Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ads Playing in the Background


  • This topic is locked This topic is locked
16 replies to this topic

#1 skyferlfc

skyferlfc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 05 July 2015 - 10:56 PM

Hi! I am running Windows 8.1 and for the past week or so random ads have been playing in the background of my computer. I tried Malwarebytes and it found nothing. I have attached my FRST scans. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Amy (administrator) on XABI on 05-07-2015 23:47:44
Running from C:\Users\Amy\Downloads
Loaded Profiles: Amy &  (Available Profiles: Amy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ConsumerSoft) C:\Program Files (x86)\ConsumerSoft\Broken Shortcut Fixer\BrokenShortcutFixer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-04-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-04-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Bluetooth Mouse Z6000] => C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\HP Bluetooth Mouse Z6000.exe [1728512 2013-09-18] (hp)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [BitTorrent] => C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-14] (Google Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe [1381208 2014-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-14] (Google Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk -> C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk -> C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-13] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{55214981-142E-4142-A515-662667940D2D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8E9ACE10-475E-4D4F-87CB-1F6FCDDB6CC1}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-05] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: leethax.net extension - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default\Extensions\leethax@leethax.net.xpi [2015-01-13]

Chrome:
=======
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Mancala) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-09-02]
CHR Extension: (2048) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Trivia Crack Game Winner) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmbcbgcaghggmlpfnapchmielgdnedi [2015-04-17]
CHR Extension: (AdBlock) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (Flood-It!) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp [2014-10-20]
CHR Extension: (Happy Wheels) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2014-10-20]
CHR Extension: (Isoball 3) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-10-20]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Need for Speed World) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-10-20]
CHR Extension: (Trivia Cracker) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaoffaaolfohpleklnbmhbndphfgeef [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Sinuous) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-13] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-03] (Intel Corporation)
S2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3262288 2014-04-15] (INCA Internet Co., Ltd.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-04-03] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 SDScannerService; No ImagePath
S2 SDUpdateService; No ImagePath
S2 SDWSCService; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-15] (Disc Soft Ltd)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-15] (GenesysLogic)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-17] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 23:47 - 2015-07-05 23:48 - 00029795 _____ C:\Users\Amy\Downloads\FRST.txt
2015-07-05 23:47 - 2015-07-05 23:47 - 02112512 _____ (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2015-07-05 23:47 - 2015-07-05 23:47 - 00000000 ____D C:\FRST
2015-07-05 23:40 - 2015-07-05 23:40 - 00971616 _____ C:\Users\Amy\Downloads\Install Broken Shortcut Fixer.exe
2015-07-05 23:40 - 2015-07-05 23:40 - 00001227 _____ C:\Users\Amy\Desktop\Broken Shortcut Fixer.lnk
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Broken Shortcut Fixer
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Program Files (x86)\ConsumerSoft
2015-07-05 23:35 - 2015-07-05 23:35 - 00000207 _____ C:\windows\tweaking.com-regbackup-XABI-Windows-8.1-(64-bit).dat
2015-07-05 23:35 - 2015-07-05 23:35 - 00000000 ____D C:\RegBackup
2015-07-05 23:34 - 2015-07-05 23:34 - 02953798 _____ (Malwarebytes Corporation) C:\Users\Amy\Downloads\JRT.exe
2015-07-05 23:32 - 2015-07-05 23:36 - 00001460 _____ C:\Users\Amy\Desktop\Rkill.txt
2015-07-05 23:32 - 2015-07-05 23:32 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill.exe
2015-07-05 23:32 - 2015-07-05 23:32 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill64.exe
2015-07-05 23:31 - 2015-07-05 23:31 - 02244096 _____ C:\Users\Amy\Downloads\AdwCleaner.exe
2015-07-05 23:27 - 2015-07-05 23:27 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (2).exe
2015-07-05 23:26 - 2015-07-05 23:26 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (1).exe
2015-07-05 23:24 - 2015-07-05 23:25 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix.exe
2015-07-05 23:24 - 2015-07-05 23:24 - 00000000 _____ C:\windows\WindowsUpdate.log
2015-07-05 21:53 - 2015-07-05 21:53 - 01705984 _____ (GamingOnSteroids) C:\Users\Amy\Downloads\Loader.exe
2015-07-05 21:53 - 2015-07-05 21:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\GamingOnSteroids
2015-07-05 21:48 - 2015-07-05 22:15 - 00000000 ____D C:\KVRT_Data
2015-07-05 21:46 - 2015-07-05 21:48 - 102934688 _____ (Kaspersky Lab ZAO) C:\Users\Amy\Downloads\KVRT.exe
2015-07-05 21:46 - 2015-07-05 21:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-05 21:29 - 2015-07-05 21:29 - 00717656 _____ (Kaspersky Lab) C:\Users\Amy\Downloads\setup (1).exe
2015-07-05 21:29 - 2015-07-05 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-07-05 21:26 - 2015-07-05 21:26 - 04176437 _____ C:\Users\Amy\Downloads\tdsskiller.zip
2015-07-05 21:23 - 2015-07-05 21:41 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-07-05 21:18 - 2015-07-05 21:19 - 03080760 _____ (Blizzard Entertainment) C:\Users\Amy\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-07-03 18:17 - 2015-07-05 23:32 - 00000000 ____D C:\AdwCleaner
2015-07-03 18:17 - 2015-07-03 18:17 - 02244096 _____ C:\Users\Amy\Downloads\adwcleaner_4.207.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2015-06-15 18:18 - 2015-06-15 18:18 - 00511078 _____ C:\Users\Amy\Downloads\bccalcet02_xl_0901.cdf
2015-06-13 21:33 - 2015-06-13 21:33 - 00822248 _____ (MurGee.com ) C:\Users\Amy\Downloads\setup.exe
2015-06-13 21:31 - 2015-06-13 21:31 - 00478760 _____ (Advanced Mouse Auto Clicker ltd. ) C:\Users\Amy\Downloads\FreeMouseAutoClicker.exe
2015-06-13 21:11 - 2015-06-13 21:11 - 00638976 _____ C:\Users\Amy\Downloads\Detection (1).msi
2015-06-13 21:10 - 2015-06-13 21:10 - 00638976 _____ C:\Users\Amy\Downloads\Detection.msi
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\ProgramData\BitRaider
2015-06-13 13:32 - 2015-07-05 21:33 - 00000000 ____D C:\Wooxy
2015-06-13 13:31 - 2015-06-13 13:31 - 07725313 _____ C:\Users\Amy\Downloads\WooxySetup.zip
2015-06-13 13:30 - 2015-06-13 13:30 - 01867023 _____ C:\Users\Amy\Downloads\sfmod - summonerfactory.net - 1.3.wxy
2015-06-13 13:18 - 2015-06-13 13:18 - 02186919 _____ C:\Users\Amy\Downloads\SummonerFactoryClient.zip
2015-06-13 12:56 - 2014-08-18 01:14 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts.20150613-125604.backup
2015-06-12 19:22 - 2015-06-12 19:22 - 00000000 ____D C:\Users\Amy\AppData\Local\Overwolf
2015-06-12 15:48 - 2015-06-12 15:48 - 00001806 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-12 15:48 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Program Files\iPod
2015-06-12 14:58 - 2015-06-12 14:58 - 03272136 _____ (Secunia) C:\Users\Amy\Downloads\PSISetup.exe
2015-06-12 14:58 - 2015-06-12 14:58 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-06-12 14:53 - 2015-06-12 14:53 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-06-12 14:52 - 2015-06-12 14:53 - 02097712 _____ C:\Users\Amy\Downloads\AppManagerSetup_2.0.exe
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\SysWOW64\NV
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\system32\NV
2015-06-11 19:59 - 2015-05-28 03:04 - 42719888 _____ C:\windows\system32\nvcompiler.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 37741712 _____ C:\windows\SysWOW64\nvcompiler.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 30480528 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 17486856 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-06-11 19:59 - 2015-05-28 03:04 - 02986392 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6435306.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6435306.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2015-06-11 19:59 - 2015-05-28 03:04 - 00031560 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2015-06-11 19:59 - 2015-05-28 03:04 - 00030966 _____ C:\windows\system32\nvinfo.pb
2015-06-11 19:52 - 2015-06-11 19:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-11 19:52 - 2015-04-03 09:21 - 00048784 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2015-06-11 19:52 - 2015-04-03 09:21 - 00038032 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2015-06-11 19:41 - 2015-06-11 19:41 - 05740800 _____ (Innovative Solutions ) C:\Users\Amy\Downloads\drivermax_7_59_cnet.exe
2015-06-11 19:34 - 2015-06-11 19:35 - 06552640 _____ (Piriform Ltd) C:\Users\Amy\Downloads\ccsetup506pro.exe
2015-06-10 15:06 - 2015-06-10 15:06 - 15537773 _____ C:\Users\Amy\Downloads\MTS_Pinkstorm25_1525134_Alesso_AnchorPinkstorm25.rar
2015-06-09 13:49 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-09 13:49 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-09 13:49 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-09 13:49 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-09 13:49 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-09 13:49 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-09 13:49 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-09 13:49 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-09 13:49 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-09 13:49 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-09 13:49 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-09 13:49 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-09 13:49 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-09 13:49 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-09 13:49 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-09 13:49 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-09 13:49 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-09 13:49 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-09 13:49 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-09 13:49 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-09 13:49 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-09 13:49 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-09 13:49 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-09 13:49 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-09 13:49 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-09 13:49 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-09 13:49 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-09 13:49 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-09 13:49 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-09 13:49 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-09 13:49 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-09 13:49 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-09 13:49 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-09 13:49 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-09 13:49 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-09 13:49 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-09 13:49 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-09 13:49 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-09 13:49 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-09 13:49 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-09 13:49 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-09 13:49 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-09 13:49 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-09 13:49 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-09 13:49 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-09 13:49 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-09 13:49 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-09 13:49 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-09 13:49 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-09 13:49 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-09 13:49 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-09 13:49 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-09 13:49 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-09 13:49 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-09 13:49 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-09 13:49 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-09 13:49 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-09 13:49 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-09 13:49 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-09 13:49 - 2015-04-08 18:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-09 13:49 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-09 13:49 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-09 13:49 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-09 13:49 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-09 13:49 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-09 13:49 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-09 13:49 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-09 13:49 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-09 13:49 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-09 13:49 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-09 13:49 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 13:49 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-09 13:49 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-09 13:49 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-09 13:49 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-09 13:49 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-09 13:49 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-09 13:49 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-09 13:49 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-09 13:49 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-09 13:49 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-08 18:25 - 2015-06-08 18:25 - 00009049 _____ C:\Users\Amy\Downloads\FBAutoLiker.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 23:48 - 2014-09-07 14:54 - 00000000 ____D C:\Users\Amy\Desktop\Papers
2015-07-05 23:48 - 2014-05-22 10:26 - 00000000 ____D C:\Users\Amy\Desktop\Stuff
2015-07-05 23:48 - 2014-04-29 18:41 - 00000000 ____D C:\Users\Amy\Desktop\Games
2015-07-05 23:38 - 2015-04-14 14:28 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job
2015-07-05 23:35 - 2014-04-03 04:47 - 00010752 _____ C:\windows\system32\VfService.trf
2015-07-05 23:26 - 2014-04-23 17:55 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358433092-2061095435-3189857472-1002
2015-07-05 23:23 - 2014-05-28 22:20 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 23:19 - 2014-05-26 15:15 - 00000000 ____D C:\Users\Amy\AppData\Roaming\TS3Client
2015-07-05 23:19 - 2014-04-23 18:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-05 23:12 - 2014-04-30 15:44 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 23:02 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-07-05 23:01 - 2014-07-15 11:36 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 21:53 - 2015-02-13 13:39 - 00000000 ____D C:\Users\Amy\AppData\Local\Battle.net
2015-07-05 21:47 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Guest
2015-07-05 21:46 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Administrator
2015-07-05 21:46 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-05 21:19 - 2015-02-13 13:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-05 21:17 - 2014-10-17 18:55 - 00011719 _____ C:\windows\SysWOW64\Gms.log
2015-07-05 06:08 - 2014-04-24 10:25 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 20:01 - 2015-05-06 14:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 19:34 - 2014-04-28 20:02 - 00000000 ____D C:\Users\Amy\AppData\Local\Force_Project_X
2015-07-03 18:58 - 2014-11-14 19:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KongHack
2015-07-03 18:58 - 2014-04-23 17:58 - 00000000 ____D C:\Users\Amy\AppData\Local\Deployment
2015-07-03 18:49 - 2014-07-15 11:36 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-03 18:49 - 2014-04-23 17:54 - 00000000 ___DO C:\Users\Amy\SkyDrive
2015-07-03 18:24 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-03 18:23 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-03 18:18 - 2014-04-23 20:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype
2015-06-27 12:56 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-27 11:38 - 2015-04-14 14:28 - 00000858 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job
2015-06-23 22:32 - 2015-05-18 20:46 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 19:12 - 2015-04-28 21:02 - 00000080 _____ C:\Users\Amy\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-23 15:12 - 2014-04-30 15:44 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-22 15:03 - 2014-07-15 11:36 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-19 23:02 - 2015-03-18 17:39 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2015-03-18 17:39 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2014-05-28 22:20 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 21:11 - 2014-05-27 12:34 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-06-13 21:03 - 2014-11-13 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-13 20:57 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-06-13 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-13 12:26 - 2014-04-23 18:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-13 12:20 - 2015-02-17 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-06-13 12:19 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 12:15 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-13 12:08 - 2015-02-17 21:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-13 11:58 - 2014-09-12 11:31 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-13 11:55 - 2014-04-23 17:53 - 00002321 _____ C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-06-13 11:37 - 2013-08-22 10:44 - 00497064 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-13 11:33 - 2015-04-16 15:08 - 00000000 ____D C:\windows\system32\appraiser
2015-06-13 11:33 - 2015-03-18 17:30 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-12 15:46 - 2014-09-13 11:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-12 15:46 - 2014-04-23 19:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-12 15:37 - 2015-02-26 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-12 15:20 - 2015-02-17 21:19 - 00000000 ____D C:\windows\SysWOW64\1033
2015-06-12 15:14 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\MSBuild
2015-06-12 15:02 - 2015-04-20 14:02 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2015-06-12 15:01 - 2014-07-12 18:55 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2015-06-12 14:42 - 2014-04-03 04:17 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 19:59 - 2014-04-03 04:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-11 19:35 - 2014-06-28 11:59 - 00000000 ____D C:\Program Files\CCleaner
2015-06-11 12:24 - 2014-07-11 20:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 12:22 - 2014-07-11 20:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-09 14:44 - 2013-08-22 09:25 - 00000167 _____ C:\windows\win.ini
2015-06-09 14:30 - 2014-04-23 19:56 - 00000000 ____D C:\windows\system32\MRT
2015-06-09 14:03 - 2014-04-23 19:56 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-07 11:39 - 2014-04-29 19:58 - 00000000 ____D C:\Users\Amy\AppData\Local\Spotify
2015-06-07 11:39 - 2014-04-23 20:24 - 00000000 ____D C:\ProgramData\Skype
2015-06-07 11:33 - 2014-04-29 19:58 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Spotify

