Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - MAX Driver Updater,SpringFiles,PCSUNotifier.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 Sneak1

Sneak1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 05 August 2016 - 06:01 PM

Hello I think I might have downloaded a virus or malware.I tried looking for The Last of Us Artbook but when I downloaded it an Last_Of_Us_Art_Book_downloader.exe file appeared.I opened it and it installed a bunch of weird stuff.
 
maxdu.exe MAX Driver Updater,
PCSUNotifier.exe , 
SrpnFiles.exe 
and a couple other stuff I don't remember.
 
I managed to uninstall all of these and they are no longer in my programs.I also ran microsoft security essentials and malwarebytes and removed everything it found.I did a full scan on microsfot security esentials.It took hours.I had to restart my pc afterwards.When I logged back it was pretty slow to log back up and everything was black then the bottom right corner said that my windows 7 version was not genuine.Microsoft security essentials opened up and said there are was more malware that it had to remove then to restart.I restarted again and the same thing windows not genuine on the bottom.I did another malwarebytes scan and quick securty essentials scan and found more stuff.I removed everything and malwarebytes restarted my pc again.This time the windows not genuine sign is not there anymore but the backscreen is still black but my icons are still there like before.
 
On all the times I restarted I noticed that the programs the malware (Last_of_Us_Art_Book) installed are no longer on my programs file but they are still in the Notifications Area Icons.
 
SrpnFiles.exe
SpringFiles
 
maxdu.exe 
MAX Driver Updater
 
Last_of_Us_Art_Book_downloader.exe
 
PCSUNotifier.exe 
 
 
 
Also I have installed CPUID-CPU-Z from a year ago which tells you how much ram and cpu your pc is using and my pc seems to be running up alot of ram memory as it's in the 90%-100% even though I'm not running any programs.
 
 
I am also using Torch browser which is like Chrome.When I click on something sometimes it opens a tab to another website.It sometimes opens the tab where it gives me a warning and I can't close the tab and have to use task manager to close the the whole browser.This never happened before.Not on this browser.Internet explorer also takes me to another site when I open it it goes to safesurfs dot net and not yahoo dot com the default website.
 
I hope I get a response soon.I can take screenshots of my problems if this will help getting my pc back to normal.Thank you
 
 
 

