Jump to content

Recommended Posts

Hello when I go to task manager I see a lot of iexplorer.exe and explorer.exe running. Also when I restart my pc I get ituneshelper.dll has failed to load pop up. I've tried scanning with multiple different programs including Malwarebytes, all have failed. Thanks for reading.

post-157581-0-97510700-1393723619_thumb.

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

STEP 2

 

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Thank you so much for responding, I really Appreciate the help. Fortunately, after searching the web for a while I finally solved both of those problems. Right now my only problem is that I have multiple explorer.exe running in task manager. Would you be able to help me with that?

Link to post
Share on other sites

Just to be safe, I scanned with both the programs you listed.

 

This is the Farbar Recovery Log:

 

fScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02

Ran by Chris (administrator) on CHRIS-PC on 02-03-2014 14:57:45

Running from C:\Users\Chris\Desktop\Clean

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe

(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKU\S-1-5-21-662125380-580819888-2351019072-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {BCD08415-5D90-42D4-9D51-B75CB3A3A5F8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0C0EyCyC0FyDtAtCtAtCtN0D0Tzu0SyBtCyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=443045279&ir=

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default

FF NewTab: about:blank


FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Chris\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: ClipConverter Desktop - C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi [2014-02-11]

FF Extension: User Pinned - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\Extensions\{1F3015A6-75BF-4D05-CE58-E58B646B512F} [2014-02-28]

FF Extension: Adblock Edge - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-11-16]

 

Chrome: 

=======


CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-12]

CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-12]

CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-12]

CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-12]

CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]

CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-12]

 

==================== Services (Whitelisted) =================

 

R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-02-10] (Ellora Assets Corp.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-05] ()

S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)

S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)

S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)

R3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)

R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-02 14:49 - 2014-03-02 14:57 - 00000000 ____D () C:\FRST

2014-03-02 14:45 - 2014-03-02 14:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-03-02 00:08 - 2014-03-02 00:18 - 00000355 _____ () C:\Users\Chris\Desktop\Computer - Shortcut.lnk

2014-03-01 23:31 - 2014-03-01 23:31 - 00014152 _____ () C:\ComboFix.txt

2014-03-01 23:20 - 2014-03-01 23:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Chris\Downloads\rkill.exe

2014-03-01 23:19 - 2014-03-01 23:19 - 05185084 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix.exe

2014-03-01 21:57 - 2014-03-01 23:31 - 00000000 ____D () C:\Qoobox

2014-03-01 21:57 - 2014-03-01 23:29 - 00000000 ____D () C:\Windows\erdnt

2014-03-01 21:57 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-03-01 21:57 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-03-01 21:57 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-03-01 21:57 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-03-01 21:57 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-03-01 21:57 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-03-01 21:57 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-03-01 21:57 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-01 20:05 - 2014-03-01 20:05 - 00000017 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg

2014-03-01 19:55 - 2014-03-02 14:57 - 00000000 ____D () C:\Users\Chris\Desktop\Clean

2014-03-01 19:48 - 2014-03-01 23:33 - 00002324 _____ () C:\Windows\PFRO.log

2014-03-01 19:32 - 2014-03-02 14:38 - 00000672 _____ () C:\Windows\setupact.log

2014-03-01 19:32 - 2014-03-01 19:32 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-01 19:29 - 2014-03-02 03:32 - 00000000 ____D () C:\AdwCleaner

2014-03-01 19:08 - 2014-03-01 19:20 - 00000000 ____D () C:\Program Files (x86)\PCFixKit

2014-03-01 19:08 - 2014-03-01 19:08 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\PCFixKit

2014-03-01 19:03 - 2014-03-01 19:03 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-03-01 19:03 - 2014-03-01 19:03 - 00000000 _____ () C:\autoexec.bat

2014-03-01 19:02 - 2014-03-01 19:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-03-01 18:36 - 2014-03-01 18:46 - 00000000 ____D () C:\Users\Chris\Desktop\Shell Extension

2014-02-28 07:35 - 2014-02-28 07:35 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Program Files (x86)\Seagate

2014-02-28 02:52 - 2014-02-28 02:54 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit

2014-02-28 02:52 - 2014-02-28 02:52 - 00000000 ____D () C:\Users\Chris\AppData\Local\DriverToolkit

2014-02-27 02:29 - 2014-02-27 03:36 - 00000000 ____D () C:\Users\Chris\Desktop\yep

2014-02-23 23:22 - 2014-02-24 00:10 - 00000000 ____D () C:\Users\Chris\Desktop\3DTotal Total Textures 1-16

2014-02-18 13:23 - 2014-02-18 13:23 - 00001339 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk

2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Users\Chris\Documents\Respawn

2014-02-16 10:47 - 2014-02-16 11:40 - 00000000 ____D () C:\Users\Chris\AppData\Local\headus

2014-02-16 10:47 - 2014-02-16 10:47 - 00001178 _____ () C:\Users\Chris\Desktop\uvlayout - Shortcut.lnk

2014-02-15 01:20 - 2014-02-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-12 18:54 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-12 18:54 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-12 18:53 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-12 18:53 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-12 18:53 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-12 18:53 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-12 18:53 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-12 18:53 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-12 18:53 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-12 18:53 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-12 18:53 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-12 18:53 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-12 18:53 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-12 18:53 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-12 18:53 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-12 18:53 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-12 18:53 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-12 18:53 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-12 18:53 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-12 18:53 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-12 18:53 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-12 18:53 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-12 18:53 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-12 18:53 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-12 18:53 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-12 18:53 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-12 18:53 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-12 18:53 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-12 18:53 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-12 18:53 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-12 18:53 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-12 18:53 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-12 18:53 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-12 18:53 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-12 18:53 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-12 18:53 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-12 18:53 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-12 18:53 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-12 18:53 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-12 18:53 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-12 18:53 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-12 14:03 - 2014-02-12 14:03 - 03859681 _____ () C:\Users\Chris\Downloads\Akuma main menu background by augh.7z

2014-02-12 11:17 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-12 11:17 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-12 11:17 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-12 11:17 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-12 11:17 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-12 11:17 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-12 11:17 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-12 11:17 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-12 11:17 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-12 11:17 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-12 11:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-12 11:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-12 11:17 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-12 11:17 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-12 11:17 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-12 11:17 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-12 11:17 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-12 11:17 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-12 11:17 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-12 11:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-12 11:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-12 11:17 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-12 11:17 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-12 11:17 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-12 11:17 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-12 11:17 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-12 11:17 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-12 11:17 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-11 18:58 - 2014-02-18 01:22 - 00000000 ____D () C:\Users\Chris\ClipConverter

2014-02-11 18:58 - 2014-02-11 18:58 - 00001151 _____ () C:\Users\Chris\Desktop\ClipConverter.lnk

2014-02-11 18:58 - 2014-02-11 18:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClipConverter

2014-02-11 18:57 - 2014-02-11 18:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Lunaweb

2014-02-11 18:46 - 2014-02-11 18:57 - 23590915 _____ (Lunaweb) C:\Users\Chris\Downloads\setup_110.exe

2014-02-08 14:55 - 2014-02-08 14:55 - 01077248 _____ () C:\Users\Chris\Downloads\WmpSub.msi

2014-02-01 21:32 - 2014-02-01 21:32 - 00001003 _____ () C:\Users\Chris\Desktop\GameSpy Arcade.lnk

2014-02-01 21:30 - 2014-02-01 21:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games

 

==================== One Month Modified Files and Folders =======

 

2014-03-02 14:57 - 2014-03-02 14:49 - 00000000 ____D () C:\FRST

2014-03-02 14:57 - 2014-03-01 19:55 - 00000000 ____D () C:\Users\Chris\Desktop\Clean

2014-03-02 14:57 - 2013-11-16 15:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Skype

2014-03-02 14:47 - 2014-01-18 14:40 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-02 14:47 - 2014-01-18 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-03-02 14:46 - 2014-03-02 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.75.0.1300(1).exe

2014-03-02 14:45 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-02 14:45 - 2009-07-13 23:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-02 14:42 - 2013-11-07 14:32 - 01917669 _____ () C:\Windows\WindowsUpdate.log

2014-03-02 14:38 - 2014-03-01 19:32 - 00000672 _____ () C:\Windows\setupact.log

2014-03-02 14:38 - 2013-12-12 01:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-02 14:38 - 2013-11-07 14:34 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-03-02 14:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-02 03:32 - 2014-03-01 19:29 - 00000000 ____D () C:\AdwCleaner

2014-03-02 03:32 - 2014-01-30 14:21 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job

2014-03-02 03:30 - 2013-11-16 15:36 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe

2014-03-02 03:14 - 2013-11-16 15:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-02 03:06 - 2013-12-12 01:48 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-02 02:59 - 2013-11-16 17:07 - 00000388 _____ () C:\Windows\Tasks\update-sys.job

2014-03-02 02:10 - 2013-11-19 16:48 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps

2014-03-02 01:02 - 2013-11-16 17:07 - 00000388 _____ () C:\Windows\Tasks\update-S-1-5-21-662125380-580819888-2351019072-1000.job

2014-03-02 00:18 - 2014-03-02 00:08 - 00000355 _____ () C:\Users\Chris\Desktop\Computer - Shortcut.lnk

2014-03-01 23:56 - 2013-11-16 17:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent

2014-03-01 23:33 - 2014-03-01 19:48 - 00002324 _____ () C:\Windows\PFRO.log

2014-03-01 23:31 - 2014-03-01 23:31 - 00014152 _____ () C:\ComboFix.txt

2014-03-01 23:31 - 2014-03-01 21:57 - 00000000 ____D () C:\Qoobox

2014-03-01 23:29 - 2014-03-01 21:57 - 00000000 ____D () C:\Windows\erdnt

2014-03-01 23:29 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-03-01 23:20 - 2014-03-01 23:20 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Chris\Downloads\rkill.exe

2014-03-01 23:19 - 2014-03-01 23:19 - 05185084 ____R (Swearware) C:\Users\Chris\Downloads\ComboFix.exe

2014-03-01 22:05 - 2013-11-16 15:37 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe

2014-03-01 22:05 - 2013-11-16 14:40 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-01 22:05 - 2009-07-13 21:34 - 89653248 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-03-01 22:05 - 2009-07-13 21:34 - 21757952 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-03-01 22:05 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-03-01 22:05 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-03-01 22:05 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-03-01 20:05 - 2014-03-01 20:05 - 00000017 _____ () C:\Users\Chris\AppData\Local\resmon.resmoncfg

2014-03-01 19:44 - 2013-11-19 15:58 - 00000000 ____D () C:\Users\Chris\Desktop\TO

2014-03-01 19:32 - 2014-03-01 19:32 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-01 19:20 - 2014-03-01 19:08 - 00000000 ____D () C:\Program Files (x86)\PCFixKit

2014-03-01 19:17 - 2014-03-01 19:02 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-03-01 19:08 - 2014-03-01 19:08 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\PCFixKit

2014-03-01 19:03 - 2014-03-01 19:03 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-03-01 19:03 - 2014-03-01 19:03 - 00000000 _____ () C:\autoexec.bat

2014-03-01 18:59 - 2013-11-17 03:00 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Sony