==================== Files in the root of some directories =======

2014-06-03 13:04 - 2014-06-03 13:04 - 0159200 _____ () C:\Users\Amy\AppData\Roaming\CrashRpt1402.dll
2014-04-23 18:34 - 2014-07-25 19:04 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Amy\AppData\Roaming\msvcr90-ruby191.dll
2015-05-25 17:16 - 2015-04-03 22:05 - 0034816 _____ () C:\Users\Amy\AppData\Roaming\wnsync.exe
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\58a82eb3-9706-461b-829b-901aa8e8ae8a.dat
2014-04-23 17:57 - 2014-04-23 17:57 - 0000694 _____ () C:\Users\Amy\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000278 _____ () C:\Users\Amy\AppData\Local\bcbe872f-bcfd-4092-b42b-fde17ba9353c.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\dd1476be-8a7f-4fa9-96b6-43f4d84c52c3.dat
2015-02-26 22:50 - 2015-05-15 20:34 - 0000273 _____ () C:\Users\Amy\AppData\Local\devcpp.cfg
2015-02-26 22:50 - 2015-05-15 20:34 - 0004515 _____ () C:\Users\Amy\AppData\Local\devcpp.ini
2014-07-14 20:03 - 2014-07-14 20:03 - 0000017 _____ () C:\Users\Amy\AppData\Local\resmon.resmoncfg
2014-05-24 21:19 - 2014-05-24 21:19 - 0000003 _____ () C:\Users\Amy\AppData\Local\updater.log
2014-05-24 21:19 - 2015-04-23 21:40 - 0000424 _____ () C:\Users\Amy\AppData\Local\UserProducts.xml
2014-04-03 04:25 - 2014-04-03 04:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Amy\AppData\Local\Temp\Quarantine.exe
C:\Users\Amy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-27 12:52

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Amy at 2015-07-05 23:48:51
Running from C:\Users\Amy\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2358433092-2061095435-3189857472-500 - Administrator - Disabled)
Amy (S-1-5-21-2358433092-2061095435-3189857472-1002 - Administrator - Enabled) => C:\Users\Amy
Guest (S-1-5-21-2358433092-2061095435-3189857472-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backyard Baseball 2003 (HKLM-x32\...\Backyard Baseball 2003) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.36804 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Shortcut Fixer (HKLM-x32\...\{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}) (Version: 1.2 - ConsumerSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Draw a Stickman: EPIC (HKLM-x32\...\Steam App 248650) (Version:  - Hitcents)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Bluetooth Mouse Z6000 (HKLM-x32\...\InstallShield_{CC9202D3-8CD8-4A2F-A345-69B1C577E9B7}) (Version: 1.03 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.28 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b7a9966b-b4d6-468e-9f50-ecf4ac2c6ce4}) (Version: 2.0.0.28 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
KH Ultra Trainer - 1  (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4f344c4511ef18b2) (Version: 0.1.0.64 - KongHack)
KH Ultra Trainer - 1  (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4f344c4511ef18b2) (Version: 0.1.0.64 - KongHack)
KH Ultra Trainer (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4a13cfb01a135aa3) (Version: 0.1.0.46 - KongHack)
KH Ultra Trainer (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\4a13cfb01a135aa3) (Version: 0.1.0.46 - KongHack)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7319 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.7.28.300918 - Linden Research, Inc.)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Spotify (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.12 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{EC23C932-CA24-4AEA-A7C4-285AF81BDD0A}) (Version: 6.1.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 + Expansions Uninstaller (HKLM-x32\...\The Sims™ 3 + Expansions Uninstaller) (Version: 1.0.0.14 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Unity Web Player (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinASO Registry Optimizer 4.8.6 (HKLM-x32\...\WinASO Registry Optimizer PreActivated_is1) (Version: 4.8.6 - X.M.Y International LLC)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

13-06-2015 20:57:03 Windows Update
22-06-2015 22:40:43 Scheduled Checkpoint
27-06-2015 12:52:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-06-13 12:56 - 00450831 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A7231F-B150-4E86-A9D1-D592C0655B41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {0FD133B6-40CB-4730-B9A4-A7C1B04297F1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {12335939-2325-4210-ABBD-6B22E0A69298} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {1866DE08-5162-4FF6-9DB5-A732F6F8BDB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1BFE8369-AEEB-4DFF-8F76-0F32D3003D1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3DD4374F-5630-4B6D-BD18-26926ECD5F14} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {412B151E-434E-4864-9365-E49B24EB7F9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5D2E7E50-0505-46C0-8DAC-9C45DC1B1F12} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5F37F952-F4C7-457C-AA01-49177BE6F541} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {66D55DBD-6CBF-41C4-807D-649E04351DF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {75E05F72-8BF5-4171-BD04-D2F3AAC344F7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {7C2404A2-6923-4A90-9B7B-89280539EC24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {80F594AF-C4E6-45A3-B960-A181B3583A33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8912A4F4-AFDA-4085-8D6C-33C02E345F89} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8FCB59EE-C3CA-43EB-ADC3-3CBC7E16967F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {95172305-FD4D-4629-8B9F-F6B52528CCE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {AD753E9A-8369-424B-9A81-2F7652065F0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B436F487-E3BD-4746-8241-E36131FB96AF} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {C064A030-0192-491A-BE7E-5520D7A4145B} - System32\Tasks\{A179935A-F554-4CEF-BB43-5AFD5756BA0A} => pcalua.exe -a "C:\Users\Amy\AppData\Local\BeAnywhere Support Express\Console\uninstall.exe"
Task: {D0C1BCFA-E92F-49EF-8370-08B5C1E815E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF4DCE0B-76E3-46F2-ABC6-271EB538B84E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.)
Task: {F8FA1C0F-AB00-4AE5-B380-1B64D2097BE9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {FBBFE3C9-6514-40E9-AA80-F6E1230982C9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-17] (Synaptics Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-03 04:16 - 2015-05-28 03:04 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-20 15:44 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-22 15:03 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 15:03 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2014-05-10 11:18 - 2015-05-28 03:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-06-22 15:03 - 2015-06-20 01:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Amy\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy\Desktop\Games\10662161_10152881997247573_9191760896245893973_o.jpg
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy\Desktop\Games\10662161_10152881997247573_9191760896245893973_o.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax_RESTART"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DriverMax_RESTART"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DriverMax"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D4677FE9-F923-49D3-A3FA-20613049108E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9F81D054-C5E1-454B-90E7-F92BFA47F1DE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{79FB44F9-60CA-455D-A233-7276932B3B66}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F01405F1-6F76-46F0-8816-0ADD7CC990D7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{266E0531-5476-4FCD-BF3D-66620B767F5F}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C99F6E10-E091-4542-BA31-2973B6D3D8AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{029BDBE7-29E0-4425-9D83-1776AFFF1E0C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{56FC4E64-1CF1-419E-A5CE-D812D64C8543}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{575F1D4C-9736-444F-846B-F6249C5BCADB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DEE2D58E-55A1-461D-BB3C-91D83A6701E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FA9B0A89-0312-4CBE-A16A-DEFA5CD3BDA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5BA66EED-9AF9-4536-9377-681DB6423B63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3717C9A8-74B0-4F7E-8C8E-0B0B57770C19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62B27B86-A3E0-458A-BB3E-1AFF99E62E5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB88F2F-4298-4CF5-A514-C258DB55C88A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD230377-15EA-4C12-873F-96CEFE1FDF74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{BE5CCC6C-EA4D-4FB3-B65B-885CA2AD0E6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{3D656F1B-5BC6-4F6B-8313-5C53B5FA1201}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DB74A36F-873F-46E6-B081-35C3262C185D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [TCP Query User{90FA4542-487D-4537-821B-41A870A8F355}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52F3D906-C7B9-463A-89A2-1DBCFBC77F84}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{024BE309-B9C7-45F4-A2DD-CA902F33399B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A77FD11-D850-48AD-B3CB-23C219B7809E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{43F6CA77-255C-4BF0-ADC0-365720D65654}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F8FFE96A-B65C-481A-AD94-C4818DA5DCE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D9FCD74F-F89B-4767-9524-707B715D1ABB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{62027D37-D4A1-4F1E-9F7B-3995BA2BF660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F3AC2C44-38E8-429C-B9E2-2AF49F4B49BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF55470D-A488-4FAA-ADE4-B768BB2A1E87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF0A49D6-B5CE-4CB9-BA60-D426A854B96B}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0A00DDE0-1954-4E70-B7F7-454B56E9CFC1}] => (Allow) C:\Users\Amy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B171651F-9D07-4402-BBD9-5820E525C9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{D608111E-93F1-4902-A7C4-877489702222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{C202C5AC-9508-4DF2-A1FA-3CF5001409F7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{414C8EEA-9902-4E80-AB39-C1C9363CF7BD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1D3BEDDF-73E0-41DD-ABA9-750823060F91}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5EAC2EA0-215E-4A1F-896F-C28602A83BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{FE8F8F0A-78DA-459B-9494-519E298F2F1D}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{008CDA3E-F597-4F7F-969D-C68DB98C7394}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DFE42CD9-FE7D-4878-8A3C-353807C6FA0A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4882DD8B-45B2-4D50-8D2E-569ACFB4E812}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DAE4C8D4-E364-4386-A73F-899CF225C7AC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CCC1F85F-D083-4D0E-A540-E97BE38E4FD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{6B9C3897-9624-4818-AFBB-F89BA5917CBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{74962AFC-0365-48D4-B96B-7CB818DF5188}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [{3C262D8F-1BB7-44E1-B526-D1D230BACC45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [TCP Query User{8E73CCE6-2803-4259-8378-BD94A49CAEFA}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11705B98-E823-48FE-BE93-06F9275B833B}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{50C527BC-1828-4723-88AF-D3E4ECBE56F0}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EADAAC2F-0CDD-4AEB-9B39-E2AD0A77DF55}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{81E12C30-55CB-40FE-9A8C-66D1747A7F9E}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6EB3F19A-079B-4C06-AC39-61270C318BA9}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{68F71991-F8AF-4532-A011-DD196F5BF832}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{83EB1959-CFC8-4127-B468-745FEBEB1668}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{5FD2DF4B-1CE7-463F-9E65-EC351297AED1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D80433E8-1873-4568-BF28-52F80EF0C43F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3F7BE168-DEDB-4C75-A024-E6579A07F81B}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C01596B2-BE87-4219-B274-A3610D1933E9}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{73543D94-A01F-4FAF-9995-D07952FC08DD}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{A70DADB1-199A-434C-8653-095EA3B487E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{812EFAD5-AFE4-4B58-B090-2645E9A24D1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{417D2ADF-4103-4C26-ADE8-5B5235607070}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6C9765D0-792C-4FF7-BCCB-EC96EE762D35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{C4AE856B-7C7B-447C-A8F4-3DAA89662CAC}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{585E1375-2093-43EC-9913-3B09FBA0BB32}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{81BBD822-02E7-4BB0-9AD3-8B9BA69FC649}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D545C654-8C3A-4625-A8C8-24633678B9FF}C:\users\amy\desktop\stuffᐄ.exe] => (Allow) C:\users\amy\desktop\stuffᐄ.exe
FirewallRules: [UDP Query User{23706A25-8EDA-4BA5-819F-7DEB32D8A1F9}C:\users\amy\desktop\stuffᐄ.exe] => (Allow) C:\users\amy\desktop\stuffᐄ.exe
FirewallRules: [{74E9E080-9D45-480F-8B7C-AE2404A61B79}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D764D10-FCAF-4102-9FCD-0BCC741256B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{48FAD2FE-0662-4230-A756-E91DF4D1B2D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1E41672-13B1-4550-9DCA-C1374605B1B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{46E1C4E5-0CD4-4833-A298-D7E4EBA7A5CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{541D89ED-9738-4D54-9448-3092DBBC3186}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{1D15657F-7BA6-4270-9346-124109A5DB79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{0CC28346-5101-4AD1-BEAC-D08D21871B12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{82CBA9CB-4F59-4587-9110-372282A53A71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDBF67F8-EF73-4F7B-AD50-83E334181E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{76CF9A0A-5967-4615-869F-1EDC90A6E4DE}C:\users\amy\desktop\stuffᐅ.exe] => (Allow) C:\users\amy\desktop\stuffᐅ.exe
FirewallRules: [UDP Query User{9A1686C7-FBDD-4009-A638-A2DA2E6DDC67}C:\users\amy\desktop\stuffᐅ.exe] => (Allow) C:\users\amy\desktop\stuffᐅ.exe
FirewallRules: [{7156BA7E-AF03-4CB5-A9C2-81998D56D8BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3055E582-D9D6-4C26-9358-0408CD6E4858}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{F2C0B6D7-0920-48AE-A8A5-D0B7A74196CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B8DA83F9-EFB9-4AF4-BEF7-606F8A28C8C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4CE756BB-8A0E-442E-B04E-F10995C6B74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{1CFBFFDB-F8BA-48EE-8517-CCFC23796448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7A266F46-7372-43FE-A4E3-3044004FA746}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4FD90289-7B53-4631-B0D4-6525C04E536E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{E3B02298-202B-4941-B6BB-88A2CB03B011}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{94111983-77EE-46B6-86C2-481A5C68857A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{7F232676-6DB9-4C85-A46C-6B6FAA0242B5}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{DD96E376-DB78-4086-AB8A-BAE677F9AA34}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{8B7D9B34-DC6A-4944-861E-C99E18D5A646}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{653A05D1-20F1-4122-9B13-F43C7AC3D143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{05676E01-805B-46F4-8C7D-22D0389EDDF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{78DA0FF0-4BFB-4FB5-B56C-C284EC7D302E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{757ACDF3-CD9D-4D98-B238-8C1D14E071F8}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [UDP Query User{0619F7DE-1CCB-4239-9EBA-F0DA32152075}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{DB897090-11C2-4C8B-98FE-441FE516A0FB}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{46F8C5EA-06C6-4E94-B562-6E8598084B58}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Multifunction Device
Description: Multifunction Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multifunction Device
Description: Multifunction Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multifunction Device
Description: Multifunction Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multifunction Device
Description: Multifunction Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9625

Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9625

Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6969

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6969

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5516

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5516

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3719


System errors:
=============
Error: (07/05/2015 11:36:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VeriFaceSrv service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/05/2015 11:35:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9625

Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9625

Error: (07/03/2015 08:40:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6969

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6969

Error: (07/03/2015 08:40:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5516

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5516

Error: (07/03/2015 08:40:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2015 08:40:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3719


CodeIntegrity Errors:
===================================
  Date: 2015-07-05 23:46:38.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 23:46:37.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 23:37:46.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 23:37:46.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:57:30.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:57:30.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:47:36.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:47:36.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:47:35.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:47:35.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8104.27 MB
Available physical RAM: 4956.03 MB
Total Virtual: 12072.27 MB
Available Virtual: 8808.93 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.66 GB) (Free:496.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20F92F22)

Partition: GPT Partition Type.