I scanned malware again right now and there are still stuff there :(

Where is all the malware coming from and what happened to my wallpaper?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Snake (administrator) on SNAKE-HP (05-08-2016 14:08:24)
Running from C:\Users\Snake\Downloads
Loaded Profiles: Snake &  (Available Profiles: Snake & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Facebook) C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
() C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe.old
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Update\47.0.0.11490\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-23] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [912920 2016-03-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\MountPoints2: {f8e7866c-6103-11e1-a776-e4d53dfaede1} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [912920 2016-03-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f8e7866c-6103-11e1-a776-e4d53dfaede1} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Snake\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f8e7866c-6103-11e1-a776-e4d53dfaede1} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => No File
AppInit_DLLs:  C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2016-08-05]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk [2012-11-01]
ShortcutTarget: Warner Bros.lnk -> C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{BFA964B6-2E1F-4FA8-ABBC-6928E908DC99}: [DhcpNameServer] 192.168.1.254
ManualProxies: 
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fyahoo.com%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26form%3DHPNTDF%26pc%3DHPNTDF%26src%3DIE%2DSearchBox
URLSearchHook: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Default = {a8dbeac4-5f57-c394-05ad-43727e71ad63}
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {37125B05-0A87-4FD9-A895-A79BBCA836DC} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {37125B05-0A87-4FD9-A895-A79BBCA836DC} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {5A90DAFE-FD65-4F19-A227-0B58B27E3D00} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3189766933-2127989679-3616620298-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-17] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2012-09-12] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Snake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002: facebook.com/fbDesktopPlugin -> C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Snake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: facebook.com/fbDesktopPlugin -> C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3189766933-2127989679-3616620298-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_keyd5_14_24&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0F0A0E0D0EtCyD0A0DyCtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1J1P2U1QyD1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StBtAtB0D0A0FyEzytGtCtCtB0DtGtD0EtC0FtGzz0AtB0DtGyB0EtB0DtA0F0FyByC0EyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyCyD0D0DyB0DtBtGzz0EtByCtGyEtC0A0BtG0A0CtByBtGyByCyBzzyEtA0EzyyC0EyB0A2Q&cr=381745214&ir=
CHR DefaultSearchKeyword: Default -> groovorio.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-14]
CHR Extension: (RealDownloader) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
CHR Extension: (Adblock Pro) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-07-14]
CHR HKLM-x32\...\Chrome\Extension: [aaaanjlbkhaoadnkjckhenilndeeanfb] - C:\Users\Snake\AppData\Local\APN\GoogleCRXs\aaaanjlbkhaoadnkjckhenilndeeanfb_7.15.4.0.crx [2012-10-05]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-05] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S1 awjltroy; \??\C:\Windows\system32\drivers\awjltroy.sys [X]
S1 badweaph; \??\C:\Windows\system32\drivers\badweaph.sys [X]
S1 bwzzjnst; \??\C:\Windows\system32\drivers\bwzzjnst.sys [X]
S1 etkkfkkr; \??\C:\Windows\system32\drivers\etkkfkkr.sys [X]
S1 evmifotl; \??\C:\Windows\system32\drivers\evmifotl.sys [X]
S1 fcwzlanm; \??\C:\Windows\system32\drivers\fcwzlanm.sys [X]
S3 GPU-Z; \??\C:\Users\Snake\AppData\Local\Temp\GPU-Z.sys [X]
S1 gtmbxxlg; \??\C:\Windows\system32\drivers\gtmbxxlg.sys [X]
S1 ifokjsqg; \??\C:\Windows\system32\drivers\ifokjsqg.sys [X]
S1 jegfrxrk; \??\C:\Windows\system32\drivers\jegfrxrk.sys [X]
S1 jnlkkqrs; \??\C:\Windows\system32\drivers\jnlkkqrs.sys [X]
S1 jsdpjorw; \??\C:\Windows\system32\drivers\jsdpjorw.sys [X]
S1 jvgbctbr; \??\C:\Windows\system32\drivers\jvgbctbr.sys [X]
S1 krypjeri; \??\C:\Windows\system32\drivers\krypjeri.sys [X]
S1 kyufoggq; \??\C:\Windows\system32\drivers\kyufoggq.sys [X]
S1 kzntosvb; \??\C:\Windows\system32\drivers\kzntosvb.sys [X]
S1 ldxjjnrn; \??\C:\Windows\system32\drivers\ldxjjnrn.sys [X]
S1 lwkmtqtg; \??\C:\Windows\system32\drivers\lwkmtqtg.sys [X]
S1 onqnqxgs; \??\C:\Windows\system32\drivers\onqnqxgs.sys [X]
S1 ooyuuxfc; \??\C:\Windows\system32\drivers\ooyuuxfc.sys [X]
S1 osydqwgz; \??\C:\Windows\system32\drivers\osydqwgz.sys [X]
S1 ovmofevf; \??\C:\Windows\system32\drivers\ovmofevf.sys [X]
S1 qgixafuk; \??\C:\Windows\system32\drivers\qgixafuk.sys [X]
S1 qkqwqjsi; \??\C:\Windows\system32\drivers\qkqwqjsi.sys [X]
S1 uzcnhstf; \??\C:\Windows\system32\drivers\uzcnhstf.sys [X]
S1 vthntmsh; \??\C:\Windows\system32\drivers\vthntmsh.sys [X]
S1 whevsgxr; \??\C:\Windows\system32\drivers\whevsgxr.sys [X]
S1 zgvxbvsl; \??\C:\Windows\system32\drivers\zgvxbvsl.sys [X]
S1 zlfkxnlc; \??\C:\Windows\system32\drivers\zlfkxnlc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-05 14:08 - 2016-08-05 14:11 - 00043998 _____ C:\Users\Snake\Downloads\FRST.txt
2016-08-05 14:07 - 2016-08-05 14:08 - 00000000 ____D C:\FRST
2016-08-05 14:05 - 2016-08-05 14:06 - 02393600 _____ (Farbar) C:\Users\Snake\Downloads\FRST64.exe
2016-08-05 11:08 - 2016-08-05 11:22 - 57664640 _____ C:\Users\Snake\Downloads\Pyramids of China - ROBERT SEPEHR[via torchbrowser.com].mp4
2016-08-05 11:03 - 2016-08-05 11:27 - 145243760 _____ C:\Users\Snake\Downloads\Other Americans- Ancient Life in Modern Guatemala.mp4
2016-08-05 11:02 - 2016-08-05 11:03 - 09748498 _____ C:\Users\Snake\Downloads\Any Suggestions-[via torchbrowser.com].mp4
2016-08-05 11:00 - 2016-08-05 11:06 - 71390259 _____ C:\Users\Snake\Downloads\Mysterious Cloud People of Peru[via torchbrowser.com].mp4
2016-08-05 10:57 - 2016-08-05 10:58 - 16109417 _____ C:\Users\Snake\Downloads\Who Owns (ISIS,DAESH and the ISLAMIC STATE) STATE OF ISRAEL.mp4
2016-08-05 10:56 - 2016-08-05 10:56 - 08236599 _____ C:\Users\Snake\Downloads\RÉPONSE SCIENTIFIQUE AUXNIENT LA RACE NORD AFRICAINE.mp4
2016-08-05 10:55 - 2016-08-05 10:55 - 05423853 _____ C:\Users\Snake\Downloads\explains the Origin of the Nile Valley.mp4
2016-08-05 10:49 - 2016-08-05 10:50 - 09318095 _____ C:\Users\Snake\Downloads\Ancient Egyptian Women PREGNANCY TESTS !.mp4
2016-08-05 10:47 - 2016-08-05 10:48 - 10255592 _____ C:\Users\Snake\Downloads\D(DA FAIL ROW) KING TUT -.mp4
2016-08-05 09:35 - 2016-08-05 09:35 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSnake
2016-08-05 09:35 - 2016-08-05 09:35 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSnake.job
2016-08-05 09:16 - 2016-08-05 09:16 - 00000000 ____D C:\Users\Snake\AppData\LocalLow\AskToolbar
2016-08-05 06:40 - 2016-08-05 06:40 - 00000000 ____D C:\Windows\system32\kotp
2016-08-04 11:28 - 2016-08-05 06:37 - 00000000 ____D C:\Users\Snake\AppData\LocalLow\Company
2016-08-04 11:27 - 2016-08-04 11:27 - 00000000 ____D C:\uninst
2016-08-04 11:26 - 2016-08-05 06:41 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Lolfuumvap
2016-08-04 11:25 - 2016-08-05 06:37 - 00000000 ____D C:\Program Files\XomruvbeUn
2016-08-04 11:25 - 2016-08-04 11:26 - 00000000 ____D C:\Users\Snake\AppData\Local\Tempfolder
2016-08-04 04:52 - 2016-08-04 11:08 - 00000000 ____D C:\Program Files\Caster
2016-08-04 04:50 - 2016-08-04 04:42 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-04 04:21 - 2016-08-04 11:16 - 00000000 ____D C:\Users\Snake\Downloads\The Last of Us_American Dreams
2016-08-04 02:44 - 2016-08-04 02:46 - 44739343 _____ C:\Users\Snake\Downloads\Isis[via torchbrowser.com].mp4
2016-08-04 02:42 - 2016-08-04 02:43 - 30211154 _____ C:\Users\Snake\Downloads\Protesters Hilarious[via torchbrowser.com].mp4
2016-08-04 00:41 - 2016-08-04 00:49 - 95897784 _____ C:\Users\Snake\Downloads\Fantasies Finished [via torchbrowser.com].mp4
2016-08-03 23:24 - 2016-08-03 23:24 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-03 23:24 - 2016-08-03 23:24 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-01 09:47 - 2016-08-01 09:47 - 00787733 _____ C:\Users\Snake\Downloads\Bolnick et al in press(1).pdf
2016-07-31 20:24 - 2016-07-31 20:25 - 00173588 _____ C:\Users\Snake\Downloads\The Presumed Alliance.pdf
2016-07-30 18:06 - 2016-07-30 18:06 - 09583282 _____ C:\Users\Snake\Downloads\jason colavito[via torchbrowser.com] (7).mp4
2016-07-30 13:12 - 2016-07-30 14:00 - 01169957 _____ C:\Users\Snake\Downloads\2008_hateCrimeReport.pdf
2016-07-30 10:32 - 2016-07-30 10:32 - 00082829 _____ C:\Users\Snake\Downloads\Izsumo.jpeg
2016-07-30 09:55 - 2016-07-30 09:59 - 00066814 _____ C:\Users\Snake\Downloads\2011-04-21-09-34-56-2-konishiki-yasokichi-who-was-born-in-1963-is-the.jpeg
2016-07-29 19:49 - 2016-07-29 19:49 - 00035359 _____ C:\Users\Snake\Downloads\E939.tmp
2016-07-29 00:24 - 2016-07-29 00:25 - 30577925 _____ C:\Users\Snake\Downloads\drive-download-20160729T072403Z.zip
2016-07-28 00:24 - 2016-07-28 00:27 - 02959112 _____ C:\Users\Snake\Downloads\mt09_recurringissues.pdf
2016-07-26 13:27 - 2016-07-26 13:27 - 00052688 _____ C:\Users\Snake\Downloads\2383.tmp
2016-07-25 19:35 - 2016-07-25 19:35 - 02487288 _____ C:\Users\Snake\Downloads\Valverde_etal_journal.pone.0155508.PDF
2016-07-23 03:05 - 2016-07-23 03:05 - 00000000 ____D C:\Windows\EOONotify
2016-07-22 20:36 - 2016-07-22 20:36 - 00045003 _____ C:\Users\Snake\Documents\Cagngnpturegnf image-22-07-16-08-27.jpeg
2016-07-22 20:34 - 2016-07-22 20:35 - 00044392 _____ C:\Users\Snake\Documents\Cagngnpturegnf image-22-07-16-08-27-1.jpeg
2016-07-20 20:21 - 2016-07-20 20:21 - 00000000 ____D C:\Users\Snake\AppData\Local\{20001237-940B-4AF1-9106-F37AB5E1C83A}
2016-07-19 08:01 - 2016-07-19 08:02 - 05434522 _____ C:\Users\Snake\Downloads\culry hair and staight.mp4
2016-07-18 20:04 - 2016-07-18 20:06 - 00817906 _____ C:\Users\Snake\Downloads\Western Eurasian ancestry in modern Siberians based on mitogenomic data Derenko et al. BMC Evolutionary Biology 2014.pdf
2016-07-17 21:37 - 2016-07-17 21:39 - 37736982 _____ C:\Users\Snake\Downloads\Backstage with Bruno- [via torchbrowser.com].mp4
2016-07-17 15:06 - 2016-07-17 15:08 - 27892246 _____ C:\Users\Snake\Downloads\My Families Village [Pt.2] (Mam Mayan).mp4
2016-07-17 14:59 - 2016-07-17 15:04 - 44728653 _____ C:\Users\Snake\Downloads\Native American-American Indian Tag (Mayan).mp4
2016-07-16 16:50 - 2016-07-16 16:55 - 87701972 _____ C:\Users\Snake\Downloads\The Egyptian Conquest [via torchbrowser.com].mp4
2016-07-16 10:15 - 2016-07-16 10:16 - 12498143 _____ C:\Users\Snake\Downloads\THE REAL ANCIENT AND MODERN EGYPTIANS.mp4
2016-07-16 10:03 - 2016-07-16 10:05 - 11595897 _____ C:\Users\Snake\Downloads\SUMERIANS !.mp4
2016-07-16 09:59 - 2016-07-16 10:12 - 314164481 _____ C:\Users\Snake\Downloads\Cousins Across The Sea Part One[via torchbrowser.com].mp4
2016-07-16 09:18 - 2016-07-16 09:45 - 645804175 _____ C:\Users\Snake\Downloads\Cousins Across The Sea- The Director's Cut[via torchbrowser.com].mp4
2016-07-16 07:12 - 2016-07-16 07:24 - 235981871 _____ C:\Users\Snake\Downloads\New Zealand Skeletons in the Cupboard Episode 1. 
[via torchbrowser.com].mp4
2016-07-16 06:27 - 2016-07-16 06:44 - 228667824 _____ C:\Users\Snake\Downloads\Blonde Mummies of the South Pacific - ROBERT SEPEHR[via torchbrowser.com].mp4
2016-07-16 02:51 - 2016-07-16 02:53 - 44989726 _____ C:\Users\Snake\Downloads\ROBERT SEPEHR - Ancient Ethiopia[via torchbrowser.com].mp4
2016-07-16 02:45 - 2016-07-16 02:49 - 82416386 _____ C:\Users\Snake\Downloads\Rh- Negative Blood and Antediluvian Civilizations[via torchbrowser.com].mp4
2016-07-16 02:44 - 2016-07-16 02:45 - 25408745 _____ C:\Users\Snake\Downloads\Patagonian Giants[via torchbrowser.com].mp4
2016-07-16 02:22 - 2016-07-16 02:24 - 34958981 _____ C:\Users\Snake\Downloads\Occult Theories gins[via torchbrowser.com].mp4
2016-07-16 02:21 - 2016-07-16 02:22 - 17678753 _____ C:\Users\Snake\Downloads\Debunking the Aryan Race   Ancient Indians were NOT white   Aryan Race HOAX[via torchbrowser.com].mp4
2016-07-16 02:13 - 2016-07-16 02:16 - 89411103 _____ C:\Users\Snake\Downloads\RIP Jen.[via torchbrowser.com].mp4
2016-07-16 02:10 - 2016-07-16 02:12 - 51593080 _____ C:\Users\Snake\Downloads\the answer is [via torchbrowser.com].mp4
2016-07-16 02:05 - 2016-07-16 02:10 - 126716043 _____ C:\Users\Snake\Downloads\Continuity.mp4
2016-07-16 02:00 - 2016-07-16 02:00 - 21711496 _____ C:\Users\Snake\Downloads\Old Kingdom & New Kingdom artwork! ;).mp4
2016-07-16 01:46 - 2016-07-16 01:48 - 45818697 _____ C:\Users\Snake\Downloads\JEMRY SHENOUDA.mp4
2016-07-16 01:15 - 2016-07-16 01:17 - 00698372 _____ C:\Users\Snake\Downloads\nature11128.pdf
2016-07-16 01:08 - 2016-07-16 01:12 - 110426821 _____ C:\Users\Snake\Downloads\jemry shenouda.mp4
2016-07-15 15:41 - 2016-07-15 15:41 - 01384586 _____ C:\Users\Snake\Downloads\ants.mp4
2016-07-15 13:03 - 2016-07-15 13:04 - 00872331 _____ C:\Users\Snake\Downloads\000024507 botocudos autosomal.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01682473 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160604-2549-14hm9bl.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01574058 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160519-22129-15amh3.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01573062 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160325-19819-t7gxrw.pdf
2016-07-14 12:57 - 2016-07-14 13:20 - 328313479 _____ C:\Users\Snake\Downloads\Egyptian[via torchbrowser.com].mp4
