C:\Users\Germain\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Anthony\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 04/05/2015 at 15:45:20.38 ======================


#12 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 05 April 2015 - 08:13 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=967849ca8fb02343bfceedeb11c037c6
# engine=23247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-05 11:10:31
# local_time=2015-04-05 07:10:31 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 0 178851527 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1085565 52235124 0 0
# scanned=524192
# found=7
# cleaned=0
# scan_time=11799
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=7ADFEE068F555A9BE6276B7376E6ACF47A49A1E5 ft=1 fh=5b1a47320b91d0bf vn="Win32/HackTool.Crack.BB potentially unsafe application" ac=I fn="C:\Program Files (x86)\2K Sports\NBA 2K14\rld.dll"
sh=6ACFD1C5029E51D7620FCAA039928D614B4DADD2 ft=1 fh=7004b7bfea654582 vn="Win32/Bundled.Toolbar.Ask.L potentially unsafe application" ac=I fn="C:\zoek_backup\C_PROGRA~2_Hotspot Shield\Uninstall.exe"
sh=66A9E319FC1BA9E2FAA7406D9B7FDA6F835873EA ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Anthony_AppData_Local_CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx"
sh=58CAC1ADC63835D6D035BEAA49C7BA957C9A7F9E ft=1 fh=f76b63c0c0358233 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Anthony_AppData_Local_NativeMessaging\CT2260173\1_0_2_0\TBMessagingHost.exe"
sh=4515533AF4E133845BBFE2573FE2CB1982D34D0D ft=1 fh=39f3190ccaaabb88 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Anthony_AppData_Local_tbccint\Chrome\CT2260173\CHUninstaller.exe"
sh=19F0E6DE388FBA7AA857509537403CEBD5E8F09E ft=1 fh=281eb2f4bfcca60e vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Anthony_AppData_Local_tbccint\Chrome\CT2260173\UninstallerUI.exe"


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 06 April 2015 - 03:58 AM

Hi there,
how is the computer running?

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 DavidS139

DavidS139
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 06 April 2015 - 03:37 PM