==================== End of log ============================

Attached Files


Edited by Oh My!, 10 July 2015 - 04:24 PM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 10 July 2015 - 04:48 PM

Greetings skyferlfc and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk -> C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe (No File)
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk -> C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
S2 SDScannerService; No ImagePath
S2 SDUpdateService; No ImagePath
S2 SDWSCService; No ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
2015-06-23 19:12 - 2015-04-28 21:02 - 00000080 _____ C:\Users\Amy\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Do not use your compute while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
  • A copy can also be found in your C:\ directory
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Zoek report
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 July 2015 - 09:11 PM

Hi Gary! You can call me Amy.

 

I have uninstalled BitTorrent as you advised me to.

 

Here is the Fixlog.txt: 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Amy at 2015-07-10 21:21:43 Run:1
Running from C:\Users\Amy\Desktop
Loaded Profiles: Amy (Available Profiles: Amy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - "G:\autorun.exe"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {77cbd050-d7b6-11e3-8260-00c2c66071b4} - "F:\setup.exe"
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk -> C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe (No File)
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk -> C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6AC2E87D-D826-4CC8-B6C6-154CA2F01401} URL =
S2 SDScannerService; No ImagePath
S2 SDUpdateService; No ImagePath
S2 SDWSCService; No ImagePath
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
2015-06-23 19:12 - 2015-04-28 21:02 - 00000080 _____ C:\Users\Amy\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77cbd050-d7b6-11e3-8260-00c2c66071b4}" => key removed successfully
HKCR\CLSID\{77cbd050-d7b6-11e3-8260-00c2c66071b4} => key not found. 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. 
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. 
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => key not found. 
C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe not found.
C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AC2E87D-D826-4CC8-B6C6-154CA2F01401}" => key removed successfully
HKCR\CLSID\{6AC2E87D-D826-4CC8-B6C6-154CA2F01401} => key not found. 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6AC2E87D-D826-4CC8-B6C6-154CA2F01401} => key not found. 
HKCR\CLSID\{6AC2E87D-D826-4CC8-B6C6-154CA2F01401} => key not found. 
SDScannerService => Service removed successfully
SDUpdateService => Service removed successfully
SDWSCService => Service removed successfully
BRDriver64_1_3_3_E02B25FC => Service removed successfully
C:\Users\Amy\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => moved successfully.
 
==== End of Fixlog 21:21:44 ====
 
Here is the zoek-results.txt:
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Amy on Fri 07/10/2015 at 21:27:49.17.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Amy\Desktop\zoek.exe [Scan all users]   [Deep Scan] [Auto Clean]
 
==== System Restore Info ======================
 
7/10/2015 9:28:39 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~2\OpenVPN Technologies deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Turbine deleted successfully
C:\Users\Amy\AppData\Roaming\Opera Software deleted successfully
C:\Users\Amy\AppData\Local\Opera Software deleted successfully
C:\Users\Amy\AppData\Local\Secunia PSI deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\Hp Bluetooth Mouse Z6000.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Users\Amy\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\New Folder not found
C:\PROGRA~2\OpenVPN Technologies not found
C:\Users\Public\Pokki deleted
C:\Users\Amy\AppData\Roaming\CrashRpt1402.dll deleted
C:\Users\Amy\AppData\Roaming\msvcr90-ruby191.dll deleted
C:\PROGRA~3\eBay deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Amy\AppData\Local\updater.log deleted
C:\Users\Amy\AppData\Local\cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\Users\Amy\Downloads\drivermax_7_59_cnet.exe deleted
C:\windows\wininit.ini deleted
C:\windows\Syswow64\Hotspot Shield deleted
C:\Users\Amy\AppData\Roaming\wnsync.exe deleted
"C:\Users\Amy\AppData\Roaming\vlc\vlcrc" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\DXGIODScreenshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.exe" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\uploader.dll" deleted
"C:\Users\Amy\AppData\Roaming\vlc" deleted
"C:\PROGRA~2\Skillbrains" deleted
"C:\PROGRA~2\Skillbrains\lightshot" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1" deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8105 MB
CPU Info: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
CPU Speed: 2458.7 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | NVIDIA GeForce GT 755M
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: TAP-Windows Adapter V9 | Intel® Centrino® Wireless-N 2230 | Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
CD / DVD Drives: 4x (E: | F: | G: | H: | ) E: MATbleepADVD-RAM UJ8DB    | F: DTSOFT  BDROM            | G:  | H:
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  891.7GB | D:  25.0GB
Hard Disks - Free: C:  496.0GB | D:  22.1GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE |  | LENOVO - 1
Time Zone: Eastern Standard Time
Motherboard *: LENOVO VIQY0Y1
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Symantec Endpoint Protection On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: Symantec Endpoint Protection disabled (Outdated)
Firewall: Symantec Endpoint Protection disabled
Default Browser: Google Chrome 43.0.2357.132
Internet Explorer Version: 11.0.9600.17842 
Mozilla Firefox version: 38.0.5 (x86 en-US)
Google Chrome version: 43.0.2357.132
Adobe Reader version: 15.7.20033.133275
Sun Java version: 1.7.0_55 (32-bit) 
Sun Java version: 1.8.0_05 (64-bit) 
Flash Player version: 18.0.0.203
Shockwave Player version: 12.1.6r156
 
==== Files Recently Created / Modified ======================
 
====== C:\windows ====
2015-07-06 03:35:32 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\windows\tweaking.com-regbackup-XABI-Windows-8.1-(64-bit).dat
====== C:\Users\Amy\AppData\Local\Temp ====
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2015-07-06 04:09:44 FA2338547763C9AB0BF1697EF4399E5F 424288 ----a-w- C:\windows\SysWOW64\SymVPN.dll
2015-07-06 04:09:44 8443B657407E8C18826C432998BEF1A8 139104 ----a-w- C:\windows\SysWOW64\FwsVpn.dll
2015-07-06 04:09:44 80DFDA8FCD4FFA49E1EA8A2BC2EC78DB 363872 ----a-w- C:\windows\SysWOW64\sysfer.dll
2015-07-06 04:09:44 689791487C4EAF1AE5FC5F9B7555A763 51552 ----a-w- C:\windows\SysWOW64\snacnp.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2015-07-06 04:09:44 D20EBF0C24D4C0201B440D8235091F51 159072 ----a-w- C:\windows\Sysnative\FwsVpn.dll
2015-07-06 04:09:44 801DCF42E3A47C57679144984C871C28 579936 ----a-w- C:\windows\Sysnative\SymVPN.dll
2015-07-06 04:09:44 5E45098932E4C54678162DB6A0E954E5 462688 ----a-w- C:\windows\Sysnative\sysfer.dll
====== C:\windows\Sysnative\drivers =====
2015-07-06 04:15:55 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.INF
2015-07-06 04:15:55 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.SYS
2015-07-06 04:15:55 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.CAT
2015-07-06 04:09:44 B7C3513425DA6E50D6C8AD759FEC7D9F 39384 ----a-w- C:\windows\Sysnative\drivers\WGX64.SYS
2015-07-06 04:09:44 1C575DF206C5A76AD2D87E9EB6FF8883 159552 ----a-w- C:\windows\Sysnative\drivers\SysPlant.sys
2015-06-11 23:59:24 BED3EDDC4B361B9023022B8ED4B04AEA 31560 ----a-w- C:\windows\Sysnative\drivers\nvpciflt.sys
2015-06-11 23:59:24 017E0B4AEFCB291E7CF1CD4BF120A7A8 10995528 ----a-w- C:\windows\Sysnative\drivers\nvlddmkm.sys
2015-06-11 23:52:27 D0EB00C3BDD50E9CABA534CF829593E8 38032 ----a-w- C:\windows\Sysnative\drivers\nvvad64v.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2015-06-12 19:46:53 -------- d-----w- C:\Program Files\iPod
2015-06-12 19:46:52 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2015-07-06 03:40:48 -------- d-----w- C:\PROGRA~2\ConsumerSoft
2015-07-06 01:38:19 -------- d-----w- C:\PROGRA~2\QuickTime
2015-07-06 01:23:07 -------- d-----w- C:\PROGRA~2\Heroes of the Storm
2015-06-12 19:46:52 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Amy\AppData\Roaming ======
2015-07-06 01:53:07 -------- d-----w- C:\Users\Amy\AppData\Roaming\GamingOnSteroids
2015-06-12 23:22:15 -------- d-----w- C:\Users\Amy\AppData\Local\Overwolf
2015-06-12 19:46:22 -------- d-----w- C:\Users\Default\AppData\Roaming\Apple Computer
2015-06-12 19:46:22 -------- d-----w- C:\Users\Default\AppData\Local\Apple Computer
2015-06-12 19:46:22 -------- d-----w- C:\Users\Default User\AppData\Roaming\Apple Computer
2015-06-12 19:46:22 -------- d-----w- C:\Users\Default User\AppData\Local\Apple Computer
2015-06-11 23:53:47 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\NVIDIA Corporation
====== C:\Users\Amy ======
2015-07-06 04:15:53 -------- d-----w- C:\ProgramData\SymEFASI
2015-07-06 04:01:40 D19E9ED9EDDDE984975A7D25C1F44663 639673284 ----a-w- C:\Users\Amy\Downloads\Sep1215unm-64.exe
2015-07-06 03:47:25 291587EBEFDB3EE505139A46717BDFC8 2112512 ----a-w- C:\Users\Amy\Desktop\FRST64.exe
2015-07-06 03:34:25 86BA65B13321DB692AEE1B82D86FA2FF 2953798 ----a-w- C:\Users\Amy\Downloads\JRT.exe
2015-07-06 03:32:53 FB7C9AF2195DE0E6BFB2DF7D5061071A 1063160 ----a-w- C:\Users\Amy\Downloads\rkill64.exe
2015-07-06 03:32:50 1B28807E950FB1B2F4C9AAD546D6568A 1943800 ----a-w- C:\Users\Amy\Downloads\rkill.exe
2015-07-06 03:31:09 1A6501B45306B3F5A125FAACE18C5FDE 2244096 ----a-w- C:\Users\Amy\Downloads\AdwCleaner.exe
2015-07-06 01:53:01 7F210FF68C5E6CD69DBD5A202FB980D9 1705984 ----a-w- C:\Users\Amy\Desktop\Loader.exe
2015-07-06 01:46:44 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2015-07-06 01:46:27 8A2666B8AF5087884BAC005B928F56B9 102934688 ----a-w- C:\Users\Amy\Downloads\KVRT.exe
2015-07-06 01:38:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-06 01:29:47 0D7E51C37A27951BBD527624B30F3B00 717656 ----a-w- C:\Users\Amy\Downloads\setup (1).exe
2015-07-06 01:29:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-07-06 01:18:46 6430388DEA6EF4628A9A76E8119B0305 3080760 ----a-w- C:\Users\Amy\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-07-03 22:17:23 1A6501B45306B3F5A125FAACE18C5FDE 2244096 ----a-w- C:\Users\Amy\Downloads\adwcleaner_4.207.exe
2015-06-13 22:59:36 -------- d-----w- C:\ProgramData\BitRaider
2015-06-12 19:48:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-12 19:46:52 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-12 18:53:31 -------- d-----w- C:\ProgramData\IsolatedStorage
2015-06-11 23:52:35 -------- d-----w- C:\ProgramData\boost_interprocess
 
====== C: exe-files ==
2015-07-09 03:01:02 23C3ECCDA9F8A49FE7B5ED4518F4463F 2743376 ----a-w- C:\Program Files (x86)\Google\Update\Install\{9658327B-D36A-48BD-9C21-B95755CE4B7C}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
2015-07-09 03:01:01 23C3ECCDA9F8A49FE7B5ED4518F4463F 2743376 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.132\43.0.2357.132_43.0.2357.130_chrome_updater.exe
2015-07-07 02:15:43 9FC679D10A7377BB04ECC3D0E2E26B53 148080 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2015-07-06 01:29:08 E3DC51863EA419BE3C100687D435E57C 49764400 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Versions\Base36144\HeroesOfTheStorm_x64.exe
2015-07-06 01:29:08 66ADAD0697000F51AEA699A7C5C2E2F3 647728 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Support64\HeroesSwitcher_x64.exe
2015-07-06 01:29:06 FAC8115919205A756F0971312C06BD4B 38448 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Support\PrePopulateCache.exe
2015-07-06 01:29:06 B26DBB30D048F2CB309ED8EDFE95021B 336432 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Support\BlizzardError.exe
2015-07-06 01:29:06 7812709DBD21B447357EC26DD13ECA00 49287728 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Versions\Base36144\HeroesOfTheStorm.exe
2015-07-06 01:29:06 36A29F5EA19DAB41D262D847761BC165 645680 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Support\HeroesSwitcher.exe
2015-07-06 01:28:58 B36B9228DD58AA53C10173DB3E906A50 3076656 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe
2015-07-06 01:19:36 12DB8B717D6F75AD50D4CEB0C5509C8D 10231856 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5952\Battle.net.exe
=== C: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"
"Spotify Web Helper"="C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Google Update"="C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Bluetooth Mouse Z6000"="C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\HP Bluetooth Mouse Z6000.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"
"Spotify Web Helper"="C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"Google Update"="C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe /c"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\SysWOW64\\nvinit.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"RtsFT"="RTFTrack.exe"
"OnekeyStudio"="C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4"
"RtHDVBg_LENOVO_DOLBYDRAGON"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_DOLBYDRAGON"
"RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\system32\\nvinitx.dll"
 
==== Startup Folders ======================
 
2015-04-16 19:04:38 2332 ----a-w- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk
2015-04-16 16:07:04 2304 ----a-w- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk
2015-04-11 19:27:50 1175 ----a-w- C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
 
==== Task Scheduler Jobs ======================
 
C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/08/2015 11:12 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/15/2014 11:36 AM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/15/2014 11:36 AM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job --a-------- :C:\Users\Amy\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job --a-------- C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [04/14/2015 02:28 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\DolbySelectorTask" [%ProgramFiles%\Dolby Digital Plus\ddp.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core" [C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA" [C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\windows\SysNative\tasks\Maxthon Update" ["C:\Program Files (x86)\Maxthon\Bin\mxup.exe"]
"C:\windows\SysNative\tasks\PDVDServ Task" [C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE]
"C:\windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\windows\SysNative\tasks\UMonitor Task" [C:\windows\SysWOW64\UMonit64.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
AD76B0F3348914E133455E52743C839D - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll - Shockwave for Director / Shockwave for Director
EF3CA2A515FEC970E22D2C424A42401E - C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
9F8956BF8C354FCC6E0C416417E5E7ED - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
Google Docs - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Mancala - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe
2048 - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp
Google Search - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Trivia Crack Game Winner - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmbcbgcaghggmlpfnapchmielgdnedi
AdBlock - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
NAMEs Rank: - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp
Happy Wheels - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc
Isoball 3 - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj
Auto HD For YouTube - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak
Chrome Hotword Shared Module - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Need for Speed World is a FREE to play online racing game where you can compete with millions of players around the World. - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk
Trivia Cracker - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaoffaaolfohpleklnbmhbndphfgeef
Google Wallet - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Sinuous - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl
Gmail - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Bluetooth Mouse Z6000] C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\HP Bluetooth Mouse Z6000.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk = C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe
O4 - Startup: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk = C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel® ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Amy\AppData\Local\Mozilla\Firefox\Profiles\5rcv5u3j.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=5844 folders=288 1235165569 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Amy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Amy\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 07/10/2015 at 21:59:38.38 ======================
 
I attached the summary.zip. 
 