2016-07-14 04:16 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 04:16 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 04:16 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 04:16 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 04:16 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 04:16 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 04:15 - 2016-06-10 23:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 04:15 - 2016-06-10 21:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 04:15 - 2016-06-10 14:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 04:15 - 2016-06-10 14:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 04:15 - 2016-06-10 14:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 04:15 - 2016-06-10 14:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 04:15 - 2016-06-10 14:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 04:15 - 2016-06-10 14:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 04:15 - 2016-06-10 14:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 04:15 - 2016-06-10 14:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 04:15 - 2016-06-10 14:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 04:15 - 2016-06-10 14:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 04:15 - 2016-06-10 14:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 04:15 - 2016-06-10 14:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 04:15 - 2016-06-10 14:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 04:15 - 2016-06-10 14:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 04:15 - 2016-06-10 14:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 04:15 - 2016-06-10 13:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 04:15 - 2016-06-10 13:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 04:15 - 2016-06-10 13:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 04:15 - 2016-06-10 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 04:15 - 2016-06-10 13:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 04:15 - 2016-06-10 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 04:15 - 2016-06-10 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 04:15 - 2016-06-10 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 04:15 - 2016-06-10 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 04:15 - 2016-06-10 13:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 04:15 - 2016-06-10 13:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 04:15 - 2016-06-10 13:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 04:15 - 2016-06-10 13:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 04:15 - 2016-06-10 13:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 04:15 - 2016-06-10 12:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 04:15 - 2016-06-10 12:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 04:15 - 2016-06-10 12:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 04:15 - 2016-06-10 12:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 04:15 - 2016-06-10 12:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 04:15 - 2016-06-10 11:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 04:15 - 2016-06-10 11:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 04:15 - 2016-06-10 11:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 04:15 - 2016-06-10 11:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 04:15 - 2016-06-10 11:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 04:15 - 2016-06-10 11:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 04:15 - 2016-06-10 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 04:15 - 2016-06-10 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 04:15 - 2016-06-10 11:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 04:15 - 2016-06-10 11:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 04:15 - 2016-06-10 11:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 04:15 - 2016-06-10 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 04:15 - 2016-06-10 11:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 04:15 - 2016-06-10 11:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 04:15 - 2016-06-10 11:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 04:15 - 2016-06-10 11:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 04:15 - 2016-06-10 11:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 04:15 - 2016-06-10 11:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 04:15 - 2016-06-10 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 04:15 - 2016-06-10 11:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 04:15 - 2016-06-10 11:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 04:15 - 2016-06-10 11:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 04:15 - 2016-06-10 10:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 04:15 - 2016-06-10 10:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 04:15 - 2016-06-10 10:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 04:15 - 2016-06-10 10:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 04:14 - 2016-06-10 14:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 04:12 - 2016-06-25 17:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 04:12 - 2016-06-25 17:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 04:12 - 2016-06-22 06:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 04:12 - 2016-06-14 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 02:51 - 2016-07-14 02:51 - 00107779 _____ C:\Users\Snake\Documents\image.jpeg
2016-07-14 02:47 - 2016-07-14 02:51 - 00137959 _____ C:\Users\Snake\Documents\image3.jpeg
2016-07-14 02:47 - 2016-07-14 02:51 - 00137471 _____ C:\Users\Snake\Documents\image2.jpeg
2016-07-14 02:47 - 2016-07-14 02:47 - 00103674 _____ C:\Users\Snake\Documents\image1.jpeg
2016-07-13 09:08 - 2016-07-13 09:08 - 02436122 _____ C:\Users\Snake\Downloads\Aunt.mp4
2016-07-13 09:06 - 2016-07-13 09:06 - 08923875 _____ C:\Users\Snake\Downloads\building[via torchbrowser.com].mp4
2016-07-13 09:01 - 2016-07-13 09:02 - 04380840 _____ C:\Users\Snake\Downloads\old[via torchbrowser.com].mp4
2016-07-13 08:48 - 2016-07-13 08:50 - 16018067 _____ C:\Users\Snake\Downloads\meat[via torchbrowser.com].mp4
2016-07-13 07:31 - 2016-07-13 07:32 - 01147583 _____ C:\Users\Snake\Downloads\Mrjjj[via torchbrowser.com].flv
2016-07-13 02:49 - 2016-07-13 02:52 - 41647437 _____ C:\Users\Snake\Downloads\NATIVE AMERICANS Island-Hopping ![via torchbrowser.com].mp4
2016-07-13 02:09 - 2016-07-13 02:13 - 46236989 _____ C:\Users\Snake\Downloads\Lain to Waste- Absolute Proof[via torchbrowser.com].mp4
2016-07-13 02:07 - 2016-07-13 02:11 - 27674403 _____ C:\Users\Snake\Downloads\Message[via torchbrowser.com].mp4
2016-07-12 08:19 - 2016-07-12 08:19 - 06338981 _____ C:\Users\Snake\Downloads\Luvella Monay[via torchbrowser.com].mp4
2016-07-12 01:43 - 2016-07-12 01:44 - 10214732 _____ C:\Users\Snake\Downloads\por 500 pesos[via torchbrowser.com].mp4
2016-07-12 01:39 - 2016-07-12 01:39 - 14476104 _____ C:\Users\Snake\Downloads\6[via torchbrowser.com].mp4
2016-07-12 01:35 - 2016-07-12 01:35 - 06078688 _____ C:\Users\Snake\Downloads\5[via torchbrowser.com].mp4
2016-07-12 01:29 - 2016-07-12 01:29 - 12869857 _____ C:\Users\Snake\Downloads\4[via torchbrowser.com].mp4
2016-07-12 01:27 - 2016-07-12 01:28 - 08296166 _____ C:\Users\Snake\Downloads\New Vid 2.SF[via torchbrowser.com].mp4
2016-07-12 01:26 - 2016-07-12 01:27 - 07563795 _____ C:\Users\Snake\Downloads\3[via torchbrowser.com].mp4
2016-07-12 01:23 - 2016-07-12 01:24 - 14165787 _____ C:\Users\Snake\Downloads\jjj[via torchbrowser.com].mp4
2016-07-12 01:21 - 2016-07-12 01:22 - 09505183 _____ C:\Users\Snake\Downloads\2[via torchbrowser.com].mp4
2016-07-12 01:20 - 2016-07-12 01:20 - 07106537 _____ C:\Users\Snake\Downloads\New vid 1[via torchbrowser.com].mp4
2016-07-12 00:57 - 2016-07-12 00:58 - 24836405 _____ C:\Users\Snake\Downloads\8[via torchbrowser.com].mp4
2016-07-11 22:55 - 2016-07-11 22:56 - 31540296 _____ C:\Users\Snake\Downloads\A Voice for Indigenous Peoples[via torchbrowser.com].mp4
2016-07-11 21:27 - 2016-07-11 21:31 - 78894257 _____ C:\Users\Snake\Downloads\Minister Farrakhan [via torchbrowser.com].mp4
2016-07-11 19:19 - 2016-07-11 19:19 - 00000000 ____D C:\Users\NULL\AppData\Local\Hewlett-Packard
2016-07-11 19:19 - 2016-07-11 19:19 - 00000000 ____D C:\Users\NULL
2016-07-10 03:40 - 2016-07-10 03:45 - 74029020 _____ C:\Users\Snake\Downloads\Master Fard Muhammad writes Urdu[via torchbrowser.com].mp4
2016-07-10 02:32 - 2016-07-10 03:11 - 1005635038 _____ C:\Users\Snake\Downloads\Get On Board The Wheel - Part 2- Master Fard Muhammad and Buddhism[via torchbrowser.com].mp4
2016-07-09 17:25 - 2016-07-09 18:17 - 1070363779 _____ C:\Users\Snake\Downloads\Get On Board The Wheel - Part 1- Master Fard Muhammad and India[via torchbrowser.com].mp4
2016-07-09 13:47 - 2016-07-09 13:49 - 03877866 _____ C:\Users\Snake\Downloads\e1600375.full.pdf
2016-07-09 13:43 - 2016-07-09 13:46 - 32101272 _____ C:\Users\Snake\Downloads\Florida archaeological site[via torchbrowser.com].mp4
2016-07-09 09:55 - 2016-07-09 09:56 - 155427135 _____ C:\Users\Snake\Downloads\America00Ogil.pdf
2016-07-09 09:43 - 2016-07-09 09:43 - 00121757 _____ C:\Users\Snake\Downloads\oldest-version-map-alkebulan.jpeg
2016-07-07 07:17 - 2016-07-07 07:18 - 03824862 _____ C:\Users\Snake\Downloads\Untitled — danny668899-[via torchbrowser.com].mp4
2016-07-07 07:16 - 2016-07-07 07:17 - 16602226 _____ C:\Users\Snake\Downloads\Untitled — danny668899-[via torchbrowser.com].mp4
2016-07-07 07:15 - 2016-07-07 07:16 - 01050570 _____ C:\Users\Snake\Downloads\Untitled — Hot[via torchbrowser.com].mp4
2016-07-07 03:30 - 2016-07-07 03:37 - 196824142 _____ C:\Users\Snake\Downloads\Confessions of Ex Moor[via torchbrowser.com].mp4
2016-07-07 01:18 - 2016-07-07 01:20 - 11680753 _____ C:\Users\Snake\Downloads\Re- Central Asia - Death Of Beauty[via torchbrowser.com].mp4
2016-07-07 01:14 - 2016-07-07 01:16 - 14024461 _____ C:\Users\Snake\Downloads\Central Asia - the death of beauty.mp4[via torchbrowser.com].mp4
2016-07-07 01:07 - 2016-07-07 01:08 - 10365664 _____ C:\Users\Snake\Downloads\Florida Sinkhole[via torchbrowser.com].mp4
2016-07-07 00:23 - 2016-07-07 00:29 - 103288302 _____ C:\Users\Snake\Downloads\Human Pre-History- Part Three- Mesolithic Madness[via torchbrowser.com].mp4
2016-07-06 10:42 - 2016-07-06 10:43 - 03710119 _____ C:\Users\Snake\Downloads\Zlojutro_ku_0099D_10148_DATA_1.pdf
2016-07-06 02:32 - 2016-07-06 02:32 - 00005808 _____ C:\Users\Snake\Downloads\Castlevania Lament of Innocence  track.txt
2016-07-06 02:32 - 2016-07-06 02:32 - 00003016 _____ C:\Users\Snake\Downloads\Castlevania SOTN + Songs Saturn.txt
2016-07-06 02:22 - 2016-07-06 02:53 - 401120978 _____ C:\Users\Snake\Downloads\Castlevania Lament of Innocence OST FULL[via torchbrowser.com].mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-05 14:08 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-05 14:08 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-05 14:02 - 2012-08-04 08:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-05 13:37 - 2012-11-14 18:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-05 13:18 - 2012-05-15 01:08 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189766933-2127989679-3616620298-1002UA.job
2016-08-05 12:27 - 2014-08-13 06:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-05 12:08 - 2016-03-09 07:02 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-05 12:05 - 2016-03-09 07:08 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-05 12:01 - 2016-03-09 07:05 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-08-05 10:07 - 2012-08-04 08:28 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 10:07 - 2012-08-04 08:28 - 00002381 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-05 09:35 - 2012-02-26 15:37 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B3BF413-205F-43C6-AA81-7390794BCABD}
2016-08-05 09:12 - 2012-08-04 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-05 09:12 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-05 09:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Performance
2016-08-05 06:53 - 2011-10-25 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-08-05 06:43 - 2013-08-13 11:03 - 00000258 __RSH C:\Users\Snake\ntuser.pol
2016-08-05 06:43 - 2012-02-26 15:31 - 00000000 ____D C:\Users\Snake
2016-08-05 06:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-08-05 06:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2016-08-05 06:40 - 2011-10-25 20:43 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-08-04 16:18 - 2012-05-15 01:08 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189766933-2127989679-3616620298-1002Core.job
2016-08-04 11:31 - 2012-02-26 23:28 - 00000000 ____D C:\Users\Snake\AppData\Local\CrashDumps
2016-08-04 11:08 - 2012-10-05 04:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-04 11:07 - 2012-04-22 02:18 - 00000000 ____D C:\Program Files (x86)\Freecorder
2016-08-04 04:33 - 2012-02-26 15:37 - 00001627 _____ C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-02 12:47 - 2016-06-29 04:48 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-02 12:47 - 2016-06-18 06:25 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-01 18:10 - 2012-12-10 20:59 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2016-07-30 03:34 - 2013-07-17 15:52 - 00000000 ____D C:\Windows\system32\MRT
2016-07-30 03:08 - 2012-02-28 01:49 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-28 14:57 - 2015-02-05 00:05 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 14:57 - 2012-08-04 08:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-23 07:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-23 03:04 - 2015-04-24 01:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-23 03:04 - 2015-04-24 01:03 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-21 15:24 - 2016-05-23 00:43 - 00000000 ____D C:\Windows\rescache
2016-07-19 11:46 - 2012-04-22 02:19 - 00000000 ____D C:\Users\Snake\AppData\Local\FLVService
2016-07-18 06:08 - 2009-07-13 21:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-18 06:07 - 2014-08-13 06:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-18 06:07 - 2012-05-11 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-18 06:07 - 2012-05-11 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-18 05:57 - 2014-12-14 02:13 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 08:29 - 2012-11-14 18:16 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 08:29 - 2012-11-14 18:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 08:29 - 2011-10-25 21:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 12:18 - 2014-08-13 06:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-13 12:18 - 2014-08-13 06:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-12 18:41 - 2015-01-17 08:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 15:11 - 2012-10-18 17:54 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSNAKE-HP$
2016-07-12 15:11 - 2012-10-18 17:54 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForSNAKE-HP$.job
2016-07-12 03:41 - 2012-11-14 18:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 03:40 - 2011-10-25 21:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2013-09-14 02:00 - 2013-09-14 02:00 - 0000043 _____ () C:\Users\Snake\AppData\Roaming\WB.CFG
2013-06-09 21:01 - 2013-06-10 01:25 - 0002090 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
 