It is running fine.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Anthony at 2015-04-06 13:15:54
Running from C:\Users\Anthony\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
altPUG (HKLM-x32\...\{4FC41018-ABBF-47A0-B917-2DA88C04DA7D}) (Version: 1.2 - altPUG LLC)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
ChromecastApp (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Dashlane) (Version: 3.2.3.77451 - Dashlane SAS)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}) (Version: 0.92.85 - Dotjosh Studios)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
DisplayFusion 7.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.0.0.0 - Binary Fortress Software)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Flux) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710a-f Product Improvement Study (HKLM\...\{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IdleMaster (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\64f315a695d36dc0) (Version: 0.7.0.3 - IdleMaster)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Livestreamer 1.12.0 (HKLM-x32\...\Livestreamer) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Browser Server (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Media Browser Server) (Version: 3.0 - Media Browser Team)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OnTopReplica (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Plex Media Server (HKLM-x32\...\{52d63919-7661-4c1c-a688-cb684f374881}) (Version: 0.9.1116 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1116 - Plex, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.48.0 - Mediatek)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.82.15 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.3.25.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2189.2 - Hi-Rez Studios)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Videostream Port Fix (HKLM-x32\...\{A36C0DAA-86C7-4D14-AEC0-86416A69ABDE}) (Version: 1.0.0 - Videostream, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Winfy (HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\5d66c283c55326db) (Version: 2.0.2.0 - Winfy)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.3.400 - Initex & AAA Internet Publishing)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
26-03-2015 18:29:16 Scheduled Checkpoint
29-03-2015 14:43:55 Checkpoint by HitmanPro
30-03-2015 16:31:00 AA11
04-04-2015 15:55:52 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-04-06 13:03 - 00002043 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03F96110-A4A7-4A95-812E-A884C2861744} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {066AF6D2-8B46-42DC-8D04-399D394AB0ED} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {079D147D-043C-460E-975C-9D397D921836} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {156067D9-5457-4F1A-8E80-FB1A633A5E9D} - System32\Tasks\{A967D9E9-BED9-4D93-8813-9A2FA33B01D4} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: {32E163F7-13AC-450D-99A6-CE60BF357D32} - System32\Tasks\{5EB04AD6-1923-40C3-9AFD-207A7EA4DF76} => pcalua.exe -a J:\setup.exe -d J:\ -c /autorun
Task: {34D876D5-AB15-433D-90D6-215551811F5D} - System32\Tasks\{998BA75A-A62F-451A-8A37-6C86E452B0B4} => pcalua.exe -a C:\Users\Anthony\AppData\Local\Roblox\Versions\version-8484f0d4199b4d0f\RobloxPlayerLauncher.exe -c -uninstall
Task: {34F7CEDA-D05C-438A-8F1D-F7C410AE450D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: {42858ED1-D4FB-4E24-833F-D549EB96D6B2} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()
Task: {5A844D38-AF41-4045-B908-7701E3CA4042} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DAE9C96-F289-43DB-BD8C-3575188FD6BE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {6241F63F-D6E6-4F4B-8B40-C4DBEFCD8B25} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {6F6D29F4-AFA7-40F4-BCA2-8BCDE53496B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {73E87636-0B4A-4362-9D18-7D6B00F8ECB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7464D8EC-863C-4834-BB46-F76C7DF92240} - System32\Tasks\HPCeeScheduleForAnthony => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {74FAF77F-41D3-4022-A9AB-1C27D2BBF992} - System32\Tasks\{D60739A4-9A8F-447A-99A6-1018C4847F71} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: {85F2CA54-7545-4411-9F56-D2B30228FCE4} - System32\Tasks\{C234EC8D-23FF-4B17-92BE-43509287DEC6} => pcalua.exe -a C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\laun...app_59711684aa47878d_0001.0021_4417046937e6ec53\Uninstaller.exe
Task: {875133B7-AA39-4813-9B3A-7EEB44B3AE7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {87C8F845-7DDA-4CE3-96E5-193756538B83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {8F916577-ACE6-46ED-B63F-8B26437BD555} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {97CA9ACD-CFFE-4C9E-88F0-D1EC03ABE952} - System32\Tasks\BaronReplays => C:\Users\Anthony\Downloads\BaronReplays\BaronReplays.exe
Task: {A7852FDE-B12C-41DD-990B-2D0308F074EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {B66ED3CB-A4A2-463B-B806-21F6C656A498} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B7FF040E-198A-4BF6-BE37-0B9D7FD40313} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {BCC76ECA-A9E9-4244-BCA4-980E64C3032C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C7CE8159-EFD9-41A9-863C-BF901A9D7685} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D3F0C65F-1384-4BAA-9EF3-2D00E1258FC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-04] (Google Inc.)