Thanks for your help so far!

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 10 July 2015 - 09:31 PM

Greetings Amy. Thank you for all the information.

Do you recognize these?

C:\Users\Amy\Downloads\Sep1215unm-64.exe
C:\Users\Amy\Desktop\Loader.exe


Can you provide an update regarding your computer performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 10 July 2015 - 09:53 PM

Yes. The first one is symantec endpoint protection that I downloaded from my university's website and the second is a program I have used before on my computer without any issues.

 

My performance is good so far but I'll have to keep a look out. Some days I don't hear the random ads playing, other days I hear them every 5 minutes, it seems to be very random. 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 10 July 2015 - 09:56 PM

Excellent, thanks. We have lots of time to wait! :)

In the meantime let's run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 11 July 2015 - 09:41 PM

Before I the two programs you told me to run I did hear an ad playing when nothing else was open. 

 

The first program, forget the name:

 

C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\SC4.exe a variant of Generik.FQMNCYT trojan cleaned by deleting - quarantined
C:\Users\Amy\AppData\Roaming\BitTorrent\updates\7.9.1_31141.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined

 

Security Check: 

 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
Windows Defender               
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.7011)   
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.203  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
 Google Chrome (43.0.2357.130) 
 Google Chrome (43.0.2357.132) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 11 July 2015 - 10:40 PM

Thanks Amy. I will be ending for the evening shortly so I will review your reply in the morning.

Please rerun AdwCleaner and post the results. In addition do these things.

===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Running a Zoek Script

--------------------
  • Double click ZOEK.exe
  • Copy and paste the following into the white input window

autoruns;
autoclean;
resetIEproxy;
resethosts;

  • Click Run Script
  • Upon completion copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Zoek results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 12 July 2015 - 12:20 PM

AdwCleaner:

 

# AdwCleaner v4.208 - Logfile created 12/07/2015 at 12:44:28
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Amy - XABI
# Running from : C:\Users\Amy\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.132
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3185 bytes] - [03/07/2015 18:18:26]
AdwCleaner[R1].txt - [1210 bytes] - [05/07/2015 23:31:19]
AdwCleaner[R2].txt - [1217 bytes] - [12/07/2015 12:42:55]
AdwCleaner[S0].txt - [2960 bytes] - [03/07/2015 18:20:03]
AdwCleaner[S1].txt - [1146 bytes] - [12/07/2015 12:44:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1205  bytes] ##########
 
JRT: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.5 (07.12.2015:1)
OS: Windows 8.1 x64
Ran by Amy on Sun 07/12/2015 at 12:51:38.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Amy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Amy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Amy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Amy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/12/2015 at 12:54:24.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Zoek:
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Amy on Sun 07/12/2015 at 12:55:27.48.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Amy\Desktop\bleeping\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-07-11-015938.log 39361 bytes
 
==== Reset Hosts File ======================
 
# Copyright © 1993-2006 Microsoft Corp. 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# For example: 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF" []
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
AD76B0F3348914E133455E52743C839D - C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll - Shockwave for Director / Shockwave for Director
EF3CA2A515FEC970E22D2C424A42401E - C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
9F8956BF8C354FCC6E0C416417E5E7ED - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll - Shockwave Flash
 
 
==== Chromium Look ======================
 
Mancala - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe
2048 - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp
Trivia Crack Game Winner - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmbcbgcaghggmlpfnapchmielgdnedi
AdBlock - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Happy Wheels - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc
Chrome Hotword Shared Module - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Trivia Cracker - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaoffaaolfohpleklnbmhbndphfgeef
Sinuous - Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{BBDA0591-3099-440a-AA10-41764D9DB4DB} deleted successfully
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Amy\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Amy\AppData\Local\Mozilla\Firefox\Profiles\5rcv5u3j.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=5844 folders=288 1235165569 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Amy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Amy\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 07/12/2015 at 13:17:15.33 ======================
 

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 12 July 2015 - 03:07 PM

Assuming you still hear the ads please rerun FRST making sure to check Addition.txt. Post both logs.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 12 July 2015 - 03:33 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Amy (administrator) on XABI on 12-07-2015 16:10:56
Running from C:\Users\Amy\Downloads
Loaded Profiles: Amy (Available Profiles: Amy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\SysWOW64\UMonit64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hp) C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\Hp Bluetooth Mouse Z6000.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\SG Interactive\Pangya\update.cln
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-04-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-04-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Bluetooth Mouse Z6000] => C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\HP Bluetooth Mouse Z6000.exe [1728512 2013-09-18] (hp)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-14] (Google Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk -> C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk -> C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-13] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{55214981-142E-4142-A515-662667940D2D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8E9ACE10-475E-4D4F-87CB-1F6FCDDB6CC1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: leethax.net extension - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default\Extensions\leethax@leethax.net.xpi [2015-01-13]
 
Chrome: 
=======
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Mancala) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-09-02]
CHR Extension: (2048) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Trivia Crack Game Winner) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmbcbgcaghggmlpfnapchmielgdnedi [2015-04-17]
CHR Extension: (AdBlock) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (Flood-It!) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp [2014-10-20]
CHR Extension: (Happy Wheels) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2014-10-20]
CHR Extension: (Isoball 3) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-10-20]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Need for Speed World) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-10-20]
CHR Extension: (Trivia Cracker) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaoffaaolfohpleklnbmhbndphfgeef [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Sinuous) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-13] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3262288 2014-04-15] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-04-03] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-25] (Symantec Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-06] (Symantec Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-15] (GenesysLogic)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20150710.011\IDSvia64.sys [671448 2015-07-03] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150712.001\ENG64.SYS [138488 2015-07-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150712.001\EX64.SYS [2146040 2015-07-06] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SymELAM.sys [23568 2014-09-12] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-07-10] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [103384 2014-09-12] (Symantec Corporation)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 16:10 - 2015-07-12 16:10 - 02133504 _____ (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2015-07-12 16:10 - 2015-07-12 16:10 - 00031072 _____ C:\Users\Amy\Downloads\FRST.txt
2015-07-12 15:39 - 2015-07-12 15:39 - 00001634 _____ C:\Users\Public\Desktop\Pangya.lnk
2015-07-12 15:39 - 2015-07-12 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pangya
2015-07-12 15:38 - 2015-07-12 15:38 - 00000000 ____D C:\SG Interactive
2015-07-12 13:28 - 2015-07-12 13:28 - 02125328 _____ (Reloaded Technologies) C:\Users\Amy\Downloads\Pangya_downloader.exe
2015-07-12 13:28 - 2015-07-12 13:28 - 00000000 ____D C:\Users\Amy\Desktop\Pangya
2015-07-12 13:13 - 2015-07-12 12:55 - 00024064 _____ C:\windows\zoek-delete.exe
2015-07-12 13:07 - 2015-07-12 13:17 - 00000000 ____D C:\zoek
2015-07-12 12:57 - 2015-07-10 21:59 - 00039361 _____ C:\zoek-results2015-07-11-015938.log
2015-07-12 12:42 - 2015-07-12 12:42 - 02248704 _____ C:\Users\Amy\Downloads\AdwCleaner (1).exe
2015-07-11 22:35 - 2015-07-11 22:35 - 00852676 _____ C:\Users\Amy\Downloads\SecurityCheck.exe
2015-07-11 09:50 - 2015-07-11 09:50 - 00852676 _____ C:\Users\Amy\Downloads\SecurityCheck (1).exe
2015-07-11 09:47 - 2015-07-11 09:47 - 02870984 _____ (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu (1).exe
2015-07-10 22:15 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Amy\Desktop\bleeping
2015-07-10 21:28 - 2015-07-12 13:17 - 00007542 _____ C:\zoek-results.log
2015-07-10 21:24 - 2015-07-10 21:41 - 00000000 ____D C:\zoek_backup
2015-07-10 21:24 - 2015-07-10 21:24 - 01308672 _____ C:\Users\Amy\Downloads\zoek (1).exe
2015-07-06 12:26 - 2015-07-12 13:16 - 00001740 _____ C:\windows\setupact.log
2015-07-06 12:26 - 2015-07-06 12:26 - 00000000 _____ C:\windows\setuperr.log
2015-07-06 12:25 - 2015-07-12 13:14 - 00002512 _____ C:\windows\PFRO.log
2015-07-06 00:15 - 2015-07-10 22:54 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-06 00:15 - 2015-07-10 22:54 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\windows\system32\Drivers\symefasi
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\ProgramData\SymEFASI
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-06 00:09 - 2015-07-10 22:52 - 00579936 _____ (Symantec Corporation) C:\windows\system32\SymVPN.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00424288 _____ (Symantec Corporation) C:\windows\SysWOW64\SymVPN.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00159552 _____ (Symantec Corporation) C:\windows\system32\Drivers\SysPlant.sys
2015-07-06 00:09 - 2015-07-10 22:52 - 00159072 _____ (Symantec Corporation) C:\windows\system32\FwsVpn.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00139104 _____ (Symantec Corporation) C:\windows\SysWOW64\FwsVpn.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00039384 _____ (Symantec Corporation) C:\windows\system32\Drivers\WGX64.SYS
2015-07-06 00:09 - 2015-07-06 00:09 - 00462688 _____ (Symantec Corporation) C:\windows\system32\sysfer.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00363872 _____ (Symantec Corporation) C:\windows\SysWOW64\sysfer.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00051552 _____ (Symantec Corporation) C:\windows\SysWOW64\snacnp.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2015-07-06 00:08 - 2015-07-10 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2015-07-06 00:08 - 2015-07-06 00:08 - 00073141 _____ C:\Users\Amy\Downloads\Addition.txt
2015-07-06 00:08 - 2015-07-06 00:08 - 00000000 ____D C:\windows\system32\Drivers\SEP
2015-07-06 00:08 - 2015-07-06 00:08 - 00000000 ____D C:\Program Files (x86)\Symantec
2015-07-06 00:01 - 2015-07-06 00:05 - 639673284 _____ C:\Users\Amy\Downloads\Sep1215unm-64.exe
2015-07-05 23:47 - 2015-07-12 16:11 - 00000000 ____D C:\FRST
2015-07-05 23:40 - 2015-07-05 23:40 - 00971616 _____ C:\Users\Amy\Downloads\Install Broken Shortcut Fixer.exe
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Broken Shortcut Fixer
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Program Files (x86)\ConsumerSoft
2015-07-05 23:35 - 2015-07-05 23:35 - 00000207 _____ C:\windows\tweaking.com-regbackup-XABI-Windows-8.1-(64-bit).dat
2015-07-05 23:35 - 2015-07-05 23:35 - 00000000 ____D C:\RegBackup
2015-07-05 23:34 - 2015-07-05 23:34 - 02953798 _____ (Malwarebytes Corporation) C:\Users\Amy\Downloads\JRT.exe
2015-07-05 23:32 - 2015-07-05 23:32 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill.exe
2015-07-05 23:32 - 2015-07-05 23:32 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill64.exe
2015-07-05 23:31 - 2015-07-05 23:31 - 02244096 _____ C:\Users\Amy\Downloads\AdwCleaner.exe
2015-07-05 23:27 - 2015-07-05 23:27 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (2).exe
2015-07-05 23:26 - 2015-07-05 23:26 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (1).exe
2015-07-05 23:24 - 2015-07-12 15:54 - 02065363 _____ C:\windows\WindowsUpdate.log
2015-07-05 23:24 - 2015-07-05 23:25 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix.exe
2015-07-05 21:53 - 2015-07-05 21:53 - 01705984 _____ (GamingOnSteroids) C:\Users\Amy\Desktop\Loader.exe
2015-07-05 21:53 - 2015-07-05 21:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\GamingOnSteroids
2015-07-05 21:48 - 2015-07-05 22:15 - 00000000 ____D C:\KVRT_Data
2015-07-05 21:46 - 2015-07-05 21:48 - 102934688 _____ (Kaspersky Lab ZAO) C:\Users\Amy\Downloads\KVRT.exe
2015-07-05 21:46 - 2015-07-05 21:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-05 21:29 - 2015-07-05 21:29 - 00717656 _____ (Kaspersky Lab) C:\Users\Amy\Downloads\setup (1).exe
2015-07-05 21:29 - 2015-07-05 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-07-05 21:26 - 2015-07-05 21:26 - 04176437 _____ C:\Users\Amy\Downloads\tdsskiller.zip
2015-07-05 21:23 - 2015-07-05 21:41 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-07-05 21:18 - 2015-07-05 21:19 - 03080760 _____ (Blizzard Entertainment) C:\Users\Amy\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-07-03 20:01 - 2015-07-03 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 18:17 - 2015-07-12 12:44 - 00000000 ____D C:\AdwCleaner
2015-07-03 18:17 - 2015-07-03 18:17 - 02244096 _____ C:\Users\Amy\Downloads\adwcleaner_4.207.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2015-06-15 18:18 - 2015-06-15 18:18 - 00511078 _____ C:\Users\Amy\Downloads\bccalcet02_xl_0901.cdf
2015-06-13 21:33 - 2015-06-13 21:33 - 00822248 _____ (MurGee.com ) C:\Users\Amy\Downloads\setup.exe
2015-06-13 21:31 - 2015-06-13 21:31 - 00478760 _____ (Advanced Mouse Auto Clicker ltd. ) C:\Users\Amy\Downloads\FreeMouseAutoClicker.exe
2015-06-13 21:11 - 2015-06-13 21:11 - 00638976 _____ C:\Users\Amy\Downloads\Detection (1).msi
2015-06-13 21:10 - 2015-06-13 21:10 - 00638976 _____ C:\Users\Amy\Downloads\Detection.msi
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\ProgramData\BitRaider
2015-06-13 13:32 - 2015-07-05 21:33 - 00000000 ____D C:\Wooxy
2015-06-13 13:31 - 2015-06-13 13:31 - 07725313 _____ C:\Users\Amy\Downloads\WooxySetup.zip
2015-06-13 13:30 - 2015-06-13 13:30 - 01867023 _____ C:\Users\Amy\Downloads\sfmod - summonerfactory.net - 1.3.wxy
2015-06-13 13:18 - 2015-06-13 13:18 - 02186919 _____ C:\Users\Amy\Downloads\SummonerFactoryClient.zip
2015-06-13 12:56 - 2014-08-18 01:14 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts.20150613-125604.backup
2015-06-12 19:22 - 2015-06-12 19:22 - 00000000 ____D C:\Users\Amy\AppData\Local\Overwolf
2015-06-12 15:48 - 2015-06-12 15:48 - 00001806 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-12 15:48 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Program Files\iPod
2015-06-12 14:58 - 2015-06-12 14:58 - 03272136 _____ (Secunia) C:\Users\Amy\Downloads\PSISetup.exe
2015-06-12 14:58 - 2015-06-12 14:58 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-06-12 14:53 - 2015-06-12 14:53 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-06-12 14:52 - 2015-06-12 14:53 - 02097712 _____ C:\Users\Amy\Downloads\AppManagerSetup_2.0.exe
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\SysWOW64\NV
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\system32\NV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 16:12 - 2014-04-30 15:44 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 16:01 - 2014-07-15 11:36 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-07-12 15:58 - 2014-04-23 20:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype
2015-07-12 15:52 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-12 15:38 - 2015-04-14 14:28 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job
2015-07-12 13:19 - 2014-10-17 18:55 - 00006464 _____ C:\windows\SysWOW64\Gms.log
2015-07-12 13:19 - 2014-04-23 17:54 - 00000000 ___DO C:\Users\Amy\SkyDrive
2015-07-12 13:17 - 2014-07-15 11:36 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 13:15 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 13:14 - 2014-04-03 04:47 - 00010752 _____ C:\windows\system32\VfService.trf
2015-07-12 13:10 - 2014-07-12 10:22 - 00000000 ____D C:\ProgramData\Symantec
2015-07-11 15:25 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-11 13:57 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-11 12:31 - 2014-05-26 15:15 - 00000000 ____D C:\Users\Amy\AppData\Roaming\TS3Client
2015-07-11 11:38 - 2015-04-14 14:28 - 00000858 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job
2015-07-11 09:44 - 2014-04-23 17:55 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358433092-2061095435-3189857472-1002
2015-07-10 21:57 - 2015-01-13 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-10 21:19 - 2014-05-09 16:11 - 00000000 ____D C:\Users\Amy\AppData\Roaming\BitTorrent
2015-07-10 13:41 - 2014-11-14 19:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KongHack
2015-07-10 13:41 - 2014-04-23 17:58 - 00000000 ____D C:\Users\Amy\AppData\Local\Deployment
2015-07-08 23:12 - 2014-04-30 15:44 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 23:01 - 2014-07-15 11:36 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 17:24 - 2015-03-18 17:39 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 17:24 - 2015-03-18 17:39 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 12:31 - 2014-12-29 16:05 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2015-07-06 00:16 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-06 00:09 - 2014-07-12 10:23 - 00058720 _____ (Symantec Corporation) C:\windows\system32\snacnp.dll
2015-07-05 23:57 - 2014-07-12 18:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-05 23:48 - 2014-09-07 14:54 - 00000000 ____D C:\Users\Amy\Desktop\Papers
2015-07-05 23:48 - 2014-05-22 10:26 - 00000000 ____D C:\Users\Amy\Desktop\Stuff
2015-07-05 23:48 - 2014-04-29 18:41 - 00000000 ____D C:\Users\Amy\Desktop\Games
2015-07-05 23:23 - 2014-05-28 22:20 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 23:19 - 2014-04-23 18:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-05 21:53 - 2015-02-13 13:39 - 00000000 ____D C:\Users\Amy\AppData\Local\Battle.net
2015-07-05 21:47 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Guest
2015-07-05 21:46 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Administrator
2015-07-05 21:19 - 2015-02-13 13:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-05 06:08 - 2014-04-24 10:25 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 19:34 - 2014-04-28 20:02 - 00000000 ____D C:\Users\Amy\AppData\Local\Force_Project_X
2015-06-23 22:32 - 2015-05-18 20:46 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-18 08:42 - 2014-05-28 22:20 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 21:11 - 2014-05-27 12:34 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-06-13 21:03 - 2014-11-13 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-13 20:57 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-06-13 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-13 12:20 - 2015-02-17 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-06-13 12:19 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 12:15 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-13 12:08 - 2015-02-17 21:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-13 11:58 - 2014-09-12 11:31 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-13 11:37 - 2013-08-22 10:44 - 00497064 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-13 11:33 - 2015-04-16 15:08 - 00000000 ____D C:\windows\system32\appraiser
2015-06-13 11:33 - 2015-03-18 17:30 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-12 15:46 - 2014-09-13 11:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-12 15:46 - 2014-04-23 19:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-12 15:37 - 2015-02-26 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-12 15:20 - 2015-02-17 21:19 - 00000000 ____D C:\windows\SysWOW64\1033
2015-06-12 15:14 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\MSBuild
2015-06-12 15:02 - 2015-04-20 14:02 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2015-06-12 15:01 - 2014-07-12 18:55 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2015-06-12 14:42 - 2014-04-03 04:17 - 00000000 ____D C:\ProgramData\NVIDIA
 