 
Some files in TEMP:
====================
C:\Users\Snake\AppData\Local\Temp\1WnADUWrCZ.exe
C:\Users\Snake\AppData\Local\Temp\AM278C99WH.exe
C:\Users\Snake\AppData\Local\Temp\CRhHImXKKi.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 17:47
 
==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:02 AM

Posted 06 August 2016 - 02:13 PM

Hello
  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
1.
Please Uninstall the following programs
TornTV
Torch
Caster
Ask Toolbar
 
2.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner
3.
Please run FRST again and post the new FRST.txt

Edited by fireman4it, 06 August 2016 - 02:16 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Sneak1

Sneak1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 07 August 2016 - 03:47 AM

I didn't want to remove Torch as it was my main browser.I didn't remove it but the cleaner steps I followed removed it and I had tabs on there I needed to go back to.Now I can't.I'm on chrome right now.I'm pissed off about this :(



#4 Sneak1

Sneak1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 07 August 2016 - 03:51 AM

Anyway to get those tabs back now if I install it again?I didn't expect that.....

 

 

 

# AdwCleaner v5.201 - Logfile created 07/08/2016 at 01:21:00
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-06.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Snake - SNAKE-HP
# Running from : C:\Users\Snake\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\torchcrashhandler
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\iLivid
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Snake\AppData\Local\Temp\MPC
[-] Folder Deleted : C:\Users\Snake\AppData\Local\Temp\APNLogs
[-] Folder Deleted : C:\Users\Snake\AppData\Local\apn
[-] Folder Deleted : C:\Users\Snake\AppData\Local\Ilivid Player
[-] Folder Deleted : C:\Users\Snake\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Snake\AppData\Local\torch
[-] Folder Deleted : C:\Users\Snake\AppData\Roaming\Search Protection
[-] Folder Deleted : C:\Users\Snake\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Program Files\TotalSystemCare
[-] Folder Deleted : C:\Program Files\Caster
[-] Folder Deleted : C:\uninst
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Users\Snake\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
[-] File Deleted : C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[-] File Deleted : C:\Users\Snake\Desktop\Torch.lnk
[-] File Deleted : C:\Users\Snake\Desktop\ZulaGames.lnk
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage-journal
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdloijijlkoblmigdofommgnheckmaki
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage-journal
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage-journal
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_groovorio.com_0.localstorage
[-] File Deleted : C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_groovorio.com_0.localstorage-journal
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage-journal
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage-journal
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage
[-] File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage-journal
[-] File Deleted : C:\user.js
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\It Girl!.lnk
[-] Shortcut Disinfected : C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\Snake\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Snake\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Snake\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100685.JSOptionsImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Ask&Record
[-] Key Deleted : HKCU\Software\BRS
[-] Key Deleted : HKCU\Software\Complitly
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Savevid
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Funmoods
[-] Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
[-] Key Deleted : HKLM\SOFTWARE\SimplyGen
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\WIN
[-] Key Deleted : HKLM\SOFTWARE\Savevid
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV and Media Player
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3189766933-2127989679-3616620298-1002\Software\Complitly
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{80661B3B-A50E-4325-9E7B-DE5D3CDC396A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{85CF6132-346B-4F3F-BAF3-D6FE477DD6E7}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{182EAF9B-29D2-41F8-B0FF-56A2CA8540D9}C:\users\snake\appdata\local\torch\application\torch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{1A3E78B5-E422-4614-8F66-1D68698C21A4}C:\users\snake\appdata\local\torch\application\torch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{11ED3712-6E5F-4915-85AB-9AD421D6991E}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C50A5F27-12AF-4554-A4C8-D8B9BEF2EB37}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{521547B4-A667-431D-A315-6971103DE9E9}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{821D839F-2143-4C96-B940-188DFA4CCFF7}]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : r
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yahoo.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : groovorio.com
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_keyd5_14_24&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0F0A0E0D0EtCyD0A0DyCtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1Czu1N1C2X1V1J1P2U1QyD1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StBtAtB0D0A0FyEzytGtCtCtB0DtGtD0EtC0FtGzz0AtB0DtGyB0EtB0DtA0F0FyByC0EyB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyCyD0D0DyB0DtBtGzz0EtByCtGyEtC0A0BtG0A0CtByBtGyByCyBzzyEtA0EzyyC0EyB0A2Q&cr=381745214&ir=
[-] [C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : blmchfpimpbbdmgpcieclabeafkljbhm
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [25985 bytes] - [07/08/2016 01:21:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [27004 bytes] - [06/08/2016 16:11:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [26133 bytes] ##########


#5 Sneak1

Sneak1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 07 August 2016 - 04:14 AM

Man I'm pissed about that I needed to get back to those tabs...

 

My wallpaper is still black and those things I mentioned above are still in the notifications area icons.


Edited by Sneak1, 07 August 2016 - 05:22 AM.