Task: {E76F2EFF-B2A2-4256-963C-BDBD442162E0} - System32\Tasks\Run LSI => C:\Users\Anthony\Downloads\LSI\LoLSummonerInfo.exe
Task: {EB0306E1-A967-498F-95E7-741159DFF7FC} - System32\Tasks\{5FECB796-E333-41A0-86B3-35141E179030} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {F28624D0-5CEA-47F5-AEDC-FFA24DECEEC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FC2D62E3-18BC-4AA2-B48B-7AC4DC7E6B82} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnthony.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-07-31 14:59 - 2014-05-31 17:55 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-04 20:24 - 2015-02-04 20:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-24 09:27 - 2015-03-24 09:27 - 00408576 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00020992 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00058368 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00016896 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00033792 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2015-03-14 01:49 - 2015-03-14 01:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2012-10-12 21:22 - 2012-10-12 21:22 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-09 10:53 - 2013-11-09 10:53 - 00120224 _____ () C:\Users\Anthony\AppData\Local\assembly\dl3\NLPJ0JJQ.LE0\1WV7BO31.O6M\5c6a8a9e\00f33f28_e1a8cd01\HPItunesModule.DLL
2014-09-25 14:38 - 2015-02-17 23:59 - 00864200 _____ () C:\Users\Anthony\Downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3db_sqlite3.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00173568 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 01080832 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00833024 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00102344 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00108488 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00030208 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-13 14:36 - 2014-03-13 14:36 - 00233984 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-02-27 11:15 - 2014-08-06 15:39 - 00563656 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-09 15:41 - 2014-08-06 15:39 - 00579016 _____ () C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-12-14 14:43 - 2014-10-28 23:59 - 01029952 _____ () C:\Windows\System32\speech\engines\tts\MSTTSEngine.dll
2014-12-14 14:42 - 2014-10-28 20:46 - 00531456 _____ () C:\Windows\System32\speech\engines\tts\MSTTSLoc.DLL
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-11 23:31 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2013-02-06 18:45 - 2012-06-07 23:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-17 17:07 - 2015-03-10 02:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-06-17 17:07 - 2015-04-02 19:02 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2014-12-02 20:29 - 2014-12-01 20:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-31 16:30 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-17 17:07 - 2015-04-02 19:02 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-13 12:52 - 2015-03-13 12:52 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 01883784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-02-05 05:20 - 2015-02-05 05:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 20:37 - 2014-08-13 20:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 20:37 - 2014-08-13 20:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-04-02 21:00 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2014-06-17 17:07 - 2015-02-24 21:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-11-14 17:16 - 2014-11-25 22:12 - 40622592 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-14 17:16 - 2014-11-25 22:12 - 00911360 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-11-14 17:16 - 2014-11-25 22:12 - 00134144 _____ () C:\Users\Anthony\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:x7MgFkacxUrTkVd98VK3IXp
AlternateDataStreams: C:\ProgramData\Microsoft:b5dbWwRzhgEfDjbrHSnus
AlternateDataStreams: C:\ProgramData\Microsoft:ROxy27RjXwOLMJfQ3up0Y9D2GsvC
AlternateDataStreams: C:\Users\Anthony\Cookies:6SGovLIzxb0x3GiXb3f3sxMQ
AlternateDataStreams: C:\Users\Anthony\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Anthony\AppData\Local\Temporary Internet Files:rRGjxb9t3UQcWP3TYzrC76Tm
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Anthony\AppData\Local\DisplayFusion\Wallpaper_1.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "RIMBBLaunchAgent.exe"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Fences"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\StartupFolder: => "Fences.lnk"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "TeamSpeak 3 Client"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "Winfy"
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\StartupApproved\Run: => "WTFast Tray"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1406094422-3886840985-1751211432-500 - Administrator - Disabled)
Angie (S-1-5-21-1406094422-3886840985-1751211432-1002 - Limited - Enabled) => C:\Users\Angie
Anthony (S-1-5-21-1406094422-3886840985-1751211432-1004 - Administrator - Enabled) => C:\Users\Anthony
Dennis (S-1-5-21-1406094422-3886840985-1751211432-1003 - Limited - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-1406094422-3886840985-1751211432-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2015 09:12:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/05/2015 04:43:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Computer)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/05/2015 04:43:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 23ec
 