==================== Files in the root of some directories =======
 
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\58a82eb3-9706-461b-829b-901aa8e8ae8a.dat
2014-04-23 17:57 - 2014-04-23 17:57 - 0000694 _____ () C:\Users\Amy\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000278 _____ () C:\Users\Amy\AppData\Local\bcbe872f-bcfd-4092-b42b-fde17ba9353c.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\dd1476be-8a7f-4fa9-96b6-43f4d84c52c3.dat
2015-02-26 22:50 - 2015-05-15 20:34 - 0000273 _____ () C:\Users\Amy\AppData\Local\devcpp.cfg
2015-02-26 22:50 - 2015-05-15 20:34 - 0004515 _____ () C:\Users\Amy\AppData\Local\devcpp.ini
2014-07-14 20:03 - 2014-07-14 20:03 - 0000017 _____ () C:\Users\Amy\AppData\Local\resmon.resmoncfg
2014-05-24 21:19 - 2015-04-23 21:40 - 0000424 _____ () C:\Users\Amy\AppData\Local\UserProducts.xml
2014-04-03 04:25 - 2014-04-03 04:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-08 23:32
 
==================== End of log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Amy at 2015-07-12 16:12:34
Running from C:\Users\Amy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2358433092-2061095435-3189857472-500 - Administrator - Disabled)
Amy (S-1-5-21-2358433092-2061095435-3189857472-1002 - Administrator - Enabled) => C:\Users\Amy
Guest (S-1-5-21-2358433092-2061095435-3189857472-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backyard Baseball 2003 (HKLM-x32\...\Backyard Baseball 2003) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Shortcut Fixer (HKLM-x32\...\{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}) (Version: 1.2 - ConsumerSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Draw a Stickman: EPIC (HKLM-x32\...\Steam App 248650) (Version:  - Hitcents)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Bluetooth Mouse Z6000 (HKLM-x32\...\InstallShield_{CC9202D3-8CD8-4A2F-A345-69B1C577E9B7}) (Version: 1.03 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.28 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b7a9966b-b4d6-468e-9f50-ecf4ac2c6ce4}) (Version: 2.0.0.28 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
KH Ultra Trainer - 1  (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4f344c4511ef18b2) (Version: 0.1.0.64 - KongHack)
KH Ultra Trainer (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4a13cfb01a135aa3) (Version: 0.1.0.46 - KongHack)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pangya (Ntreev USA) (HKLM-x32\...\Pangya) (Version:  - )
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7319 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.7.28.300918 - Linden Research, Inc.)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.12 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{EC23C932-CA24-4AEA-A7C4-285AF81BDD0A}) (Version: 6.1.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 + Expansions Uninstaller (HKLM-x32\...\The Sims™ 3 + Expansions Uninstaller) (Version: 1.0.0.14 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Unity Web Player (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinASO Registry Optimizer 4.8.6 (HKLM-x32\...\WinASO Registry Optimizer PreActivated_is1) (Version: 4.8.6 - X.M.Y International LLC)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
27-06-2015 12:52:25 Windows Update
06-07-2015 00:06:28 Installed Symantec Endpoint Protection.
10-07-2015 11:44:05 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-07-12 12:58 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04A7231F-B150-4E86-A9D1-D592C0655B41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {0FD133B6-40CB-4730-B9A4-A7C1B04297F1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {12335939-2325-4210-ABBD-6B22E0A69298} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {1866DE08-5162-4FF6-9DB5-A732F6F8BDB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1BFE8369-AEEB-4DFF-8F76-0F32D3003D1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3DD4374F-5630-4B6D-BD18-26926ECD5F14} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {412B151E-434E-4864-9365-E49B24EB7F9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5D2E7E50-0505-46C0-8DAC-9C45DC1B1F12} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5F37F952-F4C7-457C-AA01-49177BE6F541} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {66D55DBD-6CBF-41C4-807D-649E04351DF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {6BEAA1CB-1C9F-46EA-9F0F-A8B55625CB3C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {7C2404A2-6923-4A90-9B7B-89280539EC24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {80F594AF-C4E6-45A3-B960-A181B3583A33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8912A4F4-AFDA-4085-8D6C-33C02E345F89} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8FCB59EE-C3CA-43EB-ADC3-3CBC7E16967F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {95172305-FD4D-4629-8B9F-F6B52528CCE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {AD753E9A-8369-424B-9A81-2F7652065F0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B436F487-E3BD-4746-8241-E36131FB96AF} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {C064A030-0192-491A-BE7E-5520D7A4145B} - System32\Tasks\{A179935A-F554-4CEF-BB43-5AFD5756BA0A} => pcalua.exe -a "C:\Users\Amy\AppData\Local\BeAnywhere Support Express\Console\uninstall.exe"
Task: {D0C1BCFA-E92F-49EF-8370-08B5C1E815E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF4DCE0B-76E3-46F2-ABC6-271EB538B84E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.)
Task: {F8FA1C0F-AB00-4AE5-B380-1B64D2097BE9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {FBBFE3C9-6514-40E9-AA80-F6E1230982C9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-17] (Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-03 04:16 - 2015-05-28 03:04 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-03 04:17 - 2015-05-28 00:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-20 15:44 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2014-04-03 04:43 - 2012-04-24 22:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-03 04:47 - 2014-04-03 04:47 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-04-03 04:47 - 2014-04-03 04:47 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-03 04:31 - 2013-10-25 05:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-07-12 15:54 - 2015-03-10 05:15 - 03920896 ____R () C:\SG Interactive\Pangya\update.cln
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 19:21 - 2015-05-22 21:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-10 11:18 - 2015-05-28 03:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Amy\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7868 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy\Desktop\Games\10662161_10152881997247573_9191760896245893973_o.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax_RESTART"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D4677FE9-F923-49D3-A3FA-20613049108E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9F81D054-C5E1-454B-90E7-F92BFA47F1DE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{79FB44F9-60CA-455D-A233-7276932B3B66}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F01405F1-6F76-46F0-8816-0ADD7CC990D7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{266E0531-5476-4FCD-BF3D-66620B767F5F}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C99F6E10-E091-4542-BA31-2973B6D3D8AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{029BDBE7-29E0-4425-9D83-1776AFFF1E0C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{56FC4E64-1CF1-419E-A5CE-D812D64C8543}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{575F1D4C-9736-444F-846B-F6249C5BCADB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DEE2D58E-55A1-461D-BB3C-91D83A6701E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FA9B0A89-0312-4CBE-A16A-DEFA5CD3BDA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5BA66EED-9AF9-4536-9377-681DB6423B63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3717C9A8-74B0-4F7E-8C8E-0B0B57770C19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62B27B86-A3E0-458A-BB3E-1AFF99E62E5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB88F2F-4298-4CF5-A514-C258DB55C88A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD230377-15EA-4C12-873F-96CEFE1FDF74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{BE5CCC6C-EA4D-4FB3-B65B-885CA2AD0E6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{3D656F1B-5BC6-4F6B-8313-5C53B5FA1201}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DB74A36F-873F-46E6-B081-35C3262C185D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [TCP Query User{90FA4542-487D-4537-821B-41A870A8F355}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52F3D906-C7B9-463A-89A2-1DBCFBC77F84}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{024BE309-B9C7-45F4-A2DD-CA902F33399B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A77FD11-D850-48AD-B3CB-23C219B7809E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{43F6CA77-255C-4BF0-ADC0-365720D65654}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F8FFE96A-B65C-481A-AD94-C4818DA5DCE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D9FCD74F-F89B-4767-9524-707B715D1ABB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{62027D37-D4A1-4F1E-9F7B-3995BA2BF660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F3AC2C44-38E8-429C-B9E2-2AF49F4B49BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF55470D-A488-4FAA-ADE4-B768BB2A1E87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B171651F-9D07-4402-BBD9-5820E525C9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{D608111E-93F1-4902-A7C4-877489702222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{C202C5AC-9508-4DF2-A1FA-3CF5001409F7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{414C8EEA-9902-4E80-AB39-C1C9363CF7BD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1D3BEDDF-73E0-41DD-ABA9-750823060F91}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5EAC2EA0-215E-4A1F-896F-C28602A83BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{FE8F8F0A-78DA-459B-9494-519E298F2F1D}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{008CDA3E-F597-4F7F-969D-C68DB98C7394}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DFE42CD9-FE7D-4878-8A3C-353807C6FA0A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4882DD8B-45B2-4D50-8D2E-569ACFB4E812}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DAE4C8D4-E364-4386-A73F-899CF225C7AC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CCC1F85F-D083-4D0E-A540-E97BE38E4FD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{6B9C3897-9624-4818-AFBB-F89BA5917CBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{74962AFC-0365-48D4-B96B-7CB818DF5188}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [{3C262D8F-1BB7-44E1-B526-D1D230BACC45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [TCP Query User{8E73CCE6-2803-4259-8378-BD94A49CAEFA}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11705B98-E823-48FE-BE93-06F9275B833B}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{50C527BC-1828-4723-88AF-D3E4ECBE56F0}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EADAAC2F-0CDD-4AEB-9B39-E2AD0A77DF55}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{81E12C30-55CB-40FE-9A8C-66D1747A7F9E}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6EB3F19A-079B-4C06-AC39-61270C318BA9}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{68F71991-F8AF-4532-A011-DD196F5BF832}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{83EB1959-CFC8-4127-B468-745FEBEB1668}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{5FD2DF4B-1CE7-463F-9E65-EC351297AED1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D80433E8-1873-4568-BF28-52F80EF0C43F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3F7BE168-DEDB-4C75-A024-E6579A07F81B}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C01596B2-BE87-4219-B274-A3610D1933E9}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{73543D94-A01F-4FAF-9995-D07952FC08DD}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{A70DADB1-199A-434C-8653-095EA3B487E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{812EFAD5-AFE4-4B58-B090-2645E9A24D1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{417D2ADF-4103-4C26-ADE8-5B5235607070}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6C9765D0-792C-4FF7-BCCB-EC96EE762D35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{C4AE856B-7C7B-447C-A8F4-3DAA89662CAC}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{585E1375-2093-43EC-9913-3B09FBA0BB32}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{81BBD822-02E7-4BB0-9AD3-8B9BA69FC649}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D545C654-8C3A-4625-A8C8-24633678B9FF}C:\users\amy\desktop\stuff\u1404.exe] => (Allow) C:\users\amy\desktop\stuff\u1404.exe
FirewallRules: [UDP Query User{23706A25-8EDA-4BA5-819F-7DEB32D8A1F9}C:\users\amy\desktop\stuff\u1404.exe] => (Allow) C:\users\amy\desktop\stuff\u1404.exe
FirewallRules: [{74E9E080-9D45-480F-8B7C-AE2404A61B79}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D764D10-FCAF-4102-9FCD-0BCC741256B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{48FAD2FE-0662-4230-A756-E91DF4D1B2D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1E41672-13B1-4550-9DCA-C1374605B1B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{46E1C4E5-0CD4-4833-A298-D7E4EBA7A5CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{541D89ED-9738-4D54-9448-3092DBBC3186}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{1D15657F-7BA6-4270-9346-124109A5DB79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{0CC28346-5101-4AD1-BEAC-D08D21871B12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{82CBA9CB-4F59-4587-9110-372282A53A71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDBF67F8-EF73-4F7B-AD50-83E334181E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{76CF9A0A-5967-4615-869F-1EDC90A6E4DE}C:\users\amy\desktop\stuff\u1405.exe] => (Allow) C:\users\amy\desktop\stuff\u1405.exe
FirewallRules: [UDP Query User{9A1686C7-FBDD-4009-A638-A2DA2E6DDC67}C:\users\amy\desktop\stuff\u1405.exe] => (Allow) C:\users\amy\desktop\stuff\u1405.exe
FirewallRules: [{7156BA7E-AF03-4CB5-A9C2-81998D56D8BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3055E582-D9D6-4C26-9358-0408CD6E4858}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{F2C0B6D7-0920-48AE-A8A5-D0B7A74196CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B8DA83F9-EFB9-4AF4-BEF7-606F8A28C8C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4CE756BB-8A0E-442E-B04E-F10995C6B74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{1CFBFFDB-F8BA-48EE-8517-CCFC23796448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7A266F46-7372-43FE-A4E3-3044004FA746}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4FD90289-7B53-4631-B0D4-6525C04E536E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{E3B02298-202B-4941-B6BB-88A2CB03B011}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{94111983-77EE-46B6-86C2-481A5C68857A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{7F232676-6DB9-4C85-A46C-6B6FAA0242B5}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{DD96E376-DB78-4086-AB8A-BAE677F9AA34}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{8B7D9B34-DC6A-4944-861E-C99E18D5A646}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{653A05D1-20F1-4122-9B13-F43C7AC3D143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{05676E01-805B-46F4-8C7D-22D0389EDDF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [TCP Query User{757ACDF3-CD9D-4D98-B238-8C1D14E071F8}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [UDP Query User{0619F7DE-1CCB-4239-9EBA-F0DA32152075}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{DB897090-11C2-4C8B-98FE-441FE516A0FB}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{46F8C5EA-06C6-4E94-B562-6E8598084B58}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{4A5F30EB-C35C-4918-9E09-EB32ADB07585}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{7F994B3C-F2E1-4966-A710-A36F41A25A06}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{9FD558D5-E66A-4FA6-AC5D-3C307F8E681B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{83042DDB-2090-4C18-963B-60413C39E53E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{70BF6D00-AA41-4AC6-B2CE-9D17414BB240}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2015 01:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: autorunsc.exe, version: 13.40.0.0, time stamp: 0x55622914
Faulting module name: autorunsc.exe, version: 13.40.0.0, time stamp: 0x55622914
Exception code: 0xc0000005
Fault offset: 0x000039a0
Faulting process id: 0xf9c
Faulting application start time: 0xautorunsc.exe0
Faulting application path: autorunsc.exe1
Faulting module path: autorunsc.exe2
Report Id: autorunsc.exe3
Faulting package full name: autorunsc.exe4
Faulting package-relative application ID: autorunsc.exe5
 