2014-03-01 18:59 - 2013-11-16 22:36 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-03-01 18:58 - 2014-01-18 08:20 - 00000000 ____D () C:\Windows\Minidump

2014-03-01 18:46 - 2014-03-01 18:36 - 00000000 ____D () C:\Users\Chris\Desktop\Shell Extension

2014-03-01 16:27 - 2013-11-16 22:51 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-02-28 22:21 - 2014-01-21 13:09 - 00000000 ____D () C:\Users\Chris\Desktop\Team Production

2014-02-28 22:17 - 2013-12-04 14:24 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT

2014-02-28 07:35 - 2014-02-28 07:35 - 00000000 ____D () C:\ProgramData\Package Cache

2014-02-28 07:34 - 2014-02-28 07:34 - 00000000 ____D () C:\Program Files (x86)\Seagate

2014-02-28 03:30 - 2014-01-18 07:00 - 00000000 ____D () C:\Users\Chris\Desktop\Adv Prototype

2014-02-28 02:54 - 2014-02-28 02:52 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit

2014-02-28 02:52 - 2014-02-28 02:52 - 00000000 ____D () C:\Users\Chris\AppData\Local\DriverToolkit

2014-02-28 02:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-27 10:32 - 2014-01-30 14:21 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job

2014-02-27 03:36 - 2014-02-27 02:29 - 00000000 ____D () C:\Users\Chris\Desktop\yep

2014-02-26 19:35 - 2013-11-16 15:07 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla

2014-02-25 18:24 - 2013-12-06 23:27 - 00000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe Targa Format CS6 Prefs

2014-02-25 15:22 - 2013-11-16 16:28 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-24 18:46 - 2013-11-22 14:18 - 00000000 ____D () C:\Users\Chris\AppData\Local\Mirillis

2014-02-24 00:10 - 2014-02-23 23:22 - 00000000 ____D () C:\Users\Chris\Desktop\3DTotal Total Textures 1-16

2014-02-21 17:08 - 2013-12-12 01:49 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-21 01:00 - 2014-01-22 17:10 - 00000000 ____D () C:\Users\Chris\Desktop\UDK

2014-02-20 15:14 - 2013-11-16 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-20 15:14 - 2013-11-16 15:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 15:14 - 2013-11-16 15:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-18 15:12 - 2013-11-16 22:44 - 00000000 ____D () C:\ProgramData\Origin

2014-02-18 15:12 - 2013-11-16 22:44 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-02-18 13:28 - 2013-11-22 16:12 - 00000000 ____D () C:\ProgramData\Freemake

2014-02-18 13:23 - 2014-02-18 13:23 - 00001339 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk

2014-02-18 13:23 - 2013-11-22 16:12 - 00000000 ____D () C:\Program Files (x86)\Freemake

2014-02-18 01:22 - 2014-02-11 18:58 - 00000000 ____D () C:\Users\Chris\ClipConverter

2014-02-17 14:30 - 2013-12-08 08:11 - 00000000 ____D () C:\Users\Chris\Desktop\UVLayout v2 Professional

2014-02-16 13:00 - 2014-02-16 13:00 - 00000000 ____D () C:\Users\Chris\Documents\Respawn

2014-02-16 13:00 - 2013-11-21 13:18 - 00000000 ____D () C:\Users\Chris\Desktop\Games

2014-02-16 11:40 - 2014-02-16 10:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\headus

2014-02-16 10:47 - 2014-02-16 10:47 - 00001178 _____ () C:\Users\Chris\Desktop\uvlayout - Shortcut.lnk

2014-02-16 10:27 - 2014-01-30 14:21 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA

2014-02-16 10:27 - 2014-01-30 14:21 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core

2014-02-15 15:20 - 2014-01-26 16:41 - 00000000 ____D () C:\Program Files (x86)\Convert Audio Free

2014-02-15 12:06 - 2013-11-16 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-15 03:01 - 2013-11-29 16:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-15 03:00 - 2013-11-29 16:04 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-15 01:33 - 2013-12-15 21:15 - 00000000 ____D () C:\Users\Chris\Desktop\SMUG

2014-02-15 01:20 - 2014-02-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-13 12:01 - 2013-12-12 01:48 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-13 12:01 - 2013-12-12 01:48 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-12 15:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-02-12 14:43 - 2014-01-01 23:32 - 00000000 ____D () C:\Users\Chris\Desktop\AE Mods

2014-02-12 14:03 - 2014-02-12 14:03 - 03859681 _____ () C:\Users\Chris\Downloads\Akuma main menu background by augh.7z

2014-02-11 22:15 - 2013-12-03 17:12 - 00000132 _____ () C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-02-11 18:58 - 2014-02-11 18:58 - 00001151 _____ () C:\Users\Chris\Desktop\ClipConverter.lnk

2014-02-11 18:58 - 2014-02-11 18:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClipConverter

2014-02-11 18:58 - 2014-02-11 18:57 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Lunaweb

2014-02-11 18:58 - 2013-11-16 14:40 - 00000000 ____D () C:\Users\Chris

2014-02-11 18:57 - 2014-02-11 18:46 - 23590915 _____ (Lunaweb) C:\Users\Chris\Downloads\setup_110.exe

2014-02-09 18:38 - 2014-01-29 17:37 - 00000000 ____D () C:\Users\Chris\Desktop\F.E.A.R

2014-02-08 20:59 - 2014-01-19 13:34 - 00000000 ____D () C:\Users\Chris\Documents\3D-CoatV4

2014-02-08 17:52 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-02-08 14:55 - 2014-02-08 14:55 - 01077248 _____ () C:\Users\Chris\Downloads\WmpSub.msi

2014-02-06 07:16 - 2014-02-12 18:53 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 06:30 - 2014-02-12 18:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 06:30 - 2014-02-12 18:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 06:12 - 2014-02-12 18:53 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 06:07 - 2014-02-12 18:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 06:06 - 2014-02-12 18:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 05:57 - 2014-02-12 18:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 05:56 - 2014-02-12 18:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 05:52 - 2014-02-12 18:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 05:49 - 2014-02-12 18:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 05:48 - 2014-02-12 18:53 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 05:48 - 2014-02-12 18:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 05:38 - 2014-02-12 18:53 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 05:32 - 2014-02-12 18:53 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 05:20 - 2014-02-12 18:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 05:17 - 2014-02-12 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 05:11 - 2014-02-12 18:53 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 05:01 - 2014-02-12 18:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 05:00 - 2014-02-12 18:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-12 18:53 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 04:57 - 2014-02-12 18:53 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 04:52 - 2014-02-12 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 04:52 - 2014-02-12 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 04:50 - 2014-02-12 18:53 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 04:49 - 2014-02-12 18:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 04:47 - 2014-02-12 18:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 04:46 - 2014-02-12 18:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 04:25 - 2014-02-12 18:53 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 04:25 - 2014-02-12 18:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 04:24 - 2014-02-12 18:53 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 04:22 - 2014-02-12 18:53 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 04:13 - 2014-02-12 18:53 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 04:09 - 2014-02-12 18:53 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 04:03 - 2014-02-12 18:53 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 03:55 - 2014-02-12 18:53 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 03:41 - 2014-02-12 18:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 03:40 - 2014-02-12 18:53 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 03:36 - 2014-02-12 18:53 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 03:34 - 2014-02-12 18:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-05 16:04 - 2014-01-19 13:36 - 00000000 ____D () C:\Users\Chris\Desktop\Character

2014-02-01 21:32 - 2014-02-01 21:32 - 00001003 _____ () C:\Users\Chris\Desktop\GameSpy Arcade.lnk

2014-02-01 21:32 - 2014-01-29 17:12 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-02-01 21:32 - 2014-01-29 17:11 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade

2014-02-01 21:32 - 2014-01-29 17:10 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade

2014-02-01 21:32 - 2013-11-16 18:04 - 00000000 ____D () C:\Users\Chris\Documents\My Games

2014-02-01 21:30 - 2014-02-01 21:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games

 

Files to move or delete:

====================

C:\Users\Chris\jagex_cl_runescape_LIVE.dat

C:\Users\Chris\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Chris\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2011-11-21 20:26

 

==================== End Of Log ============================

 

 

 

 

 

 

 

Malwarebytes Log:

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.02.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Chris :: CHRIS-PC [administrator]

 

3/2/2014 3:06:20 PM

mbam-log-2014-03-02 (15-06-20).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243366

Time elapsed: 7 minute(s), 18 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

Sorry forgot to include the Addition Log. Here it is here:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2014 02

Ran by Chris at 2014-03-02 14:58:04

Running from C:\Users\Chris\Desktop\Clean

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)

Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)

Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden

Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)

Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden

Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)

Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)

Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden

Autodesk Mudbox 2014 (HKLM\...\Autodesk Mudbox 2014) (Version: 8.0.0.1010 - Autodesk)

Autodesk Mudbox 2014 (Version: 8.0.0.1010 - Autodesk) Hidden

AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.1.240 - Online Media Technologies Ltd.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)

Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)

CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)

ClipConverter (HKLM-x32\...\{86134348-6422-4486-AB6A-0E01DBA39DE6}) (Version: 1.1.0 - Lunaweb)

Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Free CBR Reader (HKLM-x32\...\{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}) (Version: 1.0.0 - Free Picture Solutions)

Free Soundcloud Downloader (HKLM-x32\...\{4D2F193D-4725-4518-9F23-AAF5A3475875}) (Version: 1.0.0 - Convert Audio Free)

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.3 - Ellora Assets Corporation)

Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)

GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{CCE68200-4ED0-3E0A-A7F2-504897E356AB}) (Version: 5.1.5.17733 - Google)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)

lightshot-4.4.2.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 4.4.2.10 - Skillbrains)

Local Subtitles for 64-bit WMP (HKLM\...\{190BC83F-D54E-4494-830E-7FB4A5F4B964}) (Version: 1.6.0.0 - Alexander Demidov)

Luxology modo 701 64-bit build 58358 (HKLM-x32\...\701_64) (Version:  - )

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)

NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)

Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden

Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 1.0 - Roxio)

Roxio Game Capture HD PRO (x32 Version: 1.0.135 - Roxio) Hidden

Roxio GameCAP HD PRO (x32 Version: 1.00.0000 - Roxio) Hidden

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1989.5 - Hi-Rez Studios)

Snagit 11 (HKLM-x32\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)

Splash Lite (HKLM-x32\...\{8B4A6011-BB10-4918-B561-3F6CF5712B37}) (Version: 1.7.1 - Mirillis)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)

Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden

SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0005.129 - CAPCOM U.S.A., INC) Hidden

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)

Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Unreal Development Kit: 2013-07 (HKLM\...\UDK-cc22b77f-9cae-40b5-9806-1d755fc98774) (Version:  - Epic Games, Inc.)

Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

25-02-2014 20:20:38 Windows Update

28-02-2014 12:34:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

28-02-2014 22:48:32 Windows Update

02-03-2014 00:02:59 Installed SpyHunter

02-03-2014 00:16:36 Removed SpyHunter

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2014-03-01 22:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {04200284-0010-4612-9739-A62287861C9E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-662125380-580819888-2351019072-1000

Task: {2101DF96-072E-4AE5-A0E5-02B0DC812566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)

Task: {3A5FD721-AE48-4942-93D8-FBC0D471034E} - System32\Tasks\update-S-1-5-21-662125380-580819888-2351019072-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()

Task: {5B202745-7F4C-40E2-992A-6B86399FE811} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {5F228A34-FE98-43E0-B5E7-AD74E870A842} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)

Task: {6C5532E0-5AFA-4691-B208-CA252F42ABD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)

Task: {94CBFF57-B477-4DFA-90AA-FD4548C15E79} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-12] (Google Inc.)

Task: {A65318C0-97A5-4580-8932-DFCBB788C765} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {AA6B20B3-B30D-4FC8-A088-AF2EE896F8CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)

Task: {C58BB8DF-AF17-43E8-AFA4-69415F1F8475} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()

Task: {E75C1DF8-114F-43A3-A477-C4649BF30B74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\update-S-1-5-21-662125380-580819888-2351019072-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-11-07 14:33 - 2013-09-12 02:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-01-05 12:17 - 2014-01-05 12:17 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-02-27 15:53 - 2014-02-27 15:53 - 02967040 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll

2014-03-01 23:09 - 2014-03-01 23:09 - 02278912 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll

2012-04-24 20:18 - 2012-04-24 20:18 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll

2012-04-24 20:18 - 2012-04-24 20:18 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

MSCONFIG\startupreg: LightShot => C:\Users\Chris\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: WmiPrv => C:\Users\Chris\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/02/2014 02:40:20 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 03:34:35 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 02:10:06 AM) (Source: Application Error) (User: )

Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24

Exception code: 0xc000070a

Fault offset: 0x000000000005cf99

Faulting process id: 0x5cc

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

 

Error: (03/02/2014 00:44:36 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 00:35:47 AM) (Source: Application Error) (User: )

Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24

Exception code: 0xc0000024

Fault offset: 0x00000000000cd7e8

Faulting process id: 0xc44

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

 

Error: (03/01/2014 11:36:11 PM) (Source: Application Error) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: mshtml.dll, version: 11.0.9600.16518, time stamp: 0x52f37bcb

Exception code: 0xc00000fd

Fault offset: 0x00000000000655f2

Faulting process id: 0x6c4

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

 

Error: (03/01/2014 11:34:56 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 11:10:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 10:08:11 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 10:05:41 PM) (Source: Bonjour Service) (User: )

Description: 524: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

 

 

System errors:

=============

Error: (03/02/2014 03:32:11 AM) (Source: DCOM) (User: )

Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

 

Error: (03/01/2014 11:29:05 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (03/01/2014 11:26:48 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (03/01/2014 10:05:36 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (03/01/2014 10:05:31 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (03/01/2014 10:05:11 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (03/01/2014 10:03:21 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (03/01/2014 08:01:06 PM) (Source: DCOM) (User: )

Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

 

Error: (03/01/2014 06:25:29 PM) (Source: DCOM) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

 

Error: (03/01/2014 00:24:34 PM) (Source: DCOM) (User: )

Description: {EA022610-0748-4C24-B229-6C507EBDFDBB}

 

 

Microsoft Office Sessions:

=========================

Error: (03/02/2014 02:40:20 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 03:34:35 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 02:10:06 AM) (Source: Application Error)(User: )

Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf995cc01cf35e1c1e2ec7eC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dllae854f1b-a1d9-11e3-b7ab-94de80ce66f5

 

Error: (03/02/2014 00:44:36 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/02/2014 00:35:47 AM) (Source: Application Error)(User: )

Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000002400000000000cd7e8c4401cf35d8f00fe8dcC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll81581e18-a1cc-11e3-b457-94de80ce66f5

 

Error: (03/01/2014 11:36:11 PM) (Source: Application Error)(User: )

Description: Explorer.EXE6.1.7601.175674d672ee4mshtml.dll11.0.9600.1651852f37bcbc00000fd00000000000655f26c401cf35d0cae52507C:\Windows\Explorer.EXEC:\Windows\System32\mshtml.dll2dd1f6e9-a1c4-11e3-b457-94de80ce66f5

 

Error: (03/01/2014 11:34:56 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 11:10:06 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 10:08:11 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/01/2014 10:05:41 PM) (Source: Bonjour Service)(User: )

Description: 524: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-03-01 22:05:11.231

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-03-01 22:05:11.195

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 40%

Total physical RAM: 8173.54 MB

Available physical RAM: 4841.91 MB

Total Pagefile: 16347.07 MB

Available Pagefile: 12481.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:442.85 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 74697CAA)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================
Link to post
Share on other sites

Hello,

 

I need to check something:

 

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\Documents\*.*
    %USERPROFILE%\Downloads\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.*
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %ProgramData%\*.*
    %ProgramData%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    C:\Users\All Users\*.exe /s
    C:\Users\Default\*.exe /s
    C:\Users\Public\*.exe /s
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\*.
    %CommonProgramFiles%\ComObjects\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %Public%\Documents\*.*
    %Public%\Documents\*.
    %systemroot%\System32\config\systemprofile\*.exe /s
    %systemroot%\System32\config\systemprofile\*.*
    %systemroot%\System32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.
    %systemroot%\SysWow64\config\systemprofile\*.exe /s
    %systemroot%\SysWow64\config\systemprofile\*.*
    %systemroot%\SysWow64\config\systemprofile\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\AppPatch\*.exe /s
    %windir%\ShellNew\*.*
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s
    HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    smss.exe
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    kbdclass.sys
    kbdhid.sys
    mouclass.sys
    mouhid.sys
    spldr.sys
    dfsc.sys
    hlp.dat
    str.sys
    cerxvx.ocx
    crexv.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll

    iTunesHelper.dll
    /md5stop

  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Regards,

 

Georgi

Link to post
Share on other sites

Thank you so much for responding.

 

Here is my OTL.txt Log:


OTL logfile created on: 3/3/2014 6:13:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop\Clean
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 45.91% Memory free
15.96 Gb Paging File | 11.90 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 452.41 Gb Free Space | 48.57% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/03 06:10:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\Clean\OTL.scr
PRC - [2014/02/10 14:08:54 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/01/05 12:17:41 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/09/27 13:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Chris\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/12 04:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 20:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/24 20:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 20:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/20 13:45:19 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/11 11:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/03/03 00:05:29 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/28 15:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/25 16:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/20 15:14:25 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/10 14:08:54 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/01/05 12:17:41 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/18 09:38:40 | 002,102,072 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/12 04:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/02 11:56:54 | 001,095,824 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/16 07:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/10 12:01:58 | 002,211,528 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/02 21:31:36 | 000,301,256 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2013/01/02 21:31:34 | 000,231,112 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012/08/02 11:18:08 | 000,101,632 | ---- | M] (UT) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uth5x64.sys -- (H5xUSB)
DRV:64bit: - [2012/07/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/04 13:48:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/07/03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/04/11 12:30:00 | 000,708,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 18:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/12/16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdngg,,&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdnhQ,,&q={searchTerms}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdnhQ,,&q={searchTerms}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-da5TTgHn4EYUNRjmouJ4mNpeyckl0eNgH1QizYHE09VaiKXwqb16f8gSdxa3SSg,
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdnhQ,,&q={searchTerms}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdnhQ,,&q={searchTerms}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdnhQ,,&q={searchTerms}
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/"
FF - prefs.js..extensions.enabledAddons: %7B1F3015A6-75BF-4D05-CE58-E58B646B512F%7D:2.0.0
FF - prefs.js..extensions.enabledAddons: %7Be91449cd-6c9e-5d65-e8b4-c9468614f780%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-RPr1BxOio5wLkvIRnC_RKeSfM_VU_TjThEqKIfnKYSFqoyujh5XeNReHzFSdngQ,,&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2014/02/11 18:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2014/02/11 18:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014/03/02 20:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions
[2014/02/28 08:01:20 | 000,000,000 | ---D | M] (User Pinned) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{1F3015A6-75BF-4D05-CE58-E58B646B512F}
[2014/03/02 20:58:17 | 000,000,000 | ---D | M] ("Muvic") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}
[2014/02/11 18:58:43 | 000,008,664 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi
[2014/02/25 23:57:12 | 000,552,080 | ---- | M] () (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/03/02 20:52:56 | 000,022,864 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\searchplugins\Web Search.xml
[2014/03/03 00:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/03 00:05:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - homepage: http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0Nz9Id4b9lGTb8S8mHnLpYPPP_OKyjBhNlueVJPVHJOdmmoem1mBebpf8x_wjnq7-da5TTgHn4EYUNRjmouJ4mNpeyckl0eNgH1QizYHE09VaiKXwqb16f8gSdxa3SSg,
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/03/01 22:09:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-662125380-580819888-2351019072-1000..\Run: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-662125380-580819888-2351019072-1000..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-662125380-580819888-2351019072-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A5E27B4-74E8-4E3D-B099-879B57C8DB3E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBB91F37-5C75-4E9C-AFF1-19A45FEEF00A}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/07 00:18:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/03/01 19:03:52 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
MsConfig:64bit - StartUpReg: LightShot - hkey= - key= - C:\Users\Chris\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: WmiPrv - hkey= - key= - C:\Users\Chris\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe (Microsoft)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {04D2F05B-96CF-5C6B-5959-1738DF999D30} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {0A632B81-37D3-456D-8D2C-E2D2ED566F8B} - Themes Setup
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2C92A184-A505-B856-460C-39FD99969DFB} - Offline Browsing Pack
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {626EA6F6-4706-490D-513B-7F1197ACD03D} - Themes Setup
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7D064E77-8210-7244-EE00-18F27E9CF558} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B931D688-49AF-E2C4-CD8B-52999B411F2B} - Themes Setup
ActiveX:64bit: {C288000E-5FC7-1289-B011-5D2E0EC0334B} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E193458E-5A3D-0B40-E2D2-80B737821FEE} - Offline Browsing Pack
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{418EB146-C7FA-40DE-A235-483BD23BDF98} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 00:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/03 00:04:57 | 000,040,248 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2014/03/03 00:04:56 | 000,029,496 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2014/03/03 00:04:56 | 000,025,400 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2014/03/03 00:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2014/03/03 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG
[2014/03/03 00:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/03/03 00:01:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/02 23:49:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG2014
[2014/03/02 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2014/03/02 23:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/02 23:48:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/03/02 23:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/02 23:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/03/02 23:45:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/03/02 23:45:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MFAData
[2014/03/02 23:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/03/02 23:45:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Avg2014
[2014/03/02 20:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/03/02 20:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2014/03/02 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014/03/02 20:54:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Skype
[2014/03/02 20:53:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/02 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/02 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/02 18:26:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
[2014/03/02 14:49:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 23:31:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/01 23:31:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/01 21:57:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/03/01 21:57:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/03/01 21:57:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/03/01 21:57:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/01 21:57:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/01 19:55:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Clean
[2014/03/01 19:29:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/01 19:26:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2014/03/01 19:08:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PCFixKit
[2014/03/01 19:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixKit
[2014/03/01 19:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/03/01 19:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/03/01 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Shell Extension
[2014/02/28 07:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/02/28 07:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/02/28 02:52:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\DriverToolkit
[2014/02/28 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverToolkit
[2014/02/27 02:29:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\yep
[2014/02/24 20:26:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/23 23:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16
[2014/02/18 13:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2014/02/16 13:00:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Respawn
[2014/02/16 10:47:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\headus
[2014/02/15 15:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert Audio Free
[2014/02/12 18:54:31 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 18:53:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 18:53:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 18:53:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 18:53:57 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 18:53:57 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 18:53:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 18:53:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 18:53:55 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 18:53:55 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 18:53:55 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 18:53:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 18:53:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 18:53:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 18:53:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 18:53:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 18:53:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 18:53:54 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 18:53:54 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 18:53:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 18:53:54 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 18:53:53 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 18:53:52 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 18:53:51 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 11:17:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 11:17:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 11:17:52 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 11:17:52 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 11:17:52 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 11:17:51 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 11:17:51 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 11:17:51 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 11:17:51 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 11:17:51 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 11:17:51 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 11:17:51 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 11:17:51 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 11:17:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 11:17:51 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 11:17:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 11:17:51 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 11:17:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 11:17:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 11:17:47 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 11:17:47 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 18:58:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\ClipConverter
[2014/02/11 18:58:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClipConverter
[2014/02/11 18:57:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Lunaweb
[2014/02/01 21:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2014/02/01 21:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/03 06:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/03 06:06:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/03 05:32:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job
[2014/03/03 05:02:22 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-662125380-580819888-2351019072-1000.job
[2014/03/03 03:25:55 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 03:25:55 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 03:25:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 03:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 03:17:57 | 2132,959,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/03 03:17:11 | 000,003,560 | ---- | M] () -- C:\bootsqm.dat
[2014/03/03 00:04:47 | 000,002,232 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/03/03 00:04:47 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014/03/02 23:48:54 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/02 22:59:01 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/03/02 20:58:12 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/02 20:53:52 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/02 14:47:03 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 00:18:05 | 000,000,355 | ---- | M] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2014/03/01 22:09:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/01 20:05:30 | 000,000,017 | ---- | M] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2014/03/01 19:03:52 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/02/28 02:37:56 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/28 02:37:56 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/28 02:37:56 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 10:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job
[2014/02/25 18:24:49 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2014/02/25 15:22:06 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/21 17:08:56 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/20 15:14:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/20 15:14:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/18 13:23:08 | 000,001,339 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2014/02/16 10:47:48 | 000,001,178 | ---- | M] () -- C:\Users\Chris\Desktop\uvlayout - Shortcut.lnk
[2014/02/14 21:16:19 | 000,000,252 | ---- | M] () -- C:\Users\Chris\Desktop\spanish.rtf
[2014/02/11 22:15:06 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/02/11 18:58:33 | 000,001,151 | ---- | M] () -- C:\Users\Chris\Desktop\ClipConverter.lnk
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/01 21:32:07 | 000,001,003 | ---- | M] () -- C:\Users\Chris\Desktop\GameSpy Arcade.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 03:17:11 | 000,003,560 | ---- | C] () -- C:\bootsqm.dat
[2014/03/03 00:04:47 | 000,002,232 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
[2014/03/03 00:04:47 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014/03/03 00:04:46 | 000,002,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014/03/02 23:48:54 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/02 20:58:12 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/02 20:58:12 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/02 20:53:52 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/02 00:08:36 | 000,000,355 | ---- | C] () -- C:\Users\Chris\Desktop\Computer - Shortcut.lnk
[2014/03/01 21:57:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/01 21:57:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/01 21:57:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/01 21:57:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/01 21:57:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/03/01 20:05:30 | 000,000,017 | ---- | C] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2014/03/01 19:03:52 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/02/18 13:23:08 | 000,001,339 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2014/02/16 10:47:48 | 000,001,178 | ---- | C] () -- C:\Users\Chris\Desktop\uvlayout - Shortcut.lnk
[2014/02/14 21:16:19 | 000,000,252 | ---- | C] () -- C:\Users\Chris\Desktop\spanish.rtf
[2014/02/11 18:58:33 | 000,001,151 | ---- | C] () -- C:\Users\Chris\Desktop\ClipConverter.lnk
[2014/02/01 21:32:07 | 000,001,003 | ---- | C] () -- C:\Users\Chris\Desktop\GameSpy Arcade.lnk
[2014/01/26 16:45:43 | 000,000,020 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\SoundCloudDownloaderSettings.ini
[2014/01/05 12:17:42 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/05 12:17:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/06 23:27:47 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2013/12/03 17:12:20 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/21 13:19:33 | 000,000,044 | ---- | C] () -- C:\Users\Chris\jagex_cl_runescape_LIVE.dat
[2013/11/21 13:19:33 | 000,000,024 | ---- | C] () -- C:\Users\Chris\random.dat
[2013/11/21 13:19:28 | 000,000,023 | ---- | C] () -- C:\Users\Chris\jagexappletviewer.preferences
[2013/11/19 16:08:06 | 000,000,096 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\version2.xml
[2013/11/16 17:07:43 | 000,000,441 | ---- | C] () -- C:\Users\Chris\AppData\Local\UserProducts.xml
[2013/11/16 16:28:34 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 