Start Time: 01d06fe12c993b1a
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\wwahost.exe
 
Report Id: 74e9fd30-dbd4-11e4-819c-78e3b5baf780
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: Microsoft.WindowsLive.Mail
 
Error: (04/05/2015 04:43:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Computer)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.
 
Error: (04/05/2015 03:51:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/05/2015 03:51:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/05/2015 03:51:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/05/2015 03:50:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (04/05/2015 02:56:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x28ac
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5
 
Error: (04/05/2015 02:56:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
 
System errors:
=============
Error: (04/06/2015 01:04:25 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 01:04:25 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 01:04:25 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 01:04:25 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/06/2015 01:04:25 PM) (Source: DCOM) (EventID: 10016) (User: Computer)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ComputerAnthonyS-1-5-21-1406094422-3886840985-1751211432-1004LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/05/2015 07:13:07 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/05/2015 07:12:37 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/05/2015 03:53:54 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANGIE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46DFB8CF-A705-44DA-9B96-0D0E98EA3133}.
The master browser is stopping or an election is being forced.
 
Error: (04/05/2015 03:41:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ANGIE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{46DFB8CF-A705-44DA-9B96-0D0E98EA3133}.
The master browser is stopping or an election is being forced.
 
Error: (04/05/2015 03:28:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD A10-5800K APU with Radeon™ HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 12183.29 MB
Available physical RAM: 9164.83 MB
Total Pagefile: 14039.29 MB
Available Pagefile: 10109.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:911.27 GB) (Free:465.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.42 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6017CFC8)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Anthony (administrator) on COMPUTER on 06-04-2015 13:12:42
Running from C:\Users\Anthony\Downloads
Loaded Profiles: Anthony (Available profiles: Angie & Dennis & Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(KEMiCZA) C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe
(Flux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Anthony\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Users\Anthony\Downloads\teamspeak3-server_win64-3.0.11.2\teamspeak3-server_win64\ts3server_win64.exe
(TeamSpeak Systems GmbH) C:\Users\Anthony\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-08-02] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-24] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-02] (Valve Corporation)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [AMDToggler] => C:\Users\Anthony\Downloads\SaturationTogglerv1.2\Saturation Toggler.exe [548352 2014-06-19] (KEMiCZA)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Winfy] => C:\Users\Anthony\AppData\Local\Apps\2.0\C4XH80KH.NBR\Y5HBY5VB.PRR\winf..tion_0373d5dfee511524_0002.0000_c590cf976323fa95\Winfy.exe [349808 2014-08-12] (Maximilian Krauss)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Spotify Web Helper] => C:\Users\Anthony\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Google Update] => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-24] (Google Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [f.lux] => C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6780256 2014-12-16] (Binary Fortress Software)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Dashlane] => "C:\Users\Anthony\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Spotify] => C:\Users\Anthony\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5404296 2015-03-13] (Plex, Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\...\MountPoints2: J - "J:\setup.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710a-f.lnk -> C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-1406094422-3886840985-1751211432-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-1406094422-3886840985-1751211432-1004 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{46DFB8CF-A705-44DA-9B96-0D0E98EA3133}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-26] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-11-19] (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1406094422-3886840985-1751211432-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1406094422-3886840985-1751211432-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2015-04-06]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.swagbucks.com/g/noso", "hxxp://www.swagbucks.com/polls", "hxxp://sc-s.com/", "hxxp://clandevastationhvk.enjin.com/home", "https://www.youtube.com/", "hxxp://www.surrenderat20.net/"
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-27]
CHR Extension: (Hide Fedora) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2014-12-09]
CHR Extension: (BetterTTV) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-11-16]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-04]
CHR Extension: (Slinky Elegant) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-02-13]
CHR Extension: (Google Cast) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-24]