Error: (07/12/2015 12:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xd98
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5
 
Error: (07/12/2015 12:58:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (07/12/2015 12:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/12/2015 03:48:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: microsoft.windowscommunicationsapps.
 
Error: (07/12/2015 03:47:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E046963F.LenovoCompanion.
 
Error: (07/12/2015 03:47:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.WindowsScan.
 
Error: (07/12/2015 03:47:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: eBayInc.eBay.
 
Error: (07/12/2015 03:47:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingFoodAndDrink.
 
Error: (07/12/2015 03:47:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Reader.
 
Error: (07/12/2015 03:47:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingMaps.
 
Error: (07/12/2015 03:47:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingNews.
 
Error: (07/12/2015 03:47:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingTravel.
 
Error: (07/12/2015 03:47:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneMusic.
 
 
Microsoft Office:
=========================
Error: (07/12/2015 01:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: autorunsc.exe13.40.0.055622914autorunsc.exe13.40.0.055622914c0000005000039a0f9c01d0bcc5d5dcf96cC:\Users\Amy\AppData\Local\Temp\autorun\autorunsc.exeC:\Users\Amy\AppData\Local\Temp\autorun\autorunsc.exe5470ba56-28b9-11e5-82a5-00c2c66071b0
 
Error: (07/12/2015 12:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9cd9801d0bcc3d73f2bbeC:\Users\Amy\AppData\Local\Temp\DaS_21.exeC:\windows\system32\KERNELBASE.dll2800a7d3-28b7-11e5-82a5-00c2c66071b0
 
Error: (07/12/2015 12:58:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (07/12/2015 12:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Amy\Desktop\bleeping\esetsmartinstaller_enu.exe
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-05 23:46:38.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:46:37.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:37:46.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:37:46.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:57:30.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:57:30.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:36.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:36.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:35.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:35.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8104.27 MB
Available physical RAM: 4652.69 MB
Total Virtual: 11560.27 MB
Available Virtual: 7621.6 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:891.66 GB) (Free:491.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20F92F22)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 



#12 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 12 July 2015 - 03:33 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Amy (administrator) on XABI on 12-07-2015 16:10:56
Running from C:\Users\Amy\Downloads
Loaded Profiles: Amy (Available Profiles: Amy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\SysWOW64\UMonit64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hp) C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\Hp Bluetooth Mouse Z6000.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\SG Interactive\Pangya\update.cln
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-04-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-04-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Bluetooth Mouse Z6000] => C:\Program Files (x86)\HP\HP Bluetooth Mouse Z6000\HP Bluetooth Mouse Z6000.exe [1728512 2013-09-18] (hp)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-14] (Google Inc.)
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk -> C:\ProgramData\{9353221e-8d61-1e20-9353-3221e8d6887a}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk [2015-04-16]
ShortcutTarget: Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk -> C:\ProgramData\{29791d9a-2b26-0660-2979-91d9a2b27668}\Download The Sims 4 Get to Work-RELOADED For PC Direct Link.exe (No File)
Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-13] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{55214981-142E-4142-A515-662667940D2D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8E9ACE10-475E-4D4F-87CB-1F6FCDDB6CC1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2358433092-2061095435-3189857472-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: leethax.net extension - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\5rcv5u3j.default\Extensions\leethax@leethax.net.xpi [2015-01-13]
 