Link to post
Share on other sites

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/07 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2014/03/03 00:04:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG
[2014/03/02 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2014
[2013/11/16 16:26:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Awesomium
[2014/01/27 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Battle.net
[2014/01/26 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Convert Audio Free
[2014/01/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Picture Solutions
[2013/12/02 14:25:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Kits
[2013/11/17 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2014/02/11 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lunaweb
[2013/12/02 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Luxology
[2013/11/22 14:18:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mirillis
[2013/11/30 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice
[2014/01/05 06:23:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2014/03/01 19:08:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCFixKit
[2014/01/21 11:27:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDAppFlex
[2013/11/17 03:08:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Publish Providers
[2013/11/17 16:45:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games
[2013/11/22 02:39:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SecondLife
[2014/03/03 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony
[2013/12/15 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony Creative Software Inc
[2013/11/19 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sytexis Software
[2014/01/13 03:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2014/03/02 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/12/03 16:59:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2014/03/02 20:00:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2014/03/01 19:03:52 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/03/03 03:17:11 | 000,003,560 | ---- | M] () -- C:\bootsqm.dat
[2014/03/01 23:31:17 | 000,014,152 | ---- | M] () -- C:\ComboFix.txt
[2014/03/03 03:17:57 | 2132,959,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/03 03:17:57 | 4275,605,503 | -HS- | M] () -- C:\pagefile.sys

< %SYSTEMDRIVE%\*. >
[2014/03/02 23:48:22 | 000,000,000 | -H-D | M] -- C:\$AVG
[2014/03/01 23:31:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013/11/21 13:19:29 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2014/03/02 03:32:06 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2013/12/07 00:18:22 | 000,000,000 | ---D | M] -- C:\Autodesk
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/11/19 16:00:28 | 000,000,000 | ---D | M] -- C:\Fraps
[2014/03/02 14:58:21 | 000,000,000 | ---D | M] -- C:\FRST
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2014/03/01 19:03:29 | 000,000,000 | R--D | M] -- C:\Program Files
[2014/03/03 00:12:15 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2014/03/03 00:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData
[2014/03/01 23:31:19 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013/11/16 14:40:28 | 000,000,000 | ---D | M] -- C:\Recovery
[2013/11/17 16:46:42 | 000,000,000 | ---D | M] -- C:\Riot Games
[2014/03/03 05:36:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2014/01/15 10:08:45 | 000,000,000 | ---D | M] -- C:\UDK
[2013/11/16 14:40:31 | 000,000,000 | R--D | M] -- C:\Users
[2013/11/19 15:49:58 | 000,000,000 | ---D | M] -- C:\UtilityOnlineMarch09
[2014/03/03 00:01:30 | 000,000,000 | ---D | M] -- C:\Windows

< %USERPROFILE%\*.* >
[2014/01/09 06:33:59 | 000,000,023 | ---- | M] () -- C:\Users\Chris\jagexappletviewer.preferences
[2014/01/09 06:10:15 | 000,000,044 | ---- | M] () -- C:\Users\Chris\jagex_cl_runescape_LIVE.dat
[2014/03/03 06:19:11 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2014/03/03 06:19:11 | 000,262,144 | -HS- | M] () -- C:\Users\Chris\ntuser.dat.LOG1
[2013/11/16 14:40:31 | 000,000,000 | -HS- | M] () -- C:\Users\Chris\ntuser.dat.LOG2
[2013/11/16 14:42:26 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/11/16 14:42:26 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/11/16 14:42:26 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/11/16 14:40:31 | 000,000,020 | -HS- | M] () -- C:\Users\Chris\ntuser.ini
[2014/01/09 07:32:51 | 000,000,024 | ---- | M] () -- C:\Users\Chris\random.dat

< %USERPROFILE%\*. >
[2013/11/16 14:40:31 | 000,000,000 | -H-D | M] -- C:\Users\Chris\AppData
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Application Data
[2014/02/18 01:22:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\ClipConverter
[2013/11/17 12:35:09 | 000,000,000 | R--D | M] -- C:\Users\Chris\Contacts
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Cookies
[2014/03/03 06:12:15 | 000,000,000 | R--D | M] -- C:\Users\Chris\Desktop
[2014/03/02 01:40:04 | 000,000,000 | R--D | M] -- C:\Users\Chris\Documents
[2014/03/03 06:12:03 | 000,000,000 | R--D | M] -- C:\Users\Chris\Downloads
[2013/11/17 12:35:09 | 000,000,000 | R--D | M] -- C:\Users\Chris\Favorites
[2013/11/21 13:19:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\jagexcache
[2013/11/17 12:35:09 | 000,000,000 | R--D | M] -- C:\Users\Chris\Links
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Local Settings
[2014/02/28 00:03:36 | 000,000,000 | R--D | M] -- C:\Users\Chris\Music
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\My Documents
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\NetHood
[2014/03/02 18:53:21 | 000,000,000 | R--D | M] -- C:\Users\Chris\Pictures
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\PrintHood
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Recent
[2014/03/02 00:24:00 | 000,000,000 | R--D | M] -- C:\Users\Chris\Saved Games
[2014/01/09 06:09:58 | 000,000,000 | R--D | M] -- C:\Users\Chris\Searches
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\SendTo
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Start Menu
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\Templates
[2014/02/26 14:45:44 | 000,000,000 | R--D | M] -- C:\Users\Chris\Videos