CHR Extension: (Adblock Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-17]
CHR Extension: (Pushbullet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-20]
CHR Extension: (Steam inventory helper) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2014-10-31]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2014-09-06]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-04]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2015-02-12]
CHR Extension: (Tampermonkey) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-06]
CHR Extension: (Timer) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-06-22]
CHR Extension: (TekSavvy Usage Meter) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchiggjpbjfgkeflpbfnnlffbpeajnof [2014-12-07]
CHR Extension: (Dashlane) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-01-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2014-10-18]
CHR Extension: (Decline Unavailable Trade Offers) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafaokedcfcpllcpjjkdopdpafonhpen [2014-10-29]
CHR Extension: (Steam Market - Favorite Items) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpdlcimnbahbfecmnmcpicpejbmkoho [2014-12-18]
CHR Extension: (Twitch Live) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-06-17]
CHR Extension: (Deathamns) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-06-17]
CHR Extension: (CS:GO Lounge Multiple Accounts) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphkofafppppgihimdikacclfepeodme [2015-02-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-10-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Auto Refresh Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2014-07-12]
CHR Extension: (Enhanced Steam) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-04]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2014-06-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-08] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-02-27] (altPUG LLC)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3075440 2014-12-16] (Binary Fortress Software)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-05-31] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [161744 2015-03-25] (RaMMicHaeL)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2013-10-04] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-03-29] ()
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-11-21] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150403.001\IDSvia64.sys [671448 2015-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150405.004\ENG64.SYS [129752 2015-03-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150405.004\EX64.SYS [2137304 2015-03-18] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2512016 2014-06-13] (MediaTek Inc.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RzDxgk; C:\windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [38240 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38368 2015-01-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-11-21] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 13:12 - 2015-04-06 13:12 - 00036194 _____ () C:\Users\Anthony\Downloads\FRST.txt
2015-04-06 13:10 - 2015-04-06 13:10 - 02095616 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe
2015-04-06 02:36 - 2015-04-06 02:36 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\livestreamer
2015-04-05 15:51 - 2015-04-05 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-05 15:50 - 2015-04-05 15:50 - 02347384 _____ (ESET) C:\Users\Anthony\Downloads\esetsmartinstaller_enu.exe
2015-04-05 15:43 - 2015-04-05 14:50 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-05 15:26 - 2015-04-05 15:26 - 2057437612 _____ () C:\Users\Public\Desktop\sample_052015_0316.zip
2015-04-05 14:56 - 2015-04-04 16:03 - 00019953 _____ () C:\zoek-results2015-04-04-200318.log
2015-04-04 17:45 - 2015-04-04 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-04-04 17:44 - 2015-04-04 17:44 - 00000000 ____D () C:\Program Files (x86)\Plex
2015-04-04 15:55 - 2015-04-05 15:45 - 00066487 _____ () C:\zoek-results.log
2015-04-04 15:50 - 2015-04-05 15:38 - 00000000 ____D () C:\zoek_backup
2015-04-04 04:12 - 2015-04-06 13:12 - 00000000 ____D () C:\FRST
2015-04-03 18:56 - 2015-04-03 18:56 - 00017963 _____ () C:\Users\Anthony\Documents\hijackthis.log
2015-04-03 02:00 - 2015-04-03 02:00 - 00000000 ____D () C:\Users\Anthony\AppData\Local\openvr
2015-04-03 01:48 - 2015-04-03 01:49 - 12927440 _____ () C:\Users\Anthony\Downloads\ts3_recording_15_04_03_1_48_1.wav
2015-04-01 12:32 - 2015-04-01 12:32 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Stardock
2015-03-31 16:05 - 2015-03-31 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 16:05 - 2015-03-31 16:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-30 22:53 - 2015-04-06 00:58 - 00933319 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-30 22:48 - 2015-04-06 13:03 - 00000770 _____ () C:\WINDOWS\setupact.log
2015-03-30 22:48 - 2015-04-05 15:44 - 00090134 _____ () C:\WINDOWS\PFRO.log
2015-03-30 22:48 - 2015-03-30 22:48 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-30 21:01 - 2015-03-30 21:41 - 00000024 _____ () C:\Users\Anthony\random.dat
2015-03-30 21:01 - 2015-03-30 21:01 - 00000046 _____ () C:\Users\Anthony\jagex_cl_oldschool_LIVE.dat
2015-03-30 21:01 - 2015-03-30 21:01 - 00000000 ____D () C:\Users\Anthony\jagexcache
2015-03-30 17:02 - 2015-03-30 17:02 - 00000000 ____D () C:\Device
2015-03-30 17:00 - 2015-03-30 17:00 - 00000000 ____D () C:\ProgramData\Doctor Web
2015-03-30 16:44 - 2015-03-30 16:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anthony\Downloads\HijackThis.exe
2015-03-30 16:34 - 2015-03-30 17:02 - 00000000 ____D () C:\Users\Anthony\Doctor Web