#6 Sneak1

Sneak1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 07 August 2016 - 05:19 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Snake (administrator) on SNAKE-HP (07-08-2016 02:18:20)
Running from C:\Users\Snake\Downloads
Loaded Profiles: Snake (Available Profiles: Snake & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Snake\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Facebook) C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(TorchMedia Inc.) C:\Users\Snake\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Update\47.0.0.11536\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Snake\AppData\Local\Torch\Application\torch.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-23] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [912920 2016-03-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\MountPoints2: {f8e7866c-6103-11e1-a776-e4d53dfaede1} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-01-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2016-08-06]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk [2012-11-01]
ShortcutTarget: Warner Bros.lnk -> C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{BFA964B6-2E1F-4FA8-ABBC-6928E908DC99}: [DhcpNameServer] 192.168.1.254
ManualProxies: 
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
URLSearchHook: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {37125B05-0A87-4FD9-A895-A79BBCA836DC} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {8242BEC5-C700-4296-ADFD-73CF2A5D7AF4} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3189766933-2127989679-3616620298-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-17] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2012-09-12] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-03-03] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Snake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3189766933-2127989679-3616620298-1002: facebook.com/fbDesktopPlugin -> C:\Users\Snake\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3189766933-2127989679-3616620298-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-07]
CHR Extension: (RealDownloader) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-07]
CHR Extension: (Adblock Pro) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-08-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 TorchCrashHandler; C:\Users\Snake\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2016-07-23] (TorchMedia Inc.) <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-03-11] (BlueStack Systems)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S1 awjltroy; \??\C:\Windows\system32\drivers\awjltroy.sys [X]
S1 badweaph; \??\C:\Windows\system32\drivers\badweaph.sys [X]
S1 bwzzjnst; \??\C:\Windows\system32\drivers\bwzzjnst.sys [X]
S1 etkkfkkr; \??\C:\Windows\system32\drivers\etkkfkkr.sys [X]
S1 evmifotl; \??\C:\Windows\system32\drivers\evmifotl.sys [X]
S1 fcwzlanm; \??\C:\Windows\system32\drivers\fcwzlanm.sys [X]
S3 GPU-Z; \??\C:\Users\Snake\AppData\Local\Temp\GPU-Z.sys [X]
S1 gtmbxxlg; \??\C:\Windows\system32\drivers\gtmbxxlg.sys [X]
S1 ifokjsqg; \??\C:\Windows\system32\drivers\ifokjsqg.sys [X]
S1 jegfrxrk; \??\C:\Windows\system32\drivers\jegfrxrk.sys [X]
S1 jnlkkqrs; \??\C:\Windows\system32\drivers\jnlkkqrs.sys [X]
S1 jsdpjorw; \??\C:\Windows\system32\drivers\jsdpjorw.sys [X]
S1 jvgbctbr; \??\C:\Windows\system32\drivers\jvgbctbr.sys [X]
S1 krypjeri; \??\C:\Windows\system32\drivers\krypjeri.sys [X]
S1 kyufoggq; \??\C:\Windows\system32\drivers\kyufoggq.sys [X]
S1 kzntosvb; \??\C:\Windows\system32\drivers\kzntosvb.sys [X]
S1 ldxjjnrn; \??\C:\Windows\system32\drivers\ldxjjnrn.sys [X]
S1 lwkmtqtg; \??\C:\Windows\system32\drivers\lwkmtqtg.sys [X]
S1 onqnqxgs; \??\C:\Windows\system32\drivers\onqnqxgs.sys [X]
S1 ooyuuxfc; \??\C:\Windows\system32\drivers\ooyuuxfc.sys [X]
S1 osydqwgz; \??\C:\Windows\system32\drivers\osydqwgz.sys [X]
S1 ovmofevf; \??\C:\Windows\system32\drivers\ovmofevf.sys [X]
S1 qgixafuk; \??\C:\Windows\system32\drivers\qgixafuk.sys [X]
S1 qkqwqjsi; \??\C:\Windows\system32\drivers\qkqwqjsi.sys [X]
S1 uzcnhstf; \??\C:\Windows\system32\drivers\uzcnhstf.sys [X]
S1 vthntmsh; \??\C:\Windows\system32\drivers\vthntmsh.sys [X]
S1 whevsgxr; \??\C:\Windows\system32\drivers\whevsgxr.sys [X]
S1 zgvxbvsl; \??\C:\Windows\system32\drivers\zgvxbvsl.sys [X]
S1 zlfkxnlc; \??\C:\Windows\system32\drivers\zlfkxnlc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 02:22 - 2016-08-07 02:22 - 00002278 _____ C:\Users\Snake\Desktop\bleepingcomputer.lnk
2016-08-07 02:22 - 2016-08-07 02:22 - 00002272 _____ C:\Users\Snake\Desktop\Torch Browser.lnk
2016-08-07 02:02 - 2016-08-07 02:03 - 00002223 _____ C:\Users\Snake\Desktop\Free Music.lnk
2016-08-07 02:02 - 2016-08-07 02:03 - 00002223 _____ C:\Users\Snake\Desktop\Free Games.lnk
2016-08-07 02:02 - 2016-08-07 02:03 - 00001401 _____ C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2016-08-07 02:02 - 2016-08-07 02:03 - 00001376 _____ C:\Users\Snake\Desktop\Torch.lnk
2016-08-07 02:02 - 2016-08-07 02:02 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-08-07 01:57 - 2016-08-07 02:02 - 00000000 ____D C:\Users\Snake\AppData\Local\Torch
2016-08-07 01:52 - 2016-08-07 01:54 - 01667696 _____ (Torch Media, Inc) C:\Users\Snake\Downloads\TorchSetup-r20-n-bc.exe
2016-08-07 00:13 - 2016-08-07 00:13 - 00068013 _____ C:\Users\Snake\Downloads\55F1.tmp
2016-08-06 16:11 - 2016-08-07 01:21 - 00000000 ____D C:\AdwCleaner
2016-08-06 16:08 - 2016-08-06 16:08 - 03712064 _____ C:\Users\Snake\Downloads\AdwCleaner.exe
2016-08-06 10:43 - 2016-08-06 10:47 - 00983771 _____ C:\Users\Snake\Downloads\jmedgene00103-0049.pdf
2016-08-05 14:42 - 2016-08-05 14:56 - 00054944 _____ C:\Users\Snake\Downloads\Addition.txt
2016-08-05 14:08 - 2016-08-07 02:18 - 00031193 _____ C:\Users\Snake\Downloads\FRST.txt
2016-08-05 14:07 - 2016-08-07 02:18 - 00000000 ____D C:\FRST
2016-08-05 14:05 - 2016-08-05 14:06 - 02393600 _____ (Farbar) C:\Users\Snake\Downloads\FRST64.exe
2016-08-04 04:21 - 2016-08-04 11:16 - 00000000 ____D C:\Users\Snake\Downloads\The Last of Us_American Dreams
2016-08-04 02:44 - 2016-08-04 02:46 - 44739343 _____ C:\Users\Snake\Downloads\Isis[via torchbrowser.com].mp4
2016-08-04 02:42 - 2016-08-04 02:43 - 30211154 _____ C:\Users\Snake\Downloads\Protesters Hilarious[via torchbrowser.com].mp4
2016-08-04 00:41 - 2016-08-04 00:49 - 95897784 _____ C:\Users\Snake\Downloads\Fantasies Finished [via torchbrowser.com].mp4
2016-08-03 23:24 - 2016-08-03 23:24 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-03 23:24 - 2016-08-03 23:24 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-01 09:47 - 2016-08-01 09:47 - 00787733 _____ C:\Users\Snake\Downloads\Bolnick et al in press(1).pdf
2016-07-31 20:24 - 2016-07-31 20:25 - 00173588 _____ C:\Users\Snake\Downloads\The Presumed Alliance.pdf
2016-07-30 18:06 - 2016-07-30 18:06 - 09583282 _____ C:\Users\Snake\Downloads\jason colavito[via torchbrowser.com] (7).mp4
2016-07-30 13:12 - 2016-07-30 14:00 - 01169957 _____ C:\Users\Snake\Downloads\2008_hateCrimeReport.pdf
2016-07-30 10:32 - 2016-07-30 10:32 - 00082829 _____ C:\Users\Snake\Downloads\Izsumo.jpeg
2016-07-30 09:55 - 2016-07-30 09:59 - 00066814 _____ C:\Users\Snake\Downloads\2011-04-21-09-34-56-2-konishiki-yasokichi-who-was-born-in-1963-is-the.jpeg
2016-07-29 19:49 - 2016-07-29 19:49 - 00035359 _____ C:\Users\Snake\Downloads\E939.tmp
2016-07-29 00:24 - 2016-07-29 00:25 - 30577925 _____ C:\Users\Snake\Downloads\drive-download-20160729T072403Z.zip
2016-07-28 00:24 - 2016-07-28 00:27 - 02959112 _____ C:\Users\Snake\Downloads\mt09_recurringissues.pdf
2016-07-26 13:27 - 2016-07-26 13:27 - 00052688 _____ C:\Users\Snake\Downloads\2383.tmp
2016-07-25 19:35 - 2016-07-25 19:35 - 02487288 _____ C:\Users\Snake\Downloads\Valverde_etal_journal.pone.0155508.PDF
2016-07-23 03:05 - 2016-07-23 03:05 - 00000000 ____D C:\Windows\EOONotify
2016-07-22 20:36 - 2016-07-22 20:36 - 00045003 _____ C:\Users\Snake\Documents\Cagngnpturegnf image-22-07-16-08-27.jpeg
2016-07-22 20:34 - 2016-07-22 20:35 - 00044392 _____ C:\Users\Snake\Documents\Cagngnpturegnf image-22-07-16-08-27-1.jpeg
2016-07-20 20:21 - 2016-07-20 20:21 - 00000000 ____D C:\Users\Snake\AppData\Local\{20001237-940B-4AF1-9106-F37AB5E1C83A}
2016-07-19 08:01 - 2016-07-19 08:02 - 05434522 _____ C:\Users\Snake\Downloads\culry hair and staight.mp4
2016-07-18 20:04 - 2016-07-18 20:06 - 00817906 _____ C:\Users\Snake\Downloads\Western Eurasian ancestry in modern Siberians based on mitogenomic data Derenko et al. BMC Evolutionary Biology 2014.pdf
2016-07-17 21:37 - 2016-07-17 21:39 - 37736982 _____ C:\Users\Snake\Downloads\Backstage with Bruno- [via torchbrowser.com].mp4
2016-07-17 15:06 - 2016-07-17 15:08 - 27892246 _____ C:\Users\Snake\Downloads\My Families Village [Pt.2] (Mam Mayan).mp4
2016-07-17 14:59 - 2016-07-17 15:04 - 44728653 _____ C:\Users\Snake\Downloads\Native American-American Indian Tag (Mayan).mp4
2016-07-16 16:50 - 2016-07-16 16:55 - 87701972 _____ C:\Users\Snake\Downloads\The Egyptian Conquest [via torchbrowser.com].mp4
2016-07-16 10:15 - 2016-07-16 10:16 - 12498143 _____ C:\Users\Snake\Downloads\THE REAL ANCIENT AND MODERN EGYPTIANS.mp4
2016-07-16 10:03 - 2016-07-16 10:05 - 11595897 _____ C:\Users\Snake\Downloads\SUMERIANS !.mp4
2016-07-16 09:59 - 2016-07-16 10:12 - 314164481 _____ C:\Users\Snake\Downloads\Cousins Across The Sea Part One[via torchbrowser.com].mp4
2016-07-16 09:18 - 2016-07-16 09:45 - 645804175 _____ C:\Users\Snake\Downloads\Cousins Across The Sea- The Director's Cut[via torchbrowser.com].mp4
2016-07-16 07:12 - 2016-07-16 07:24 - 235981871 _____ C:\Users\Snake\Downloads\New Zealand Skeletons in the Cupboard Episode 1. 
[via torchbrowser.com].mp4
2016-07-16 06:27 - 2016-07-16 06:44 - 228667824 _____ C:\Users\Snake\Downloads\Blonde Mummies of the South Pacific - ROBERT SEPEHR[via torchbrowser.com].mp4
2016-07-16 02:51 - 2016-07-16 02:53 - 44989726 _____ C:\Users\Snake\Downloads\ROBERT SEPEHR - Ancient Ethiopia[via torchbrowser.com].mp4
2016-07-16 02:45 - 2016-07-16 02:49 - 82416386 _____ C:\Users\Snake\Downloads\Rh- Negative Blood and Antediluvian Civilizations[via torchbrowser.com].mp4
2016-07-16 02:44 - 2016-07-16 02:45 - 25408745 _____ C:\Users\Snake\Downloads\Patagonian Giants[via torchbrowser.com].mp4
2016-07-16 02:22 - 2016-07-16 02:24 - 34958981 _____ C:\Users\Snake\Downloads\Occult Theories gins[via torchbrowser.com].mp4
2016-07-16 02:21 - 2016-07-16 02:22 - 17678753 _____ C:\Users\Snake\Downloads\Debunking the Aryan Race   Ancient Indians were NOT white   Aryan Race HOAX[via torchbrowser.com].mp4
2016-07-16 02:13 - 2016-07-16 02:16 - 89411103 _____ C:\Users\Snake\Downloads\RIP Jen.[via torchbrowser.com].mp4
2016-07-16 02:10 - 2016-07-16 02:12 - 51593080 _____ C:\Users\Snake\Downloads\the answer is [via torchbrowser.com].mp4
2016-07-16 02:05 - 2016-07-16 02:10 - 126716043 _____ C:\Users\Snake\Downloads\Continuity.mp4
2016-07-16 02:00 - 2016-07-16 02:00 - 21711496 _____ C:\Users\Snake\Downloads\Old Kingdom & New Kingdom artwork! ;).mp4
2016-07-16 01:46 - 2016-07-16 01:48 - 45818697 _____ C:\Users\Snake\Downloads\JEMRY SHENOUDA.mp4
2016-07-16 01:15 - 2016-07-16 01:17 - 00698372 _____ C:\Users\Snake\Downloads\nature11128.pdf
2016-07-16 01:08 - 2016-07-16 01:12 - 110426821 _____ C:\Users\Snake\Downloads\jemry shenouda.mp4
2016-07-15 15:41 - 2016-07-15 15:41 - 01384586 _____ C:\Users\Snake\Downloads\ants.mp4