< %USERPROFILE%\*.exe /s >
[2013/06/04 23:47:02 | 000,142,576 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\admintool.exe
[2013/06/05 00:55:50 | 004,415,736 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\ControlPanel.exe
[2013/11/17 17:25:31 | 010,028,936 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\netsession_installer.exe
[2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
[2013/06/05 01:01:50 | 006,339,816 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\rswinui.exe
[2013/06/05 01:01:50 | 002,244,336 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Chris\AppData\Local\Akamai\uninstall.exe
[2014/02/22 23:10:58 | 000,064,384 | ---- | M] (Google) -- C:\Users\Chris\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
[2014/02/22 23:11:10 | 000,150,400 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Google Talk Plugin\reporter.exe
[2013/12/12 01:54:48 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
[2014/02/16 10:27:12 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
[2014/02/16 10:27:12 | 000,273,800 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
[2014/02/16 10:27:12 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleUpdate.exe
[2014/02/16 10:27:12 | 000,051,080 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
[2014/02/16 10:27:12 | 000,051,080 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
[2014/01/30 21:59:00 | 000,847,640 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
[2014/01/30 21:59:00 | 000,847,640 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
[2013/12/02 14:20:30 | 000,125,334 | ---- | M] () -- C:\Users\Chris\AppData\Local\Luxology\modo\701\58358\uninstall.exe
[2014/01/05 22:32:36 | 000,280,904 | ---- | M] () -- C:\Users\Chris\AppData\Local\PunkBuster\BF3\pb\PnkBstrB.exe
[2013/09/27 13:40:02 | 000,226,592 | ---- | M] () -- C:\Users\Chris\AppData\Local\Skillbrains\lightshot\LightShot.exe
[2013/11/16 17:07:37 | 001,535,776 | ---- | M] () -- C:\Users\Chris\AppData\Local\Skillbrains\lightshot\unins000.exe
[2013/09/27 13:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\Chris\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
[2014/03/02 20:57:51 | 024,039,048 | ---- | M] (Mozilla) -- C:\Users\Chris\AppData\Local\Temp\6_Offer_20.exe
[2014/03/03 03:36:07 | 000,510,848 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\Temp\AKGCJMV.exe
[2014/03/02 20:57:19 | 001,365,784 | ---- | M] (@@@) -- C:\Users\Chris\AppData\Local\Temp\DM1393811819.exe
[2014/03/03 03:36:35 | 000,514,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\Temp\LDYDB.exe
[2014/03/03 04:04:58 | 000,433,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\Temp\MVOZ.exe
[74 C:\Users\Chris\AppData\Local\Temp\*.tmp files -> C:\Users\Chris\AppData\Local\Temp\*.tmp -> ]
[2014/03/02 20:52:32 | 010,165,280 | ---- | M] () -- C:\Users\Chris\AppData\Local\Temp\26cff349-121a-4dac-b684-3df883f2df20\software\Installer.exe
[2014/03/02 20:53:39 | 034,829,472 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Chris\AppData\Local\Temp\26cff349-121a-4dac-b684-3df883f2df20\software\SkypeSetupFull.exe
[2014/03/02 23:45:29 | 004,462,392 | ---- | M] (AVG Technologies) -- C:\Users\Chris\AppData\Local\Temp\pgkkdko9.tmp\avg_isct_stb_all_2014_4335.exe
[2014/03/02 20:57:12 | 000,108,024 | ---- | M] () -- C:\Users\Chris\AppData\Local\Temp\w45qp3mh.tmp\Firefox.exe
[2013/12/03 16:56:40 | 000,644,396 | ---- | M] (Unity Technologies ApS) -- C:\Users\Chris\AppData\Local\Unity\WebPlayer\Uninstall.exe
[2014/02/04 20:43:02 | 000,640,024 | ---- | M] (Digital Extremes) -- C:\Users\Chris\AppData\Local\Warframe\Downloaded\Dev\Tools\Launcher.exe
[2014/03/02 18:26:33 | 000,537,432 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\AppData\Local\Warframe\Downloaded\Public\Drivers\DirectX9\DXSETUP.exe
[2014/02/04 20:43:02 | 000,640,024 | ---- | M] (Digital Extremes) -- C:\Users\Chris\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
[2014/02/04 20:43:02 | 000,640,024 | ---- | M] (Digital Extremes) -- C:\Users\Chris\AppData\Local\Warframe\Downloaded\Test\Tools\Launcher.exe
[2014/01/15 09:35:33 | 000,145,408 | ---- | M] () -- C:\Users\Chris\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe
[2013/11/25 13:07:56 | 000,740,936 | ---- | M] (Unity Technologies ApS) -- C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\UnityBugReporter.exe
[2013/11/25 13:07:54 | 000,581,192 | ---- | M] (Unity Technologies ApS) -- C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\UnityWebPlayerUpdate.exe
[2014/02/28 16:47:49 | 000,580,096 | ---- | M] (Microsoft) -- C:\Users\Chris\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe
[2012/09/10 12:05:05 | 000,020,480 | ---- | M] (Lunaweb Ltd.) -- C:\Users\Chris\AppData\Roaming\Lunaweb\ClipConverter\ClipConverter.exe
[2012/08/21 20:13:17 | 020,045,312 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Lunaweb\ClipConverter\data\bin\ffmpeg.exe
[2012/10/20 10:51:19 | 005,049,704 | ---- | M] (Joyent, Inc) -- C:\Users\Chris\AppData\Roaming\Lunaweb\ClipConverter\data\bin\node.exe
[2014/03/02 18:26:01 | 000,011,502 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{2937C578-0CDD-4936-A869-912FD029436E}\Launcher.exe
[2013/11/22 14:18:32 | 000,087,182 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_09912A6E70625970AC72AF.exe
[2013/11/22 14:18:32 | 000,009,662 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_1A67533F0F4D8CFF9EA64A.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_1E02B3D8732010A792DC8B.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_21F3885A18D238E15AAE81.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_415493353D745EEA216D94.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_6FEFF9B68218417F98F549.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_806048DC66200FE6D24FF3.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_85972F4A73DF7EADFBAFC2.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_934312A2105DE40686D86A.exe
[2013/11/22 14:18:32 | 000,087,182 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_A4F3F1A9C4AF386B556FEA.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_A753214149FB4F8721C1CB.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_A7A1F24988209FFD6FF84A.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_C7EFEC170C2E3BE8B9D183.exe
[2013/11/22 14:18:32 | 000,087,182 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_CDA0188CE4AD2FE79AB186.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_CF15DB293FB3ABD44856FB.exe
[2013/11/22 14:18:32 | 000,087,182 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_D65D4A8C83A3E44545A2D1.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_D707CE1C009F1381803C2C.exe
[2013/11/22 14:18:32 | 000,287,934 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{8B4A6011-BB10-4918-B561-3F6CF5712B37}\_FD8B6BA922FF5C34868F02.exe
[2013/11/21 13:19:02 | 000,009,662 | R--- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}\launcher.exe
[2013/11/16 17:03:34 | 001,142,864 | ---- | M] (BitTorrent Inc.) -- C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe
[2013/11/16 17:03:34 | 001,142,864 | ---- | M] (BitTorrent Inc.) -- C:\Users\Chris\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
[2013/11/21 00:04:40 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\Desktop\procexp.exe
[2013/10/30 23:05:10 | 044,543,488 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\3D-CoatDX64C.exe
[2013/10/30 23:05:08 | 043,992,576 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\3D-CoatDX64S.exe
[2013/10/30 23:05:10 | 038,345,728 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\3D-CoatGL64C.exe
[2013/10/30 23:05:10 | 037,808,640 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\3D-CoatGL64S.exe
[2008/06/19 01:14:18 | 000,056,832 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\SetAdminShortcut.exe
[2013/10/30 23:01:00 | 000,162,581 | ---- | M] () -- C:\Users\Chris\Desktop\3D-Coat-V4\Uninstall.exe
[2002/02/11 00:53:58 | 000,006,144 | R--- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V01 - General Textures\winopen.exe
[2002/02/10 18:53:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V04 - Humans and Creatures\winopen.exe
[2002/02/10 18:53:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V05 - Dirt and Grafitti\winopen.exe
[2004/07/14 14:31:32 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V06 - Clean Textures\winopen.exe
[2004/07/22 16:12:36 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V07 - Sci-fi\winopen.exe
[2002/02/11 01:53:58 | 000,006,144 | R--- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V09 - Ancient Tribes & Civilisations\winopen.exe
[2005/11/05 22:13:13 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V10 - Trees and Plants\winopen.exe
[2005/02/11 11:44:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V11 - Alien Organic\winopen.exe
[2005/02/11 12:02:30 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V12 - Textures from around the World 1\winopen.exe
[2005/02/11 12:17:00 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V13 - Textures from around the World 2\winopen.exe
[2005/11/05 22:28:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V14 - Fantasy\winopen.exe
[2002/02/10 22:53:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V15 - Toon Textures\winopen.exe
[2002/02/10 22:53:58 | 000,006,144 | ---- | M] () -- C:\Users\Chris\Desktop\3DTotal Total Textures 1-16\Total Textures V15 - Toon Textures\Total Textures V15 - Toon Textures\winopen.exe
[2014/03/01 19:56:43 | 001,244,192 | ---- | M] () -- C:\Users\Chris\Desktop\Clean\AdwCleaner.exe
[2014/03/03 05:00:54 | 005,185,084 | ---- | M] (Swearware) -- C:\Users\Chris\Desktop\Clean\ComboFix.exe
[2014/03/02 14:47:36 | 002,156,544 | ---- | M] (Farbar) -- C:\Users\Chris\Desktop\Clean\FRST64.exe
[2013/01/01 16:53:58 | 005,431,296 | ---- | M] (Monolith Productions, Inc.) -- C:\Users\Chris\Desktop\F.E.A.R\FEARMP.exe
[2013/09/20 07:13:38 | 000,475,136 | ---- | M] () -- C:\Users\Chris\Desktop\OpenOffice 4.0.1 (en-US) Installation Files\setup.exe
[2013/09/20 07:13:38 | 005,207,896 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\OpenOffice 4.0.1 (en-US) Installation Files\redist\vcredist_x64.exe
[2013/09/20 07:13:38 | 004,479,832 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\OpenOffice 4.0.1 (en-US) Installation Files\redist\vcredist_x86.exe
[2012/08/01 06:34:16 | 005,185,536 | ---- | M] () -- C:\Users\Chris\Desktop\Playstation 2\pcsx2-r5350.exe
[2007/08/27 21:47:37 | 001,912,832 | R--- | M] () -- C:\Users\Chris\Desktop\Playstation\psxfin.exe
[2007/07/22 23:06:30 | 000,155,648 | R--- | M] () -- C:\Users\Chris\Desktop\Playstation\utils\cdztool.exe
[2013/12/28 04:55:00 | 002,046,484 | ---- | M] () -- C:\Users\Chris\Desktop\Pokemmo\PokeMMO.exe
[2013/07/31 13:08:14 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\Desktop\Process Explorer\procexp.exe
[2013/11/27 17:10:32 | 011,276,800 | ---- | M] () -- C:\Users\Chris\Desktop\Ragsoul\Ragsoul_Game\Ragsoul_Game\Rag_game.exe
[2013/09/05 08:25:44 | 000,170,080 | ---- | M] (NirSoft) -- C:\Users\Chris\Desktop\Shell Extension\shexview.exe
[2013/02/15 22:28:40 | 021,394,944 | ---- | M] () -- C:\Users\Chris\Desktop\StreetFighter\Converter\bin\ffmpeg.exe
[2013/02/16 16:10:50 | 002,970,624 | ---- | M] () -- C:\Users\Chris\Desktop\StreetFighter\Converter\bin\ffmpegwrapper.exe
[2013/02/15 22:28:40 | 021,330,944 | ---- | M] () -- C:\Users\Chris\Desktop\StreetFighter\Converter\bin\ffplay.exe
[2013/02/15 22:28:40 | 021,339,136 | ---- | M] () -- C:\Users\Chris\Desktop\StreetFighter\Converter\bin\ffprobe.exe
[2008/10/24 19:10:40 | 000,880,640 | ---- | M] (USC Institute For Creative Technologies) -- C:\Users\Chris\Desktop\Text and Lighting\HDRShop.exe
[2014/01/21 12:05:56 | 1874,254,921 | ---- | M] () -- C:\Users\Chris\Desktop\TO\ADOBE PHOTOSHOP CS6 EXTENDED EDITION INSTALLER PACK-2010kaiser.exe
[2013/11/28 07:07:50 | 154,348,096 | ---- | M] (Online Media Technologies Ltd.                              ) -- C:\Users\Chris\Desktop\TO\AVS Video Editor 6.4.1.240 Incl Patch (MPT) - KurdTM\AVS.Video.Editor.6.4.1.240.exe
[2013/12/02 13:55:19 | 200,701,864 | ---- | M] () -- C:\Users\Chris\Desktop\TO\LUXOLOGY_MODO_V7.0.1-XFORCE\MODO_701_win.exe
[2013/12/02 13:54:20 | 000,344,064 | ---- | M] () -- C:\Users\Chris\Desktop\TO\LUXOLOGY_MODO_V7.0.1-XFORCE\Crack\XF-Modo701-KG.exe
[2013/11/19 16:33:30 | 070,284,386 | ---- | M] (ChattChitto RG©) -- C:\Users\Chris\Desktop\TO\SnagIt v11.0.0.207 + Serials [ChattChitto RG]\SnagIt v11.0.0.207 + Serials [ChattChitto RG].exe
[2014/01/16 14:42:41 | 232,464,368 | ---- | M] (Sony Creative Software Inc.) -- C:\Users\Chris\Desktop\TO\Sony Vegas Pro 12 Build 367 (64 bit patch-KHG) [ChingLiu]\vegaspro12.0.367.exe
[2007/12/09 16:44:02 | 000,020,480 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\claunch-uvlayout.exe
[2007/12/09 16:44:02 | 000,020,480 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\claunch.exe
[2007/12/09 17:00:04 | 000,708,608 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\cyeatP.exe
[2007/12/09 16:50:22 | 000,258,048 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\cysliceP.exe
[2007/12/09 16:44:06 | 000,024,576 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\headush.exe
[2007/12/09 16:44:20 | 000,049,152 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\hfilesel.exe
[2007/12/09 16:45:12 | 000,200,704 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\hlmanager.exe
[2007/12/09 16:44:32 | 000,106,496 | ---- | M] (headus (metamorphosis) Pty Ltd) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\howin32.exe
[2007/12/09 16:45:06 | 000,077,824 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\iview.exe
[2007/12/09 16:45:14 | 000,053,248 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\kbstate.exe
[2007/12/09 16:43:44 | 000,028,672 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\obj2ply.exe
[2007/11/28 23:50:58 | 000,020,480 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\ply2dxf.exe
[2007/12/09 16:43:48 | 000,024,576 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\ply2obj.exe
[2007/12/09 16:43:58 | 000,053,248 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\plyop.exe
[2007/12/09 16:44:42 | 000,069,632 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\plyview.exe
[2007/12/09 16:44:08 | 000,020,480 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\scrsave.exe
[2007/12/09 14:00:04 | 000,057,344 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\uvlayout.exe
[2007/12/09 13:44:54 | 000,081,920 | ---- | M] (headus (metamorphosis)) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\vgui.exe
[2007/12/24 16:19:58 | 010,393,400 | ---- | M] (headus                                                      ) -- C:\Users\Chris\Desktop\UVLayout v2 Professional\HEADUS_UVLAYOUT_V2.00.05_PRO\iuvlayout-pro-2.00.05.exe
[2013/04/29 02:30:46 | 013,592,144 | ---- | M] (Blizzard Entertainment) -- C:\Users\Chris\Desktop\World of Warcraft - Cataclysm 4.3.4 (15595)\MonsterWoW-x64.exe
[2012/04/16 11:52:22 | 000,083,024 | ---- | M] () -- C:\Users\Chris\Desktop\World of Warcraft - Cataclysm 4.3.4 (15595)\MovieProxy.exe
[2013/11/27 15:22:33 | 006,396,128 | ---- | M] (Blizzard Entertainment) -- C:\Users\Chris\Desktop\World of Warcraft - Cataclysm 4.3.4 (15595)\World of Warcraft - Cataclysm 4.3.4 (15595)\BackgroundDownloader.exe
[2013/11/27 14:01:44 | 010,474,064 | ---- | M] (Blizzard Entertainment) -- C:\Users\Chris\Desktop\World of Warcraft - Cataclysm 4.3.4 (15595)\World of Warcraft - Cataclysm 4.3.4 (15595)\Wow.exe
[2013/11/27 13:55:24 | 000,092,240 | ---- | M] () -- C:\Users\Chris\Desktop\World of Warcraft - Cataclysm 4.3.4 (15595)\World of Warcraft - Cataclysm 4.3.4 (15595)\WowError.exe
[2014/03/03 00:00:14 | 078,353,832 | ---- | M] (AVG) -- C:\Users\Chris\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
[2011/11/11 14:33:54 | 000,009,728 | ---- | M] () -- C:\Users\Chris\jagexcache\jagexlauncher\bin\JagexLauncher.exe