Chrome: 
=======
CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (YouTube) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Mancala) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-09-02]
CHR Extension: (2048) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgddkicplcbgjfobecebadodeggpghp [2014-09-02]
CHR Extension: (Google Search) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Trivia Crack Game Winner) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flmbcbgcaghggmlpfnapchmielgdnedi [2015-04-17]
CHR Extension: (AdBlock) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (Flood-It!) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp [2014-10-20]
CHR Extension: (Happy Wheels) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpljdpjoahbnnfilkiilnfdkdbfiabfc [2014-10-20]
CHR Extension: (Isoball 3) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-10-20]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Need for Speed World) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-10-20]
CHR Extension: (Trivia Cracker) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaoffaaolfohpleklnbmhbndphfgeef [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Sinuous) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-10-20]
CHR Extension: (Gmail) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-13] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3262288 2014-04-15] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-22] (Pharos Systems International) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-04-03] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-25] (Symantec Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-06] (Symantec Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-15] (GenesysLogic)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20150710.011\IDSvia64.sys [671448 2015-07-03] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150712.001\ENG64.SYS [138488 2015-07-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20150712.001\EX64.SYS [2146040 2015-07-06] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SymELAM.sys [23568 2014-09-12] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-07-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-07-10] (Symantec Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [103384 2014-09-12] (Symantec Corporation)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 16:10 - 2015-07-12 16:10 - 02133504 _____ (Farbar) C:\Users\Amy\Downloads\FRST64.exe
2015-07-12 16:10 - 2015-07-12 16:10 - 00031072 _____ C:\Users\Amy\Downloads\FRST.txt
2015-07-12 15:39 - 2015-07-12 15:39 - 00001634 _____ C:\Users\Public\Desktop\Pangya.lnk
2015-07-12 15:39 - 2015-07-12 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pangya
2015-07-12 15:38 - 2015-07-12 15:38 - 00000000 ____D C:\SG Interactive
2015-07-12 13:28 - 2015-07-12 13:28 - 02125328 _____ (Reloaded Technologies) C:\Users\Amy\Downloads\Pangya_downloader.exe
2015-07-12 13:28 - 2015-07-12 13:28 - 00000000 ____D C:\Users\Amy\Desktop\Pangya
2015-07-12 13:13 - 2015-07-12 12:55 - 00024064 _____ C:\windows\zoek-delete.exe
2015-07-12 13:07 - 2015-07-12 13:17 - 00000000 ____D C:\zoek
2015-07-12 12:57 - 2015-07-10 21:59 - 00039361 _____ C:\zoek-results2015-07-11-015938.log
2015-07-12 12:42 - 2015-07-12 12:42 - 02248704 _____ C:\Users\Amy\Downloads\AdwCleaner (1).exe
2015-07-11 22:35 - 2015-07-11 22:35 - 00852676 _____ C:\Users\Amy\Downloads\SecurityCheck.exe
2015-07-11 09:50 - 2015-07-11 09:50 - 00852676 _____ C:\Users\Amy\Downloads\SecurityCheck (1).exe
2015-07-11 09:47 - 2015-07-11 09:47 - 02870984 _____ (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu (1).exe
2015-07-10 22:15 - 2015-07-12 13:33 - 00000000 ____D C:\Users\Amy\Desktop\bleeping
2015-07-10 21:28 - 2015-07-12 13:17 - 00007542 _____ C:\zoek-results.log
2015-07-10 21:24 - 2015-07-10 21:41 - 00000000 ____D C:\zoek_backup
2015-07-10 21:24 - 2015-07-10 21:24 - 01308672 _____ C:\Users\Amy\Downloads\zoek (1).exe
2015-07-06 12:26 - 2015-07-12 13:16 - 00001740 _____ C:\windows\setupact.log
2015-07-06 12:26 - 2015-07-06 12:26 - 00000000 _____ C:\windows\setuperr.log
2015-07-06 12:25 - 2015-07-12 13:14 - 00002512 _____ C:\windows\PFRO.log
2015-07-06 00:15 - 2015-07-10 22:54 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-06 00:15 - 2015-07-10 22:54 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\windows\system32\Drivers\symefasi
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\ProgramData\SymEFASI
2015-07-06 00:15 - 2015-07-06 00:15 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-06 00:09 - 2015-07-10 22:52 - 00579936 _____ (Symantec Corporation) C:\windows\system32\SymVPN.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00424288 _____ (Symantec Corporation) C:\windows\SysWOW64\SymVPN.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00159552 _____ (Symantec Corporation) C:\windows\system32\Drivers\SysPlant.sys
2015-07-06 00:09 - 2015-07-10 22:52 - 00159072 _____ (Symantec Corporation) C:\windows\system32\FwsVpn.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00139104 _____ (Symantec Corporation) C:\windows\SysWOW64\FwsVpn.dll
2015-07-06 00:09 - 2015-07-10 22:52 - 00039384 _____ (Symantec Corporation) C:\windows\system32\Drivers\WGX64.SYS
2015-07-06 00:09 - 2015-07-06 00:09 - 00462688 _____ (Symantec Corporation) C:\windows\system32\sysfer.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00363872 _____ (Symantec Corporation) C:\windows\SysWOW64\sysfer.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00051552 _____ (Symantec Corporation) C:\windows\SysWOW64\snacnp.dll
2015-07-06 00:09 - 2015-07-06 00:09 - 00000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2015-07-06 00:08 - 2015-07-10 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2015-07-06 00:08 - 2015-07-06 00:08 - 00073141 _____ C:\Users\Amy\Downloads\Addition.txt
2015-07-06 00:08 - 2015-07-06 00:08 - 00000000 ____D C:\windows\system32\Drivers\SEP
2015-07-06 00:08 - 2015-07-06 00:08 - 00000000 ____D C:\Program Files (x86)\Symantec
2015-07-06 00:01 - 2015-07-06 00:05 - 639673284 _____ C:\Users\Amy\Downloads\Sep1215unm-64.exe
2015-07-05 23:47 - 2015-07-12 16:11 - 00000000 ____D C:\FRST
2015-07-05 23:40 - 2015-07-05 23:40 - 00971616 _____ C:\Users\Amy\Downloads\Install Broken Shortcut Fixer.exe
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Broken Shortcut Fixer
2015-07-05 23:40 - 2015-07-05 23:40 - 00000000 ____D C:\Program Files (x86)\ConsumerSoft
2015-07-05 23:35 - 2015-07-05 23:35 - 00000207 _____ C:\windows\tweaking.com-regbackup-XABI-Windows-8.1-(64-bit).dat
2015-07-05 23:35 - 2015-07-05 23:35 - 00000000 ____D C:\RegBackup
2015-07-05 23:34 - 2015-07-05 23:34 - 02953798 _____ (Malwarebytes Corporation) C:\Users\Amy\Downloads\JRT.exe
2015-07-05 23:32 - 2015-07-05 23:32 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill.exe
2015-07-05 23:32 - 2015-07-05 23:32 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Amy\Downloads\rkill64.exe
2015-07-05 23:31 - 2015-07-05 23:31 - 02244096 _____ C:\Users\Amy\Downloads\AdwCleaner.exe
2015-07-05 23:27 - 2015-07-05 23:27 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (2).exe
2015-07-05 23:26 - 2015-07-05 23:26 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix (1).exe
2015-07-05 23:24 - 2015-07-12 15:54 - 02065363 _____ C:\windows\WindowsUpdate.log
2015-07-05 23:24 - 2015-07-05 23:25 - 05631375 _____ (Swearware) C:\Users\Amy\Downloads\ComboFix.exe
2015-07-05 21:53 - 2015-07-05 21:53 - 01705984 _____ (GamingOnSteroids) C:\Users\Amy\Desktop\Loader.exe
2015-07-05 21:53 - 2015-07-05 21:53 - 00000000 ____D C:\Users\Amy\AppData\Roaming\GamingOnSteroids
2015-07-05 21:48 - 2015-07-05 22:15 - 00000000 ____D C:\KVRT_Data
2015-07-05 21:46 - 2015-07-05 21:48 - 102934688 _____ (Kaspersky Lab ZAO) C:\Users\Amy\Downloads\KVRT.exe
2015-07-05 21:46 - 2015-07-05 21:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 21:38 - 2015-07-05 21:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-05 21:29 - 2015-07-05 21:29 - 00717656 _____ (Kaspersky Lab) C:\Users\Amy\Downloads\setup (1).exe
2015-07-05 21:29 - 2015-07-05 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-07-05 21:26 - 2015-07-05 21:26 - 04176437 _____ C:\Users\Amy\Downloads\tdsskiller.zip
2015-07-05 21:23 - 2015-07-05 21:41 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-07-05 21:18 - 2015-07-05 21:19 - 03080760 _____ (Blizzard Entertainment) C:\Users\Amy\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-07-03 20:01 - 2015-07-03 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 18:17 - 2015-07-12 12:44 - 00000000 ____D C:\AdwCleaner
2015-07-03 18:17 - 2015-07-03 18:17 - 02244096 _____ C:\Users\Amy\Downloads\adwcleaner_4.207.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2015-06-15 18:18 - 2015-06-15 18:18 - 00511078 _____ C:\Users\Amy\Downloads\bccalcet02_xl_0901.cdf
2015-06-13 21:33 - 2015-06-13 21:33 - 00822248 _____ (MurGee.com ) C:\Users\Amy\Downloads\setup.exe
2015-06-13 21:31 - 2015-06-13 21:31 - 00478760 _____ (Advanced Mouse Auto Clicker ltd. ) C:\Users\Amy\Downloads\FreeMouseAutoClicker.exe
2015-06-13 21:11 - 2015-06-13 21:11 - 00638976 _____ C:\Users\Amy\Downloads\Detection (1).msi
2015-06-13 21:10 - 2015-06-13 21:10 - 00638976 _____ C:\Users\Amy\Downloads\Detection.msi
2015-06-13 18:59 - 2015-06-13 18:59 - 00000000 ____D C:\ProgramData\BitRaider
2015-06-13 13:32 - 2015-07-05 21:33 - 00000000 ____D C:\Wooxy
2015-06-13 13:31 - 2015-06-13 13:31 - 07725313 _____ C:\Users\Amy\Downloads\WooxySetup.zip
2015-06-13 13:30 - 2015-06-13 13:30 - 01867023 _____ C:\Users\Amy\Downloads\sfmod - summonerfactory.net - 1.3.wxy
2015-06-13 13:18 - 2015-06-13 13:18 - 02186919 _____ C:\Users\Amy\Downloads\SummonerFactoryClient.zip
2015-06-13 12:56 - 2014-08-18 01:14 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts.20150613-125604.backup
2015-06-12 19:22 - 2015-06-12 19:22 - 00000000 ____D C:\Users\Amy\AppData\Local\Overwolf
2015-06-12 15:48 - 2015-06-12 15:48 - 00001806 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-12 15:48 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files\iTunes
2015-06-12 15:46 - 2015-06-12 15:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-06-12 15:46 - 2015-06-12 15:46 - 00000000 ____D C:\Program Files\iPod
2015-06-12 14:58 - 2015-06-12 14:58 - 03272136 _____ (Secunia) C:\Users\Amy\Downloads\PSISetup.exe
2015-06-12 14:58 - 2015-06-12 14:58 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-06-12 14:53 - 2015-06-12 14:53 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-06-12 14:52 - 2015-06-12 14:53 - 02097712 _____ C:\Users\Amy\Downloads\AppManagerSetup_2.0.exe
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\SysWOW64\NV
2015-06-12 14:43 - 2015-06-12 14:43 - 00000000 ____D C:\windows\system32\NV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 16:12 - 2014-04-30 15:44 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 16:01 - 2014-07-15 11:36 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-07-12 15:58 - 2014-04-23 20:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Skype
2015-07-12 15:52 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-12 15:38 - 2015-04-14 14:28 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job
2015-07-12 13:19 - 2014-10-17 18:55 - 00006464 _____ C:\windows\SysWOW64\Gms.log
2015-07-12 13:19 - 2014-04-23 17:54 - 00000000 ___DO C:\Users\Amy\SkyDrive
2015-07-12 13:17 - 2014-07-15 11:36 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 13:15 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-12 13:14 - 2014-04-03 04:47 - 00010752 _____ C:\windows\system32\VfService.trf
2015-07-12 13:10 - 2014-07-12 10:22 - 00000000 ____D C:\ProgramData\Symantec
2015-07-11 15:25 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-11 13:57 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-11 12:31 - 2014-05-26 15:15 - 00000000 ____D C:\Users\Amy\AppData\Roaming\TS3Client
2015-07-11 11:38 - 2015-04-14 14:28 - 00000858 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job
2015-07-11 09:44 - 2014-04-23 17:55 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358433092-2061095435-3189857472-1002
2015-07-10 21:57 - 2015-01-13 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-10 21:19 - 2014-05-09 16:11 - 00000000 ____D C:\Users\Amy\AppData\Roaming\BitTorrent
2015-07-10 13:41 - 2014-11-14 19:24 - 00000000 ____D C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KongHack
2015-07-10 13:41 - 2014-04-23 17:58 - 00000000 ____D C:\Users\Amy\AppData\Local\Deployment
2015-07-08 23:12 - 2014-04-30 15:44 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 23:01 - 2014-07-15 11:36 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 17:24 - 2015-03-18 17:39 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 17:24 - 2015-03-18 17:39 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 12:31 - 2014-12-29 16:05 - 00000000 ____D C:\Users\Amy\AppData\Local\Adobe
2015-07-06 00:16 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-07-06 00:09 - 2014-07-12 10:23 - 00058720 _____ (Symantec Corporation) C:\windows\system32\snacnp.dll
2015-07-05 23:57 - 2014-07-12 18:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-05 23:48 - 2014-09-07 14:54 - 00000000 ____D C:\Users\Amy\Desktop\Papers
2015-07-05 23:48 - 2014-05-22 10:26 - 00000000 ____D C:\Users\Amy\Desktop\Stuff
2015-07-05 23:48 - 2014-04-29 18:41 - 00000000 ____D C:\Users\Amy\Desktop\Games
2015-07-05 23:23 - 2014-05-28 22:20 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 23:22 - 2014-05-28 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 23:19 - 2014-04-23 18:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-05 21:53 - 2015-02-13 13:39 - 00000000 ____D C:\Users\Amy\AppData\Local\Battle.net
2015-07-05 21:47 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Guest
2015-07-05 21:46 - 2015-05-31 22:16 - 00000000 ____D C:\Users\Administrator
2015-07-05 21:19 - 2015-02-13 13:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-07-05 06:08 - 2014-04-24 10:25 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 19:34 - 2014-04-28 20:02 - 00000000 ____D C:\Users\Amy\AppData\Local\Force_Project_X
2015-06-23 22:32 - 2015-05-18 20:46 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-21 21:47 - 2015-04-28 20:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-18 08:42 - 2014-05-28 22:20 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-28 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 21:11 - 2014-05-27 12:34 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-06-13 21:03 - 2014-11-13 08:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-13 20:57 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-06-13 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-13 12:20 - 2015-02-17 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-06-13 12:19 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-13 12:15 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-13 12:08 - 2015-02-17 21:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-13 11:58 - 2014-09-12 11:31 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-06-13 11:37 - 2013-08-22 10:44 - 00497064 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-13 11:33 - 2015-04-16 15:08 - 00000000 ____D C:\windows\system32\appraiser
2015-06-13 11:33 - 2015-03-18 17:30 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-13 11:33 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-12 15:46 - 2014-09-13 11:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-12 15:46 - 2014-04-23 19:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-12 15:37 - 2015-02-26 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-06-12 15:20 - 2015-02-17 21:19 - 00000000 ____D C:\windows\SysWOW64\1033
2015-06-12 15:14 - 2013-10-07 14:29 - 00000000 ____D C:\Program Files\MSBuild
2015-06-12 15:02 - 2015-04-20 14:02 - 00000000 ____D C:\Program Files (x86)\Google Books Downloader
2015-06-12 15:01 - 2014-07-12 18:55 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2015-06-12 14:42 - 2014-04-03 04:17 - 00000000 ____D C:\ProgramData\NVIDIA
 
==================== Files in the root of some directories =======
 
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\58a82eb3-9706-461b-829b-901aa8e8ae8a.dat
2014-04-23 17:57 - 2014-04-23 17:57 - 0000694 _____ () C:\Users\Amy\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000278 _____ () C:\Users\Amy\AppData\Local\bcbe872f-bcfd-4092-b42b-fde17ba9353c.dat
2014-04-23 18:03 - 2014-04-23 18:03 - 0000230 _____ () C:\Users\Amy\AppData\Local\dd1476be-8a7f-4fa9-96b6-43f4d84c52c3.dat
2015-02-26 22:50 - 2015-05-15 20:34 - 0000273 _____ () C:\Users\Amy\AppData\Local\devcpp.cfg
2015-02-26 22:50 - 2015-05-15 20:34 - 0004515 _____ () C:\Users\Amy\AppData\Local\devcpp.ini
2014-07-14 20:03 - 2014-07-14 20:03 - 0000017 _____ () C:\Users\Amy\AppData\Local\resmon.resmoncfg
2014-05-24 21:19 - 2015-04-23 21:40 - 0000424 _____ () C:\Users\Amy\AppData\Local\UserProducts.xml
2014-04-03 04:25 - 2014-04-03 04:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-08 23:32
 