2016-07-15 13:03 - 2016-07-15 13:04 - 00872331 _____ C:\Users\Snake\Downloads\000024507 botocudos autosomal.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01682473 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160604-2549-14hm9bl.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01574058 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160519-22129-15amh3.pdf
2016-07-15 12:56 - 2016-07-15 12:56 - 01573062 _____ C:\Users\Snake\Downloads\Two_ancient_human_genomes_reveal_Polynes20160325-19819-t7gxrw.pdf
2016-07-14 12:57 - 2016-07-14 13:20 - 328313479 _____ C:\Users\Snake\Downloads\Egyptian[via torchbrowser.com].mp4
2016-07-14 04:16 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 04:16 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 04:16 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 04:16 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 04:16 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 04:16 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 04:16 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 04:15 - 2016-06-10 23:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 04:15 - 2016-06-10 21:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 04:15 - 2016-06-10 14:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 04:15 - 2016-06-10 14:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 04:15 - 2016-06-10 14:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 04:15 - 2016-06-10 14:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 04:15 - 2016-06-10 14:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 04:15 - 2016-06-10 14:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 04:15 - 2016-06-10 14:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 04:15 - 2016-06-10 14:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 04:15 - 2016-06-10 14:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 04:15 - 2016-06-10 14:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 04:15 - 2016-06-10 14:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 04:15 - 2016-06-10 14:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 04:15 - 2016-06-10 14:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 04:15 - 2016-06-10 14:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 04:15 - 2016-06-10 14:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 04:15 - 2016-06-10 13:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 04:15 - 2016-06-10 13:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 04:15 - 2016-06-10 13:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 04:15 - 2016-06-10 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 04:15 - 2016-06-10 13:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 04:15 - 2016-06-10 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 04:15 - 2016-06-10 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 04:15 - 2016-06-10 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 04:15 - 2016-06-10 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 04:15 - 2016-06-10 13:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 04:15 - 2016-06-10 13:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 04:15 - 2016-06-10 13:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 04:15 - 2016-06-10 13:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 04:15 - 2016-06-10 13:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 04:15 - 2016-06-10 12:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 04:15 - 2016-06-10 12:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 04:15 - 2016-06-10 12:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 04:15 - 2016-06-10 12:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 04:15 - 2016-06-10 12:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 04:15 - 2016-06-10 11:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 04:15 - 2016-06-10 11:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 04:15 - 2016-06-10 11:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 04:15 - 2016-06-10 11:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 04:15 - 2016-06-10 11:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 04:15 - 2016-06-10 11:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 04:15 - 2016-06-10 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 04:15 - 2016-06-10 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 04:15 - 2016-06-10 11:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 04:15 - 2016-06-10 11:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 04:15 - 2016-06-10 11:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 04:15 - 2016-06-10 11:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 04:15 - 2016-06-10 11:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 04:15 - 2016-06-10 11:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 04:15 - 2016-06-10 11:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 04:15 - 2016-06-10 11:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 04:15 - 2016-06-10 11:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 04:15 - 2016-06-10 11:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 04:15 - 2016-06-10 11:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 04:15 - 2016-06-10 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 04:15 - 2016-06-10 11:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 04:15 - 2016-06-10 11:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 04:15 - 2016-06-10 11:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 04:15 - 2016-06-10 10:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 04:15 - 2016-06-10 10:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 04:15 - 2016-06-10 10:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 04:15 - 2016-06-10 10:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 04:14 - 2016-06-10 14:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dlla
2016-07-14 04:12 - 2016-06-25 17:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 04:12 - 2016-06-25 17:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 04:12 - 2016-06-22 06:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 04:12 - 2016-06-17 11:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 04:12 - 2016-06-14 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 02:51 - 2016-07-14 02:51 - 00107779 _____ C:\Users\Snake\Documents\image.jpeg
2016-07-14 02:47 - 2016-07-14 02:51 - 00137959 _____ C:\Users\Snake\Documents\image3.jpeg
2016-07-14 02:47 - 2016-07-14 02:51 - 00137471 _____ C:\Users\Snake\Documents\image2.jpeg
2016-07-14 02:47 - 2016-07-14 02:47 - 00103674 _____ C:\Users\Snake\Documents\image1.jpeg
2016-07-13 09:08 - 2016-07-13 09:08 - 02436122 _____ C:\Users\Snake\Downloads\Aunt.mp4
2016-07-13 09:06 - 2016-07-13 09:06 - 08923875 _____ C:\Users\Snake\Downloads\building[via torchbrowser.com].mp4
2016-07-13 09:01 - 2016-07-13 09:02 - 04380840 _____ C:\Users\Snake\Downloads\old[via torchbrowser.com].mp4
2016-07-13 08:48 - 2016-07-13 08:50 - 16018067 _____ C:\Users\Snake\Downloads\meat[via torchbrowser.com].mp4
2016-07-13 07:31 - 2016-07-13 07:32 - 01147583 _____ C:\Users\Snake\Downloads\Mrjjj[via torchbrowser.com].flv
2016-07-13 02:49 - 2016-07-13 02:52 - 41647437 _____ C:\Users\Snake\Downloads\NATIVE AMERICANS Island-Hopping ![via torchbrowser.com].mp4
2016-07-13 02:09 - 2016-07-13 02:13 - 46236989 _____ C:\Users\Snake\Downloads\Lain to Waste- Absolute Proof[via torchbrowser.com].mp4
2016-07-13 02:07 - 2016-07-13 02:11 - 27674403 _____ C:\Users\Snake\Downloads\Message[via torchbrowser.com].mp4
2016-07-12 08:19 - 2016-07-12 08:19 - 06338981 _____ C:\Users\Snake\Downloads\Luvella Monay[via torchbrowser.com].mp4
2016-07-12 01:43 - 2016-07-12 01:44 - 10214732 _____ C:\Users\Snake\Downloads\por 500 pesos[via torchbrowser.com].mp4
2016-07-12 01:39 - 2016-07-12 01:39 - 14476104 _____ C:\Users\Snake\Downloads\6[via torchbrowser.com].mp4
2016-07-12 01:35 - 2016-07-12 01:35 - 06078688 _____ C:\Users\Snake\Downloads\5[via torchbrowser.com].mp4
2016-07-12 01:29 - 2016-07-12 01:29 - 12869857 _____ C:\Users\Snake\Downloads\4[via torchbrowser.com].mp4
2016-07-12 01:27 - 2016-07-12 01:28 - 08296166 _____ C:\Users\Snake\Downloads\New Vid 2.SF[via torchbrowser.com].mp4
2016-07-12 01:26 - 2016-07-12 01:27 - 07563795 _____ C:\Users\Snake\Downloads\3[via torchbrowser.com].mp4
2016-07-12 01:23 - 2016-07-12 01:24 - 14165787 _____ C:\Users\Snake\Downloads\jjj[via torchbrowser.com].mp4
2016-07-12 01:21 - 2016-07-12 01:22 - 09505183 _____ C:\Users\Snake\Downloads\2[via torchbrowser.com].mp4
2016-07-12 01:20 - 2016-07-12 01:20 - 07106537 _____ C:\Users\Snake\Downloads\New vid 1[via torchbrowser.com].mp4
2016-07-12 00:57 - 2016-07-12 00:58 - 24836405 _____ C:\Users\Snake\Downloads\8[via torchbrowser.com].mp4
2016-07-11 22:55 - 2016-07-11 22:56 - 31540296 _____ C:\Users\Snake\Downloads\A Voice for Indigenous Peoples[via torchbrowser.com].mp4
2016-07-11 21:27 - 2016-07-11 21:31 - 78894257 _____ C:\Users\Snake\Downloads\Minister Farrakhan [via torchbrowser.com].mp4
2016-07-11 19:19 - 2016-07-11 19:19 - 00000000 ____D C:\Users\NULL\AppData\Local\Hewlett-Packard
2016-07-11 19:19 - 2016-07-11 19:19 - 00000000 ____D C:\Users\NULL
2016-07-10 03:40 - 2016-07-10 03:45 - 74029020 _____ C:\Users\Snake\Downloads\Master Fard Muhammad writes Urdu[via torchbrowser.com].mp4
2016-07-10 02:32 - 2016-07-10 03:11 - 1005635038 _____ C:\Users\Snake\Downloads\Get On Board The Wheel - Part 2- Master Fard Muhammad and Buddhism[via torchbrowser.com].mp4
2016-07-09 17:25 - 2016-07-09 18:17 - 1070363779 _____ C:\Users\Snake\Downloads\Get On Board The Wheel - Part 1- Master Fard Muhammad and India[via torchbrowser.com].mp4
2016-07-09 13:47 - 2016-07-09 13:49 - 03877866 _____ C:\Users\Snake\Downloads\e1600375.full.pdf
2016-07-09 13:43 - 2016-07-09 13:46 - 32101272 _____ C:\Users\Snake\Downloads\Florida archaeological site[via torchbrowser.com].mp4
2016-07-09 09:55 - 2016-07-09 09:56 - 155427135 _____ C:\Users\Snake\Downloads\America00Ogil.pdf
2016-07-09 09:43 - 2016-07-09 09:43 - 00121757 _____ C:\Users\Snake\Downloads\oldest-version-map-alkebulan.jpeg
2016-07-07 07:17 - 2016-07-07 07:18 - 03824862 _____ C:\Users\Snake\Downloads\Untitled — danny668899-[via torchbrowser.com].mp4
2016-07-07 07:16 - 2016-07-07 07:17 - 16602226 _____ C:\Users\Snake\Downloads\Untitled — danny668899-[via torchbrowser.com].mp4
2016-07-07 07:15 - 2016-07-07 07:16 - 01050570 _____ C:\Users\Snake\Downloads\Untitled — Hot[via torchbrowser.com].mp4
2016-07-07 03:30 - 2016-07-07 03:37 - 196824142 _____ C:\Users\Snake\Downloads\Confessions of Ex Moor[via torchbrowser.com].mp4
2016-07-07 01:18 - 2016-07-07 01:20 - 11680753 _____ C:\Users\Snake\Downloads\Re- Central Asia - Death Of Beauty[via torchbrowser.com].mp4
2016-07-07 01:14 - 2016-07-07 01:16 - 14024461 _____ C:\Users\Snake\Downloads\Central Asia - the death of beauty.mp4[via torchbrowser.com].mp4
2016-07-07 01:07 - 2016-07-07 01:08 - 10365664 _____ C:\Users\Snake\Downloads\Florida Sinkhole[via torchbrowser.com].mp4
2016-07-07 00:23 - 2016-07-07 00:29 - 103288302 _____ C:\Users\Snake\Downloads\Human Pre-History- Part Three- Mesolithic Madness[via torchbrowser.com].mp4
2016-07-06 10:42 - 2016-07-06 10:43 - 03710119 _____ C:\Users\Snake\Downloads\Zlojutro_ku_0099D_10148_DATA_1.pdf
2016-07-06 02:32 - 2016-07-06 02:32 - 00005808 _____ C:\Users\Snake\Downloads\Castlevania Lament of Innocence  track.txt
2016-07-06 02:32 - 2016-07-06 02:32 - 00003016 _____ C:\Users\Snake\Downloads\Castlevania SOTN + Songs Saturn.txt
2016-07-06 02:22 - 2016-07-06 02:53 - 401120978 _____ C:\Users\Snake\Downloads\Castlevania Lament of Innocence OST FULL[via torchbrowser.com].mp4
 