2015-03-30 16:32 - 2015-03-30 16:32 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\LavasoftStatistics
2015-03-30 15:28 - 2015-03-30 15:28 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-03-29 17:25 - 2015-03-29 17:25 - 00000000 _____ () C:\autoexec.bat
2015-03-29 14:49 - 2015-03-29 14:49 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-03-29 14:45 - 2015-03-29 14:45 - 00001226 _____ () C:\WINDOWS\system32\.crusader
2015-03-29 14:32 - 2015-03-29 14:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-29 14:16 - 2015-03-29 14:16 - 11028616 _____ (SurfRight B.V.) C:\Users\Anthony\Desktop\HitmanPro_x64.exe
2015-03-29 14:16 - 2015-03-29 14:16 - 02168320 _____ () C:\Users\Anthony\Desktop\adwcleaner_4.113.exe
2015-03-29 14:15 - 2015-03-29 14:15 - 01389240 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2015-03-26 03:59 - 2015-03-26 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-03-26 01:06 - 2015-03-26 01:06 - 00000000 ____D () C:\Users\Anthony\Tracing
2015-03-25 17:32 - 2015-03-29 14:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Stardock
2015-03-25 17:32 - 2015-03-25 17:32 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Stardock
2015-03-25 17:32 - 2015-03-25 17:32 - 00000000 ____D () C:\ProgramData\Stardock
2015-03-25 17:31 - 2015-03-25 17:31 - 00000000 ____D () C:\Program Files (x86)\Stardock
2015-03-25 17:28 - 2015-03-26 01:05 - 00000000 ____D () C:\ProgramData\Unchecky
2015-03-25 17:28 - 2015-03-25 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-03-25 17:28 - 2015-03-25 17:28 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-03-25 15:57 - 2015-03-25 15:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2015-03-24 22:10 - 2015-03-24 22:10 - 00001054 _____ () C:\Users\Anthony\Desktop\PBE.lnk
2015-03-20 18:07 - 2015-03-20 18:07 - 00000000 ____D () C:\Users\Anthony\Documents\My Games
2015-03-18 08:29 - 2015-03-18 08:29 - 00000000 _____ () C:\Recovery.txt
2015-03-18 04:02 - 2015-03-18 04:02 - 00000000 ____D () C:\KVRT_Data
2015-03-17 04:55 - 2015-03-17 04:55 - 00000000 ____D () C:\Users\Anthony\.tikione
2015-03-16 22:30 - 2015-03-17 01:25 - 15622194 _____ () C:\Users\Anthony\Documents\123.psd
2015-03-14 01:49 - 2015-03-14 01:49 - 00009728 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
2015-03-10 18:48 - 2015-04-03 03:24 - 65416909 _____ () C:\Users\Anthony\Downloads\The_Avengers+alvin+lee-colouring.psd
2015-03-10 16:24 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 16:24 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 16:24 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 16:24 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 16:24 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 16:24 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 16:24 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-10 16:24 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 16:24 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-10 16:24 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 16:23 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 16:23 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 16:23 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 16:23 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 16:23 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 16:23 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 16:23 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 16:23 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 16:23 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 16:23 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 16:23 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 16:23 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 16:23 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 16:23 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 16:23 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 16:23 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 16:23 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 16:23 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 16:23 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 16:23 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 16:23 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 16:23 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 16:23 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 16:23 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 16:23 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 16:23 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 16:23 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 16:23 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 16:23 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 16:23 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 16:23 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 16:23 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 16:23 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 16:23 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 16:23 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 16:23 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 16:23 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 16:23 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 16:23 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 16:23 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 16:23 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 16:23 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 16:23 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 16:23 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-10 16:23 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 16:23 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-10 16:23 