==================== End of log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Amy at 2015-07-12 16:12:34
Running from C:\Users\Amy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2358433092-2061095435-3189857472-500 - Administrator - Disabled)
Amy (S-1-5-21-2358433092-2061095435-3189857472-1002 - Administrator - Enabled) => C:\Users\Amy
Guest (S-1-5-21-2358433092-2061095435-3189857472-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backyard Baseball 2003 (HKLM-x32\...\Backyard Baseball 2003) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Shortcut Fixer (HKLM-x32\...\{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}) (Version: 1.2 - ConsumerSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Draw a Stickman: EPIC (HKLM-x32\...\Steam App 248650) (Version:  - Hitcents)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Bluetooth Mouse Z6000 (HKLM-x32\...\InstallShield_{CC9202D3-8CD8-4A2F-A345-69B1C577E9B7}) (Version: 1.03 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.28 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b7a9966b-b4d6-468e-9f50-ecf4ac2c6ce4}) (Version: 2.0.0.28 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
KH Ultra Trainer - 1  (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4f344c4511ef18b2) (Version: 0.1.0.64 - KongHack)
KH Ultra Trainer (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\4a13cfb01a135aa3) (Version: 0.1.0.46 - KongHack)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.3.7 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pangya (Ntreev USA) (HKLM-x32\...\Pangya) (Version:  - )
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7319 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.7.28.300918 - Linden Research, Inc.)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.12 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{EC23C932-CA24-4AEA-A7C4-285AF81BDD0A}) (Version: 6.1.5.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 + Expansions Uninstaller (HKLM-x32\...\The Sims™ 3 + Expansions Uninstaller) (Version: 1.0.0.14 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version:  - RedLynx, in collaboration with  Ubisoft Shanghai, Ubisoft Kiev)
Unity Web Player (HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinASO Registry Optimizer 4.8.6 (HKLM-x32\...\WinASO Registry Optimizer PreActivated_is1) (Version: 4.8.6 - X.M.Y International LLC)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2358433092-2061095435-3189857472-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
27-06-2015 12:52:25 Windows Update
06-07-2015 00:06:28 Installed Symantec Endpoint Protection.
10-07-2015 11:44:05 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-07-12 12:58 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04A7231F-B150-4E86-A9D1-D592C0655B41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {0FD133B6-40CB-4730-B9A4-A7C1B04297F1} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {12335939-2325-4210-ABBD-6B22E0A69298} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {1866DE08-5162-4FF6-9DB5-A732F6F8BDB8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1BFE8369-AEEB-4DFF-8F76-0F32D3003D1E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3DD4374F-5630-4B6D-BD18-26926ECD5F14} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {412B151E-434E-4864-9365-E49B24EB7F9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {5D2E7E50-0505-46C0-8DAC-9C45DC1B1F12} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5F37F952-F4C7-457C-AA01-49177BE6F541} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {66D55DBD-6CBF-41C4-807D-649E04351DF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {6BEAA1CB-1C9F-46EA-9F0F-A8B55625CB3C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {7C2404A2-6923-4A90-9B7B-89280539EC24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {80F594AF-C4E6-45A3-B960-A181B3583A33} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8912A4F4-AFDA-4085-8D6C-33C02E345F89} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8FCB59EE-C3CA-43EB-ADC3-3CBC7E16967F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.)
Task: {95172305-FD4D-4629-8B9F-F6B52528CCE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {AD753E9A-8369-424B-9A81-2F7652065F0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B436F487-E3BD-4746-8241-E36131FB96AF} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-10-25] ()
Task: {C064A030-0192-491A-BE7E-5520D7A4145B} - System32\Tasks\{A179935A-F554-4CEF-BB43-5AFD5756BA0A} => pcalua.exe -a "C:\Users\Amy\AppData\Local\BeAnywhere Support Express\Console\uninstall.exe"
Task: {D0C1BCFA-E92F-49EF-8370-08B5C1E815E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EF4DCE0B-76E3-46F2-ABC6-271EB538B84E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-03-06] (Maxthon International ltd.)
Task: {F8FA1C0F-AB00-4AE5-B380-1B64D2097BE9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {FBBFE3C9-6514-40E9-AA80-F6E1230982C9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-17] (Synaptics Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002Core.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2358433092-2061095435-3189857472-1002UA.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-03 04:16 - 2015-05-28 03:04 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-03 04:17 - 2015-05-28 00:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-20 15:44 - 2011-02-28 18:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll
2014-04-03 04:43 - 2012-04-24 22:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-03 04:47 - 2014-04-03 04:47 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-04-03 04:47 - 2014-04-03 04:47 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-03 04:31 - 2013-10-25 05:23 - 00053248 _____ () C:\windows\SysWOW64\UMonit64.exe
2015-05-04 15:25 - 2015-05-04 15:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-07-12 15:54 - 2015-03-10 05:15 - 03920896 ____R () C:\SG Interactive\Pangya\update.cln
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 19:21 - 2015-05-22 21:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-03 16:48 - 2014-04-03 16:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-10 11:18 - 2015-05-28 03:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-08 23:01 - 2015-07-06 23:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Amy\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91158726.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7868 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Amy\Desktop\Games\10662161_10152881997247573_9191760896245893973_o.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link.lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\StartupFolder: => "Download The Sims 4 Get to Work-RELOADED For PC Direct Link (1).lnk"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax_RESTART"
HKU\S-1-5-21-2358433092-2061095435-3189857472-1002\...\StartupApproved\Run: => "DriverMax"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D4677FE9-F923-49D3-A3FA-20613049108E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9F81D054-C5E1-454B-90E7-F92BFA47F1DE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{79FB44F9-60CA-455D-A233-7276932B3B66}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{F01405F1-6F76-46F0-8816-0ADD7CC990D7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{266E0531-5476-4FCD-BF3D-66620B767F5F}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C99F6E10-E091-4542-BA31-2973B6D3D8AD}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{029BDBE7-29E0-4425-9D83-1776AFFF1E0C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{56FC4E64-1CF1-419E-A5CE-D812D64C8543}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{575F1D4C-9736-444F-846B-F6249C5BCADB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DEE2D58E-55A1-461D-BB3C-91D83A6701E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FA9B0A89-0312-4CBE-A16A-DEFA5CD3BDA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5BA66EED-9AF9-4536-9377-681DB6423B63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3717C9A8-74B0-4F7E-8C8E-0B0B57770C19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62B27B86-A3E0-458A-BB3E-1AFF99E62E5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEB88F2F-4298-4CF5-A514-C258DB55C88A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD230377-15EA-4C12-873F-96CEFE1FDF74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{BE5CCC6C-EA4D-4FB3-B65B-885CA2AD0E6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{3D656F1B-5BC6-4F6B-8313-5C53B5FA1201}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DB74A36F-873F-46E6-B081-35C3262C185D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [TCP Query User{90FA4542-487D-4537-821B-41A870A8F355}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52F3D906-C7B9-463A-89A2-1DBCFBC77F84}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{024BE309-B9C7-45F4-A2DD-CA902F33399B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A77FD11-D850-48AD-B3CB-23C219B7809E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{43F6CA77-255C-4BF0-ADC0-365720D65654}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F8FFE96A-B65C-481A-AD94-C4818DA5DCE4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D9FCD74F-F89B-4767-9524-707B715D1ABB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{62027D37-D4A1-4F1E-9F7B-3995BA2BF660}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F3AC2C44-38E8-429C-B9E2-2AF49F4B49BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF55470D-A488-4FAA-ADE4-B768BB2A1E87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B171651F-9D07-4402-BBD9-5820E525C9D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{D608111E-93F1-4902-A7C4-877489702222}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DrawAStickmanEpic\DrawAStickman.Steam.exe
FirewallRules: [{C202C5AC-9508-4DF2-A1FA-3CF5001409F7}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{414C8EEA-9902-4E80-AB39-C1C9363CF7BD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1D3BEDDF-73E0-41DD-ABA9-750823060F91}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{5EAC2EA0-215E-4A1F-896F-C28602A83BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{FE8F8F0A-78DA-459B-9494-519E298F2F1D}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{008CDA3E-F597-4F7F-969D-C68DB98C7394}C:\users\amy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\amy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DFE42CD9-FE7D-4878-8A3C-353807C6FA0A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4882DD8B-45B2-4D50-8D2E-569ACFB4E812}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DAE4C8D4-E364-4386-A73F-899CF225C7AC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CCC1F85F-D083-4D0E-A540-E97BE38E4FD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{6B9C3897-9624-4818-AFBB-F89BA5917CBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{74962AFC-0365-48D4-B96B-7CB818DF5188}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [{3C262D8F-1BB7-44E1-B526-D1D230BACC45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2014\fm.exe
FirewallRules: [TCP Query User{8E73CCE6-2803-4259-8378-BD94A49CAEFA}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11705B98-E823-48FE-BE93-06F9275B833B}C:\users\amy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{50C527BC-1828-4723-88AF-D3E4ECBE56F0}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EADAAC2F-0CDD-4AEB-9B39-E2AD0A77DF55}] => (Block) C:\users\amy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{81E12C30-55CB-40FE-9A8C-66D1747A7F9E}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{6EB3F19A-079B-4C06-AC39-61270C318BA9}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{68F71991-F8AF-4532-A011-DD196F5BF832}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{83EB1959-CFC8-4127-B468-745FEBEB1668}] => (Block) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [{5FD2DF4B-1CE7-463F-9E65-EC351297AED1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D80433E8-1873-4568-BF28-52F80EF0C43F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3F7BE168-DEDB-4C75-A024-E6579A07F81B}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{C01596B2-BE87-4219-B274-A3610D1933E9}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{73543D94-A01F-4FAF-9995-D07952FC08DD}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{A70DADB1-199A-434C-8653-095EA3B487E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{812EFAD5-AFE4-4B58-B090-2645E9A24D1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{417D2ADF-4103-4C26-ADE8-5B5235607070}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6C9765D0-792C-4FF7-BCCB-EC96EE762D35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{C4AE856B-7C7B-447C-A8F4-3DAA89662CAC}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{585E1375-2093-43EC-9913-3B09FBA0BB32}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [{81BBD822-02E7-4BB0-9AD3-8B9BA69FC649}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D545C654-8C3A-4625-A8C8-24633678B9FF}C:\users\amy\desktop\stuff\u1404.exe] => (Allow) C:\users\amy\desktop\stuff\u1404.exe
FirewallRules: [UDP Query User{23706A25-8EDA-4BA5-819F-7DEB32D8A1F9}C:\users\amy\desktop\stuff\u1404.exe] => (Allow) C:\users\amy\desktop\stuff\u1404.exe
FirewallRules: [{74E9E080-9D45-480F-8B7C-AE2404A61B79}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5D764D10-FCAF-4102-9FCD-0BCC741256B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{48FAD2FE-0662-4230-A756-E91DF4D1B2D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F1E41672-13B1-4550-9DCA-C1374605B1B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{46E1C4E5-0CD4-4833-A298-D7E4EBA7A5CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{541D89ED-9738-4D54-9448-3092DBBC3186}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{1D15657F-7BA6-4270-9346-124109A5DB79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{0CC28346-5101-4AD1-BEAC-D08D21871B12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{82CBA9CB-4F59-4587-9110-372282A53A71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDBF67F8-EF73-4F7B-AD50-83E334181E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{76CF9A0A-5967-4615-869F-1EDC90A6E4DE}C:\users\amy\desktop\stuff\u1405.exe] => (Allow) C:\users\amy\desktop\stuff\u1405.exe
FirewallRules: [UDP Query User{9A1686C7-FBDD-4009-A638-A2DA2E6DDC67}C:\users\amy\desktop\stuff\u1405.exe] => (Allow) C:\users\amy\desktop\stuff\u1405.exe
FirewallRules: [{7156BA7E-AF03-4CB5-A9C2-81998D56D8BF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3055E582-D9D6-4C26-9358-0408CD6E4858}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{F2C0B6D7-0920-48AE-A8A5-D0B7A74196CA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B8DA83F9-EFB9-4AF4-BEF7-606F8A28C8C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4CE756BB-8A0E-442E-B04E-F10995C6B74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{1CFBFFDB-F8BA-48EE-8517-CCFC23796448}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7A266F46-7372-43FE-A4E3-3044004FA746}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4FD90289-7B53-4631-B0D4-6525C04E536E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{E3B02298-202B-4941-B6BB-88A2CB03B011}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{94111983-77EE-46B6-86C2-481A5C68857A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{7F232676-6DB9-4C85-A46C-6B6FAA0242B5}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{DD96E376-DB78-4086-AB8A-BAE677F9AA34}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{8B7D9B34-DC6A-4944-861E-C99E18D5A646}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{653A05D1-20F1-4122-9B13-F43C7AC3D143}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{05676E01-805B-46F4-8C7D-22D0389EDDF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [TCP Query User{757ACDF3-CD9D-4D98-B238-8C1D14E071F8}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [UDP Query User{0619F7DE-1CCB-4239-9EBA-F0DA32152075}C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe] => (Allow) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{DB897090-11C2-4C8B-98FE-441FE516A0FB}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{46F8C5EA-06C6-4E94-B562-6E8598084B58}] => (Block) C:\users\amy\appdata\local\apps\2.0\wy3h2ayn.p2m\jt6dz12k.3g8\kong..tion_0000000000000000_0000.0001_ad4afaad19afb7da\konghacktrainer.exe
FirewallRules: [{4A5F30EB-C35C-4918-9E09-EB32ADB07585}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{7F994B3C-F2E1-4966-A710-A36F41A25A06}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{9FD558D5-E66A-4FA6-AC5D-3C307F8E681B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{83042DDB-2090-4C18-963B-60413C39E53E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{70BF6D00-AA41-4AC6-B2CE-9D17414BB240}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multifunction Device
Description: Multifunction Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/12/2015 01:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: autorunsc.exe, version: 13.40.0.0, time stamp: 0x55622914
Faulting module name: autorunsc.exe, version: 13.40.0.0, time stamp: 0x55622914
Exception code: 0xc0000005
Fault offset: 0x000039a0
Faulting process id: 0xf9c
Faulting application start time: 0xautorunsc.exe0
Faulting application path: autorunsc.exe1
Faulting module path: autorunsc.exe2
Report Id: autorunsc.exe3
Faulting package full name: autorunsc.exe4
Faulting package-relative application ID: autorunsc.exe5
 
Error: (07/12/2015 12:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xd98
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5
 
Error: (07/12/2015 12:58:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (07/12/2015 12:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/12/2015 03:48:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: microsoft.windowscommunicationsapps.
 
Error: (07/12/2015 03:47:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: E046963F.LenovoCompanion.
 
Error: (07/12/2015 03:47:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.WindowsScan.
 
Error: (07/12/2015 03:47:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: eBayInc.eBay.
 
Error: (07/12/2015 03:47:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingFoodAndDrink.
 
Error: (07/12/2015 03:47:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Reader.
 
Error: (07/12/2015 03:47:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingMaps.
 
Error: (07/12/2015 03:47:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingNews.
 
Error: (07/12/2015 03:47:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingTravel.
 
Error: (07/12/2015 03:47:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneMusic.
 
 
Microsoft Office:
=========================
Error: (07/12/2015 01:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: autorunsc.exe13.40.0.055622914autorunsc.exe13.40.0.055622914c0000005000039a0f9c01d0bcc5d5dcf96cC:\Users\Amy\AppData\Local\Temp\autorun\autorunsc.exeC:\Users\Amy\AppData\Local\Temp\autorun\autorunsc.exe5470ba56-28b9-11e5-82a5-00c2c66071b0
 
Error: (07/12/2015 12:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9cd9801d0bcc3d73f2bbeC:\Users\Amy\AppData\Local\Temp\DaS_21.exeC:\windows\system32\KERNELBASE.dll2800a7d3-28b7-11e5-82a5-00c2c66071b0
 
Error: (07/12/2015 12:58:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (07/12/2015 12:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Amy\Desktop\bleeping\esetsmartinstaller_enu.exe
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7109
 
Error: (07/12/2015 03:30:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3125
 
Error: (07/12/2015 03:30:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-05 23:46:38.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:46:37.939
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:37:46.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 23:37:46.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:57:30.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:57:30.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:36.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:36.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:35.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-05 21:47:35.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8104.27 MB
Available physical RAM: 4652.69 MB
Total Virtual: 11560.27 MB
Available Virtual: 7621.6 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:891.66 GB) (Free:491.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20F92F22)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 12 July 2015 - 05:12 PM

Hi Amy, I would like you to do this.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Right click on the icon and select Run as Administrator (Windows XP simply double click)
  • Click Accept twice
  • Click on Change parameters
  • Make sure the following items are checked:

System memory
Services and drivers
Boot sectors
Loaded Modules
Detect TDLFS file system
Use KSN to scan objects

  • If you are asked to reboot because an Extended Monitoring Driver is required please click Reboot now
  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue
  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 skyferlfc

skyferlfc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 15 July 2015 - 11:29 AM

I still heard another ad while I was playing a game on my PC last night, this is frustrating haha. 

I attached the TDSSKiller log zip. 

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:48 PM

Posted 15 July 2015 - 12:36 PM

Hi Amy,

Please boot into Safe Mode with Networking and let me know if you still hear the ads.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users