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-07 02:03 - 2012-08-04 08:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-07 01:53 - 2012-02-26 15:37 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B3BF413-205F-43C6-AA81-7390794BCABD}
2016-08-07 01:53 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-07 01:53 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-07 01:37 - 2012-08-04 08:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-07 01:37 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-07 01:36 - 2016-03-09 07:05 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-08-07 01:31 - 2012-08-04 08:28 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 01:31 - 2012-08-04 08:28 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-07 01:31 - 2012-02-26 15:37 - 00000989 _____ C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-07 01:31 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-07 01:23 - 2013-01-27 17:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-08-07 01:22 - 2012-05-15 01:08 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189766933-2127989679-3616620298-1002UA.job
2016-08-07 00:37 - 2012-11-14 18:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-07 00:33 - 2012-02-26 23:28 - 00000000 ____D C:\Users\Snake\AppData\Local\CrashDumps
2016-08-06 16:19 - 2012-05-15 01:08 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3189766933-2127989679-3616620298-1002Core.job
2016-08-05 12:27 - 2014-08-13 06:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-05 12:08 - 2016-03-09 07:02 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-08-05 12:05 - 2016-03-09 07:08 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-08-05 09:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Performance
2016-08-05 06:53 - 2011-10-25 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-08-05 06:43 - 2013-08-13 11:03 - 00000258 __RSH C:\Users\Snake\ntuser.pol
2016-08-05 06:43 - 2012-02-26 15:31 - 00000000 ____D C:\Users\Snake
2016-08-05 06:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-08-05 06:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2016-08-05 06:40 - 2011-10-25 20:43 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-08-04 11:08 - 2012-10-05 04:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-04 11:07 - 2012-04-22 02:18 - 00000000 ____D C:\Program Files (x86)\Freecorder
2016-08-02 12:47 - 2016-06-29 04:48 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-02 12:47 - 2016-06-18 06:25 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3189766933-2127989679-3616620298-1002
2016-08-01 18:10 - 2012-12-10 20:59 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2016-07-30 03:34 - 2013-07-17 15:52 - 00000000 ____D C:\Windows\system32\MRT
2016-07-30 03:08 - 2012-02-28 01:49 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-28 14:57 - 2015-02-05 00:05 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 14:57 - 2012-08-04 08:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-23 07:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-23 03:04 - 2015-04-24 01:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-23 03:04 - 2015-04-24 01:03 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-21 15:24 - 2016-05-23 00:43 - 00000000 ____D C:\Windows\rescache
2016-07-19 11:46 - 2012-04-22 02:19 - 00000000 ____D C:\Users\Snake\AppData\Local\FLVService
2016-07-18 06:08 - 2009-07-13 21:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-18 06:07 - 2014-08-13 06:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-18 06:07 - 2012-05-11 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-18 06:07 - 2012-05-11 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-18 05:57 - 2014-12-14 02:13 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 08:29 - 2012-11-14 18:16 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 08:29 - 2012-11-14 18:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 08:29 - 2011-10-25 21:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 12:18 - 2014-08-13 06:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-13 12:18 - 2014-08-13 06:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-12 18:41 - 2015-01-17 08:08 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 15:11 - 2012-10-18 17:54 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSNAKE-HP$
2016-07-12 15:11 - 2012-10-18 17:54 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForSNAKE-HP$.job
2016-07-12 03:41 - 2012-11-14 18:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 03:40 - 2011-10-25 21:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2013-09-14 02:00 - 2013-09-14 02:00 - 0000043 _____ () C:\Users\Snake\AppData\Roaming\WB.CFG
2013-06-09 21:01 - 2013-06-10 01:25 - 0002090 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
 