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-10 16:23 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 16:23 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-10 16:23 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 16:23 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-10 16:23 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-10 16:23 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 16:23 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 16:23 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 16:23 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-10 16:23 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-10 16:23 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-10 16:23 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 16:23 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 16:23 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 16:23 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-10 16:23 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 16:23 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-10 16:23 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 16:23 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 16:23 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-10 16:23 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 16:23 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 16:23 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 16:23 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-10 16:23 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 16:23 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 16:23 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-10 16:23 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-10 16:23 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 16:23 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-10 16:23 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-10 16:23 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 16:23 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 16:23 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 16:23 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 16:23 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 16:23 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-10 16:23 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 16:23 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 16:23 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 16:23 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-10 16:23 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 16:23 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 16:23 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 16:23 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 16:23 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 16:23 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-07 18:18 - 2015-04-04 17:22 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00001061 _____ () C:\Users\Public\Desktop\qBittorrent.lnk
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\Users\Anthony\AppData\Local\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-07 18:18 - 2015-03-07 18:18 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 13:15 - 2013-11-24 05:45 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A4132109-15E5-4A0F-B001-B6CD88768C3F}
2015-04-06 13:12 - 2015-02-18 00:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-04-06 13:12 - 2014-08-24 18:55 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004UA.job
2015-04-06 13:12 - 2013-04-06 21:38 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\TS3Client
2015-04-06 13:09 - 2014-11-30 21:41 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ClassicShell
2015-04-06 13:06 - 2014-05-10 18:55 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Raptr
2015-04-06 13:04 - 2014-05-16 17:43 - 00000000 ____D () C:\Users\Anthony\AppData\Local\LogMeIn Hamachi
2015-04-06 13:04 - 2013-05-22 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-06 13:03 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-06 03:52 - 2013-08-22 09:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-06 03:37 - 2014-12-06 03:32 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2015-04-06 03:35 - 2014-01-17 22:38 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-06 03:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-06 02:58 - 2013-04-04 17:13 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 02:37 - 2015-03-03 00:15 - 00000056 _____ () C:\Users\Anthony\Desktop\Twitch Stream.bat
2015-04-05 22:11 - 2014-08-24 18:54 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1406094422-3886840985-1751211432-1004Core.job
2015-04-05 19:12 - 2013-04-05 08:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1406094422-3886840985-1751211432-1004
2015-04-05 18:00 - 2014-11-01 22:03 - 00000000 ____D () C:\Program Files (x86)\DisplayFusion
2015-04-05 14:56 - 2013-10-15 20:53 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2015-04-05 14:40 - 2014-11-15 01:36 - 00003242 _____ () C:\WINDOWS\System32\Tasks\Run LSI
2015-04-04 14:53 - 2013-12-26 07:55 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAnthony.job
2015-04-03 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-03 22:43 - 2014-08-12 12:18 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Spotify
2015-04-03 22:18 - 2014-08-12 12:19 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Spotify
2015-04-03 22:18 - 2013-05-27 19:46 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Skype
2015-04-03 19:33 - 2013-12-26 07:55 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnthony
2015-04-03 16:27 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-03 03:25 - 2014-08-12 12:19 - 00001865 _____ () C:\Users\Anthony\Desktop\Spotify.lnk