< %USERPROFILE%\Documents\*.* >
[2013/11/17 12:35:09 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Documents\desktop.ini
[2013/11/19 16:05:34 | 000,001,362 | ---- | M] () -- C:\Users\Chris\Documents\DSRecorder.txt
[2013/11/16 18:07:00 | 000,112,820 | ---- | M] () -- C:\Users\Chris\Documents\Install STAR WARS The Old Republic.log
[2013/12/16 11:16:43 | 000,003,004 | ---- | M] () -- C:\Users\Chris\Documents\Register Vegas Pro.htm

< %USERPROFILE%\Downloads\*.* >
[2014/03/03 00:00:14 | 078,353,832 | ---- | M] (AVG) -- C:\Users\Chris\Downloads\avg_tuh_stf_all_2014_295_24c4.exe
[2013/11/17 12:35:09 | 000,000,282 | -HS- | M] () -- C:\Users\Chris\Downloads\desktop.ini

< %USERPROFILE%\AppData\Local\*.* >
[2014/01/21 12:19:13 | 000,083,856 | ---- | M] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2014/03/03 00:39:49 | 005,157,258 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2014/03/01 20:05:30 | 000,000,017 | ---- | M] () -- C:\Users\Chris\AppData\Local\resmon.resmoncfg
[2013/11/16 17:07:42 | 000,000,003 | ---- | M] () -- C:\Users\Chris\AppData\Local\updater.log
[2013/11/16 17:07:43 | 000,000,441 | ---- | M] () -- C:\Users\Chris\AppData\Local\UserProducts.xml

< %USERPROFILE%\AppData\Local\*. >
[2014/03/02 03:30:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Adobe
[2014/01/21 12:11:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Adobe Tool
[2013/11/17 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Akamai
[2013/11/17 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Apple
[2013/12/03 16:57:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Apple Computer
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\Application Data
[2014/03/01 22:05:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\assembly
[2013/11/18 19:22:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Autodesk
[2014/03/02 23:52:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Avg2014
[2013/11/20 13:22:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\backburner
[2014/01/29 17:16:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Battle.net
[2014/01/27 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Blizzard
[2014/01/27 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Blizzard Entertainment
[2013/11/17 12:44:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Corel_Corporation
[2014/03/03 04:05:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\CrashDumps
[2014/03/02 19:45:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Diagnostics
[2014/02/28 02:52:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\DriverToolkit
[2014/03/02 19:45:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2014/01/05 22:32:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\ESN
[2014/01/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Free Picture Solutions
[2014/01/30 14:21:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google
[2014/02/16 11:40:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\headus
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\History
[2013/12/02 14:20:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Luxology
[2013/11/16 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Macromedia
[2014/03/02 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\MFAData
[2014/01/30 12:00:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Microsoft
[2014/02/24 18:46:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Mirillis
[2013/11/27 02:32:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Mozilla
[2014/01/05 22:28:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Origin
[2013/12/12 03:24:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\PMB Files
[2013/11/16 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Programs
[2014/01/05 22:32:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\PunkBuster
[2013/11/22 02:50:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\SecondLife
[2013/11/16 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Skillbrains
[2014/03/02 20:54:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Skype
[2013/11/17 03:08:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Sony
[2013/11/16 20:07:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\SWTOR
[2013/11/16 18:08:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\SWTORPerf
[2013/11/19 16:21:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\TechSmith
[2014/03/03 06:18:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Temp
[2013/11/16 14:40:31 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2013/12/03 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Unity
[2013/11/17 16:51:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\VirtualStore
[2014/03/02 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Warframe

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.* >
[2013/12/12 01:50:30 | 000,001,023 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2013/12/12 01:50:30 | 000,001,023 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2014/03/03 00:11:03 | 000,008,192 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2014/02/09 13:04:20 | 000,038,912 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2014/01/27 17:57:20 | 000,181,623 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2014/03/03 00:11:03 | 000,094,208 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\History
[2013/12/12 01:50:26 | 000,018,432 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2014/03/01 18:59:41 | 000,019,456 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
[2014/03/02 20:56:29 | 000,062,854 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences
[2014/01/27 17:59:30 | 000,013,312 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2013/12/12 01:50:10 | 000,000,180 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\README
[2014/03/02 20:52:55 | 000,000,032 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Reset Prompt Memento
[2014/03/01 18:59:37 | 000,012,288 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2014/01/27 17:59:08 | 000,000,324 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2014/03/03 00:11:04 | 000,077,824 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2014/03/02 20:52:55 | 000,081,920 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*. >
[2014/03/01 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Cache
[2014/03/01 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\databases
[2014/02/09 13:03:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
[2014/02/27 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions
[2013/12/12 01:49:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\GPUCache
[2014/01/27 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\IndexedDB
[2013/12/19 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
[2013/12/19 18:13:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
[2014/02/28 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\kgbfdabplphfafenmofiofilgeglfbcp
[2014/03/01 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage
[2013/12/19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Media Cache
[2013/12/12 01:50:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Pepper Data
[2014/02/09 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Session Storage
[2014/03/01 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Sync Data
[2013/12/12 01:49:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets

< %USERPROFILE%\AppData\Local\temp\*.exe >
[2014/03/02 20:57:51 | 024,039,048 | ---- | M] (Mozilla) -- C:\Users\Chris\AppData\Local\temp\6_Offer_20.exe
[2014/03/03 03:36:07 | 000,510,848 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\temp\AKGCJMV.exe
[2014/03/02 20:57:19 | 001,365,784 | ---- | M] (@@@) -- C:\Users\Chris\AppData\Local\temp\DM1393811819.exe
[2014/03/03 03:36:35 | 000,514,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\temp\LDYDB.exe
[2014/03/03 04:04:58 | 000,433,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Chris\AppData\Local\temp\MVOZ.exe
[74 C:\Users\Chris\AppData\Local\temp\*.tmp files -> C:\Users\Chris\AppData\Local\temp\*.tmp -> ]