 
Some files in TEMP:
====================
C:\Users\Snake\AppData\Local\Temp\1WnADUWrCZ.exe
C:\Users\Snake\AppData\Local\Temp\AM278C99WH.exe
C:\Users\Snake\AppData\Local\Temp\CRhHImXKKi.exe
C:\Users\Snake\AppData\Local\Temp\libeay32.dll
C:\Users\Snake\AppData\Local\Temp\msvcr120.dll
C:\Users\Snake\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 17:47
 
==================== End of FRST.txt ============================


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:02 AM

Posted 07 August 2016 - 05:06 PM

Torch Browser is a known malware browser. That's why it was deleted the first time by AdwCleaner. Please uninstall Torch Browser.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Sneak1

Sneak1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 07 August 2016 - 06:10 PM

The reason I used it was for the media catcher.it has.I used it to download youtube videos to respond back to peoples videos.The chrome browser won't let me use any of their media catchers to downlaod youtube videos.Is there any media ctacher you recomment before I remove torch again?


Edited by Sneak1, 07 August 2016 - 06:11 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:02 AM

Posted 07 August 2016 - 06:26 PM

I have no idea. I don't use a media catcher. I would suggest googling it. Once you have uninstalled torch please run FRST again and post the new log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:02 AM

Posted 15 August 2016 - 07:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users