2015-04-03 03:25 - 2014-08-12 12:19 - 00001851 _____ () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-03 02:00 - 2014-12-26 01:37 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Plex Media Server
2015-04-03 00:59 - 2013-11-17 14:20 - 00001734 _____ () C:\Users\Anthony\Desktop\Single Minecraft.txt
2015-04-02 21:55 - 2014-01-04 03:36 - 00001486 _____ () C:\Users\Anthony\Desktop\Tags.txt
2015-04-02 17:53 - 2014-11-01 23:02 - 00001720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2015-04-02 17:53 - 2014-11-01 23:02 - 00000000 ____D () C:\Program Files\Rainmeter
2015-04-02 17:53 - 2014-11-01 21:48 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Rainmeter
2015-04-01 21:13 - 2014-05-10 18:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-01 16:43 - 2014-02-14 17:38 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Deployment
2015-04-01 15:37 - 2013-04-04 17:13 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Apps\2.0
2015-04-01 13:03 - 2014-12-19 17:34 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\ClassicShell
2015-04-01 12:57 - 2013-04-04 17:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1406094422-3886840985-1751211432-1002
2015-04-01 12:53 - 2014-12-09 11:42 - 00000000 ____D () C:\Users\Angie\AppData\Roaming\Raptr
2015-04-01 12:37 - 2013-11-17 08:33 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{642179AA-6CE2-4B8C-B7FD-2F8394648329}
2015-04-01 12:32 - 2014-09-04 07:35 - 00000000 ____D () C:\Users\Angie\AppData\Local\LogMeIn Hamachi
2015-03-30 22:56 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Anthony
2015-03-30 16:48 - 2013-04-04 17:11 - 00000000 ____D () C:\Users\Anthony\AppData\Local\VirtualStore
2015-03-30 16:36 - 2014-12-20 05:03 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 14:19 - 2014-11-23 23:42 - 00000000 ____D () C:\AdwCleaner
2015-03-27 19:51 - 2013-04-12 19:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-26 16:44 - 2014-08-16 02:00 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2015-03-26 16:42 - 2014-01-17 22:38 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-26 16:32 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-03-26 01:05 - 2013-05-27 19:46 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 01:04 - 2014-10-13 18:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-25 15:52 - 2014-11-25 18:42 - 00002341 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-03-25 15:52 - 2014-11-25 18:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-03-25 15:52 - 2013-04-06 21:12 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-03-25 15:52 - 2013-04-06 21:12 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2015-03-20 04:21 - 2014-10-19 14:16 - 00129136 _____ () C:\Users\Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-19 16:53 - 2014-10-17 20:58 - 05186032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-19 05:16 - 2014-11-19 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-19 04:40 - 2015-01-26 15:27 - 00000000 ____D () C:\WINDOWS\SysWOW64\DCS
2015-03-19 04:35 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Dennis
2015-03-19 04:35 - 2013-11-09 03:22 - 00000000 ____D () C:\Users\Angie
2015-03-19 04:34 - 2013-02-06 18:57 - 00000000 ____D () C:\ProgramData\Norton
2015-03-19 04:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-19 04:27 - 2013-04-04 17:13 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Google
2015-03-17 04:51 - 2015-02-15 20:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-17 01:26 - 2014-04-08 15:43 - 00000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CC Prefs
2015-03-16 22:08 - 2013-09-30 00:04 - 00960608 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-14 05:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 13:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 13:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 16:39 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 16:38 - 2013-04-06 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 16:27 - 2013-08-14 20:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 16:18 - 2013-04-06 21:20 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-04-08 15:43 - 2015-03-17 01:26 - 0000132 _____ () C:\Users\Anthony\AppData\Roaming\Adobe PNG Format CC Prefs
2013-05-07 10:12 - 2014-10-10 21:01 - 0050176 _____ () C:\Users\Anthony\AppData\Roaming\RZR_00705a5c4653a60426e5fc30d0dc.db
2014-02-19 17:41 - 2014-02-19 17:41 - 158105199 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_4_1_351.zip.aamdownload
2014-02-19 17:41 - 2014-02-19 17:41 - 0001943 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_4_1_351.zip.aamdownload.aamd
2013-12-26 07:57 - 2015-01-25 03:31 - 0007609 _____ () C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg
2013-12-01 23:45 - 2013-12-01 23:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-13 18:03 - 2014-05-13 18:04 - 0000688 _____ () C:\ProgramData\csgobm.project
2014-05-13 18:03 - 2014-05-13 18:04 - 0000146 _____ () C:\ProgramData\csgobm2.project
2014-05-13 17:52 - 2014-05-13 17:52 - 0000097 _____ () C:\ProgramData\csgobmsettings.ini
2013-05-13 17:21 - 2014-02-14 17:45 - 0001349 _____ () C:\ProgramData\hpzinstall.log
2013-04-04 16:20 - 2013-04-04 16:20 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Anthony\jagex_cl_oldschool_LIVE.dat
C:\Users\Anthony\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-05 19:12
 
==================== End Of Log ============================


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:30 AM

Posted 06 April 2015 - 03:44 PM

I am hearing random ads from my computer even though everything is closed. Its getting really annoying.


What about the audio ads?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users