< %USERPROFILE%\AppData\Roaming\*.* >
[2014/02/11 22:15:06 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/02/25 18:24:49 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2014/01/26 16:46:49 | 000,000,020 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\SoundCloudDownloaderSettings.ini
[2013/11/19 16:08:06 | 000,000,096 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\version2.xml

< %USERPROFILE%\AppData\Roaming\*. >
[2014/03/01 22:05:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Adobe
[2013/12/03 16:57:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2013/12/07 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2014/03/03 00:04:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG
[2014/03/02 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2014
[2013/11/28 07:13:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVS4YOU
[2013/11/16 16:26:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Awesomium
[2014/01/27 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Battle.net
[2014/01/26 16:40:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Convert Audio Free
[2013/11/17 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Corel Corporation
[2013/11/17 12:44:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FLEXnet
[2014/01/26 18:14:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Picture Solutions
[2013/11/16 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Identities
[2013/12/02 14:25:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Kits
[2013/11/17 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2014/02/11 18:58:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Lunaweb
[2013/12/02 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Luxology
[2013/11/16 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2014/01/18 14:41:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010/11/21 02:16:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2013/12/16 11:13:28 | 000,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2013/11/22 14:18:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mirillis
[2014/02/26 19:35:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2013/11/18 19:25:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NVIDIA
[2013/11/30 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice
[2014/01/05 06:23:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2014/03/01 19:08:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCFixKit
[2014/01/21 11:27:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDAppFlex
[2013/11/17 03:08:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Publish Providers
[2013/11/17 16:45:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games
[2013/11/17 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Roxio
[2013/11/16 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Roxio Log Files
[2013/11/22 02:39:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SecondLife
[2013/11/17 15:52:47 | 000,000,000 | RH-D | M] -- C:\Users\Chris\AppData\Roaming\SecuROM
[2014/03/03 06:18:03 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Skype
[2014/03/03 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony
[2013/12/15 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony Creative Software Inc
[2013/11/19 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sytexis Software
[2014/01/13 03:07:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2014/03/02 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/12/03 16:59:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2014/03/02 20:00:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/11/27 01:53:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinRAR

< %ProgramData%\*.* >

< %ProgramData%\*. >
[2014/03/02 20:40:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2013/11/17 16:42:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2013/11/17 16:42:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/12/07 17:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2014/03/03 00:06:14 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG
[2014/03/03 00:10:30 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2014
[2013/11/28 07:13:40 | 000,000,000 | ---D | M] -- C:\ProgramData\AVS4YOU
[2013/11/27 04:40:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2013/11/27 02:15:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard
[2014/01/27 20:20:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment
[2014/03/02 23:45:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2014/01/05 22:28:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2014/01/05 22:32:17 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2014/01/05 22:28:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/11/18 19:22:31 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2014/02/18 13:28:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Freemake
[2013/11/16 16:25:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Hi-Rez Studios
[2013/11/16 16:29:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2014/01/18 14:40:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2013/12/14 03:58:25 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2014/03/03 04:47:49 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2014/03/02 20:20:44 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/11/22 14:18:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Mirillis
[2013/11/16 15:07:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2014/03/03 03:18:15 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2013/11/07 14:33:34 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2014/01/15 09:36:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2014/02/18 15:12:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2014/02/28 07:35:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2013/12/12 03:24:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2013/11/25 00:11:20 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/11/16 16:30:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2014/03/02 20:53:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2013/11/16 16:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2014/01/16 14:44:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2014/01/11 03:51:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2013/11/19 16:41:42 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/11/16 16:30:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2013/12/03 16:59:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Unity
[2014/03/03 00:10:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

< %programdata%\Microsoft\Windows\DRM\*.tmp >

< %programdata%\Microsoft\DRM\*.tmp >

< C:\Users\All Users\*.exe /s >
[2013/11/27 04:40:23 | 000,428,592 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Agent\Agent.exe
[2013/11/27 04:40:23 | 001,620,016 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Agent\Blizzard Uninstaller.exe
[2013/11/27 04:40:23 | 000,333,360 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\Users\All Users\Battle.net\Agent\BlizzardError.exe
[2013/11/27 04:40:18 | 000,499,712 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\Users\All Users\Battle.net\Agent\ErrorReporter.exe
[2013/11/27 04:40:18 | 005,845,624 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Agent\Agent.1040\Agent.exe
[2013/11/27 04:40:23 | 006,259,248 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Agent\Agent.2380\Agent.exe
[2014/01/27 20:19:22 | 008,830,512 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Agent\Agent.beta.2581\Agent.exe
[2013/11/27 04:40:38 | 000,533,184 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Client\Blizzard Launcher.exe
[2013/11/27 04:40:27 | 017,735,288 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Client\Blizzard Launcher.1682\Blizzard Launcher.exe
[2013/11/27 04:40:38 | 019,252,784 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Client\Blizzard Launcher.2005\Blizzard Launcher.exe
[2013/11/27 12:21:07 | 001,842,736 | ---- | M] (Blizzard Entertainment) -- C:\Users\All Users\Battle.net\Setup\wow_engb\World of Warcraft Setup.exe
[2010/05/21 13:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\FLEXnet\Connect\11\agent.exe
[2010/05/21 13:40:26 | 000,443,760 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\FLEXnet\Connect\11\ISDM.exe
[2010/05/21 13:40:28 | 000,087,408 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\FLEXnet\Connect\11\issch.exe
[2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\FLEXnet\Connect\11\ISUSPM.exe
[2010/05/21 13:40:38 | 000,718,192 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\Macrovision\FLEXnet Connect\11\agent.exe
[2010/05/21 13:40:36 | 000,746,864 | ---- | M] (Flexera Software, Inc.) -- C:\Users\All Users\Macrovision\FLEXnet Connect\6\agent.exe
[2014/02/28 07:34:55 | 000,453,872 | ---- | M] (Microsoft Corporation) -- C:\Users\All Users\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
[2013/11/16 16:23:47 | 005,843,600 | ---- | M] (Corel Corporation) -- C:\Users\All Users\Uninstall\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}\setup.exe
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/11/16 15:37:30 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/16 17:07:42 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\update-sys.job
[2013/11/16 17:07:43 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\update-S-1-5-21-662125380-580819888-2351019072-1000.job
[2013/12/12 01:48:35 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 01:48:36 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/01/30 14:21:18 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000Core.job
[2014/01/30 14:21:19 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-662125380-580819888-2351019072-1000UA.job

< C:\Users\Default\*.exe /s >

< C:\Users\Public\*.exe /s >

< %CommonProgramFiles%\*.* >

< %CommonProgramFiles%\*. >
[2014/03/02 20:40:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/17 17:55:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013/11/28 07:12:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/11/16 18:04:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\BioWare
[2014/01/29 16:41:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2014/02/16 12:58:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files\EAInstaller
[2014/01/29 16:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/01/11 03:51:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2013/11/16 15:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared
[2013/11/16 16:29:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013/11/16 16:29:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2014/03/02 20:53:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/16 16:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2014/03/02 18:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Steam
[2013/11/17 12:31:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2011/11/22 11:41:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live
[2014/03/01 19:02:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

< %CommonProgramFiles%\ComObjects\*.* >

< %ProgramFiles%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %ProgramFiles%\*. >
[2014/03/02 20:40:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2013/11/07 14:34:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2013/11/17 16:42:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2013/11/20 13:45:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Autodesk
[2014/03/03 00:04:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2013/11/28 07:12:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVS4YOU
[2014/01/27 20:20:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battle.net
[2014/01/26 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013/12/02 14:20:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2013/11/16 15:11:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Capcom
[2014/03/02 20:53:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2014/02/15 15:20:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Convert Audio Free
[2014/02/28 02:54:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DriverToolkit
[2013/11/16 17:09:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2013/11/26 21:12:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eMu3Ds
[2014/01/26 18:14:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Picture Solutions
[2014/02/18 13:23:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Freemake
[2014/02/01 21:32:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameSpy Arcade
[2013/12/12 01:49:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2014/01/29 17:12:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hearthstone
[2013/11/16 16:25:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hi-Rez Studios
[2014/01/29 16:55:00 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/02/12 21:48:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2014/01/15 09:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2013/11/26 00:51:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LG Electronics
[2014/03/02 14:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/26 16:42:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2014/02/01 21:30:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2013/11/16 15:24:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/11/22 11:42:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/22 11:43:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/11/16 16:26:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/22 14:16:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mirillis
[2014/03/03 00:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/03 00:12:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2014/03/03 03:17:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013/11/18 01:47:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2013/11/07 14:34:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/11/28 07:10:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice 4
[2014/02/18 15:12:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2014/03/01 16:27:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2013/11/17 16:45:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2014/03/01 19:20:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PCFixKit
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/16 16:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio Game Capture HD PRO
[2013/11/17 16:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2014/02/28 07:34:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Seagate
[2013/11/21 23:05:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SecondLifeViewer
[2014/01/29 16:54:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sierra
[2013/11/16 17:07:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Skillbrains
[2014/03/02 20:53:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013/11/17 03:00:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2014/03/02 20:02:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2013/11/19 16:06:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sytexis Software
[2013/11/19 16:41:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TechSmith
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2014/03/02 20:54:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstaller
[2013/12/03 16:56:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Unity
[2013/11/07 14:32:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VIA
[2013/11/17 12:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/11/22 11:55:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013/12/11 15:09:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2013/11/27 01:53:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR

< %Public%\Documents\*.* >
[2009/07/13 23:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

< %Public%\Documents\*. >
[2013/11/16 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\microsoft
[2014/01/29 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\Monolith Productions
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Music
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Videos
[2013/12/03 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\Unity Projects

< %systemroot%\System32\config\systemprofile\*.exe /s >
[2013/11/16 15:07:11 | 008,282,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\BingBarSetup-Partner[1].EXE

< %systemroot%\System32\config\systemprofile\*.* >

< %systemroot%\System32\config\systemprofile\*. >
[2009/07/13 23:55:33 | 000,000,000 | --SD | M] -- C:\Windows\System32\config\systemprofile\AppData

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %systemroot%\system32\config\systemprofile\AppData\Local\*. >
[2014/03/02 23:53:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014
[2013/12/12 01:54:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Google
[2009/07/13 23:54:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft

< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >

< %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >
[2014/03/02 23:49:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2014
[2009/07/13 23:54:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft
[2013/11/17 12:44:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Roxio

< %systemroot%\SysWow64\config\systemprofile\*.exe /s >
[2013/11/16 15:07:11 | 008,282,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\BingBarSetup-Partner[1].EXE

< %systemroot%\SysWow64\config\systemprofile\*.* >

< %systemroot%\SysWow64\config\systemprofile\*. >
[2009/07/13 23:55:33 | 000,000,000 | --SD | M] -- C:\Windows\SysWow64\config\systemprofile\AppData

< %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*. >
[2014/03/02 23:53:08 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg2014
[2013/12/12 01:54:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
[2009/07/13 23:54:17 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft

< %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >

< %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*. >
[2014/03/02 23:49:30 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG2014
[2009/07/13 23:54:17 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft
[2013/11/17 12:44:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Roxio

< %systemroot%\ServiceProfiles\*.exe /s >

< %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.* >
[2011/11/22 11:57:21 | 000,692,696 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1889288938-2270887571-2738792734-500-12288.dat
[2013/11/17 05:29:11 | 000,725,660 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-662125380-580819888-2351019072-1000-12288.dat
[2013/11/16 15:25:26 | 001,666,744 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-662125380-580819888-2351019072-1000-4096.dat
[2013/11/17 05:29:10 | 007,591,672 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-662125380-580819888-2351019072-1000-8192.dat
[2013/11/07 14:36:06 | 000,229,488 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-662125380-580819888-2351019072-500-12288.dat
[2014/03/02 03:32:14 | 001,548,120 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2014/03/03 03:18:15 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2014/03/03 03:18:15 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2014/01/18 08:21:34 | 016,777,216 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
[2014/02/19 21:01:15 | 008,388,608 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-662125380-580819888-2351019072-1000.dat
[2014/01/21 12:16:04 | 000,529,836 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat

< %systemroot%\ServiceProfiles\LocalService\AppData\Local\*. >
[2013/11/16 15:03:49 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
[2013/11/16 15:00:14 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm
[2013/11/22 14:12:50 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp

< %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >

< %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.* >

< %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*. >
[2013/11/17 14:36:15 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft
[2014/02/08 17:52:13 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking

< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.* >

< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*. >
[2014/02/08 18:40:56 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft
[2014/03/02 21:00:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp

< %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >

< %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.* >

< %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*. >
[2010/11/20 22:27:14 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft

< %windir%\temp\*.exe >

< %windir%\*. >
[2014/03/01 19:17:40 | 000,000,000 | ---D | M] -- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2014/03/01 23:26:52 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2014/03/02 20:56:33 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2014/03/01 18:58:36 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2013/11/17 12:31:42 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2011/11/22 11:44:24 | 000,000,000 | ---D | M] -- C:\Windows\en
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2014/03/01 23:29:53 | 000,000,000 | ---D | M] -- C:\Windows\erdnt
[2014/01/21 12:16:04 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2010/11/21 02:19:27 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2013/11/07 14:33:40 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2014/03/02 23:48:40 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2014/03/03 00:05:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2009/07/13 21:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2014/03/02 20:00:40 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2009/07/14 00:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2014/02/26 02:55:04 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2014/02/24 20:26:02 | 000,000,000 | ---D | M] -- C:\Windows\Migration
[2014/03/01 18:58:36 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2009/07/13 21:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2011/11/22 11:50:05 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2013/12/19 18:10:19 | 000,000,000 | ---D | M] -- C:\Windows\panther
[2011/11/22 11:42:37 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/13 22:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2013/11/19 09:20:17 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2013/11/17 14:36:22 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\Registration
[2013/11/16 14:35:18 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/13 21:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/13 22:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/13 23:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2011/11/22 11:48:44 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2010/11/21 02:16:47 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2013/11/16 14:59:32 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2010/11/21 02:06:49 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
[2014/03/03 00:04:57 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2014/03/03 00:04:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2009/07/13 23:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2014/01/30 14:21:19 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2014/03/03 06:19:43 | 000,000,000 | ---D | M] -- C:\Windows\temp
[2009/07/13 21:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2009/07/14 00:32:39 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2014/02/12 21:50:25 | 000,000,000 | ---D | M] -- C:\Windows\winsxs

< %windir%\AppPatch\*.exe /s >

< %windir%\ShellNew\*.* >
[2009/06/10 15:44:28 | 000,004,544 | ---- | M] () -- C:\Windows\ShellNew\Journal.jnt

< %windir%\installer\*. >
[2011/11/22 11:42:01 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2014/03/02 20:53:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI5BF.tmp-
[2014/03/02 20:56:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI5CE0.tmp-
[2014/03/02 20:53:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI62AE.tmp-
[2014/03/02 20:56:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI6A4A.tmp-
[2014/03/02 20:53:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI6EF2.tmp-
[2014/03/02 20:56:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI784F.tmp-
[2014/03/02 20:56:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSI8859.tmp-
[2014/01/26 16:40:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIA9FE.tmp-
[2014/03/02 20:54:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSICA9A.tmp-
[2014/03/02 20:54:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSID6AF.tmp-
[2014/01/26 16:40:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIE5B8.tmp-
[2014/03/02 20:52:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIE639.tmp-
[2014/01/26 16:40:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIFAC1.tmp-
[2014/03/02 20:52:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIFC5A.tmp-
[2014/03/02 20:56:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\MSIFEB9.tmp-
[2014/01/21 12:12:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{08D2E121-7F6A-43EB-97FD-629B44903403}
[2014/02/08 15:13:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{190BC83F-D54E-4494-830E-7FB4A5F4B964}
[2013/11/20 13:45:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3D347E6D-5A03-4342-B5BA-6A771885F379}
[2013/11/16 15:21:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{43430FA0-49F0-4B13-B4C5-611000008100}
[2013/11/27 14:13:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}
[2014/01/26 16:41:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4D2F193D-4725-4518-9F23-AAF5A3475875}
[2013/12/17 18:40:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
[2013/11/17 17:56:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}
[2013/11/17 18:02:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5AAB972C-FF31-4B01-8445-50C42860EC02}
[2013/11/19 16:21:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}
[2013/11/26 00:52:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}
[2013/11/16 16:30:55 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5F187E71-93D7-4849-B5C2-1DD1747C81A7}
[2013/11/16 16:30:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{69290A89-5CD6-42A2-BBD9-D1EE95A3E490}
[2013/11/16 16:30:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6FF4C560-A95B-42DE-83AD-62C8737115E9}
[2014/02/01 21:32:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}
[2013/11/17 16:42:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2014/03/02 20:53:52 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
[2013/11/07 14:34:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}
[2013/11/19 16:41:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}
[2013/11/20 13:45:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}
[2013/11/16 15:49:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
[2013/11/18 01:47:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2011/11/22 11:42:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013/11/17 18:07:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}
[2014/01/21 12:12:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
[2011/11/22 11:44:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
[2014/01/16 14:44:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A7500970-FE98-11E1-B560-F04DA23A5C58}
[2013/11/17 02:03:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
[2013/11/17 17:58:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}
[2013/12/02 14:20:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}
[2014/01/26 18:14:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}
[2013/11/17 16:43:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}
[2011/11/22 11:43:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}
[2011/11/22 11:44:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
[2011/11/22 11:43:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
[2011/11/22 11:43:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
[2013/11/18 01:48:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2013/11/16 15:24:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F97E3841-CA9D-4964-9D64-26066241D26F}
[2013/12/07 00:26:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F9BE7B54-D322-43D6-83DD-CD132E4B8EEE}

< %windir%\system32\*. >
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/13 21:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2014/03/01 23:26:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2014/02/24 20:26:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/13 22:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2013/11/16 15:37:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2010/11/20 22:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2013/11/19 09:20:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/13 21:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2010/11/20 22:31:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/13 22:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2013/11/17 12:31:32 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2010/11/21 02:16:47 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2013/11/16 15:24:18 | 000,000,000 | ---D | M] -- C:\Windows\system32\xlive
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW

< %windir%\sysnative\*. >
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2010/11/20 22:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2011/11/22 11:38:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2014/03/02 23:48:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2014/03/02 23:47:42 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2011/11/22 11:36:36 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2010/11/21 02:06:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2014/03/03 03:22:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2014/03/02 23:48:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2014/03/02 23:48:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2011/11/22 11:43:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2014/02/24 20:26:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/14 00:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/13 21:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/13 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2014/01/05 12:17:40 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2013/11/16 15:37:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2010/11/20 22:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/13 23:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2013/11/19 09:20:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2014/02/15 03:01:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MRT
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2014/02/12 15:24:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/13 22:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2011/11/21 20:24:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2013/11/16 14:40:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2013/11/16 14:59:43 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/13 22:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/13 22:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/13 23:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/13 22:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2010/11/20 22:30:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2013/11/07 14:32:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SRSLabs
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2013/11/08 19:35:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2014/03/03 00:11:05 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/13 22:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2013/11/17 12:31:32 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2013/11/07 14:36:03 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2010/11/21 02:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2013/12/06 23:01:32 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2009/07/14 00:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/14 00:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/13 22:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2013/11/17 12:31:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %SYSTEMDRIVE%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC\*.ini >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SystemRoot%\assembly\GAC_MSIL\*.ini >

< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 20:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 20:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

Link to post
Share on other sites

< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/13 20:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)

< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s >
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64
"DelayedExpansion" = 0

< HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s >

< HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s >

< HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >

< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >

< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >

< HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >

< HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}

< HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >

< HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}

< HKEY_CURRENT_USER\Software\MSOLoad /s >

< type C:\WINDOWS\system.ini >> test.txt /c >
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]

< bcdedit /enum all /v >C:\boot.txt /c >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: CHRIS-PC
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       DVD-ROM         0 B  No Media           
  Volume 1         System       NTFS   Partition    100 MB  Healthy    System  
  Volume 2     C   Windows      NTFS   Partition    931 GB  Healthy    Boot    

< MD5 for: AFD.SYS  >
[2013/09/13 20:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys
[2013/09/13 20:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys
[2013/09/27 20:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys
[2013/09/27 20:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys
[2013/09/27 20:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 21:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 22:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSC.SYS  >
[2010/11/20 22:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys

< MD5 for: DFSC.SYS  >
[2010/11/20 22:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 22:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys

< MD5 for: DISK.SYS  >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: FASTFAT.SYS  >
[2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys

< MD5 for: I8042PRT.SYS  >
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: KBDCLASS.SYS  >
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\erdnt\cache64\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys

< MD5 for: KBDHID.SYS  >
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys
[2010/11/20 22:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys

< MD5 for: LSASS.EXE  >
[2009/07/13 20:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 01:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\erdnt\cache64\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
[2013/09/24 20:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2012/06/04 02:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2013/09/24 20:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe

< MD5 for: MOUCLASS.SYS  >
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys
[2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys

< MD5 for: MOUHID.SYS  >
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys
[2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys

< MD5 for: NETBT.SYS  >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: SERIAL.SYS  >
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE  >
[2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013/08/28 20:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013/08/02 00:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013/03/18 22:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013/08/01 19:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013/08/01 19:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SPLDR.SYS  >
[2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys

< MD5 for: SVCHOST.EXE  >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS  >
[2012/10/03 12:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/07 21:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/06 21:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2011/04/25 00:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/07/06 00:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2011/04/25 01:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2012/10/03 12:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013/11/26 06:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys

< MD5 for: USERINIT.EXE  >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS  >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE  >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Chris\AppData\Local\Application Data] -> C:\Users\Chris\AppData\Local -> Junction
[C:\Users\Chris\AppData\Local\History] -> C:\Users\Chris\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Chris\AppData\Local\Temporary Internet Files] -> C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Chris\Application Data] -> C:\Users\Chris\AppData\Roaming -> Junction
[C:\Users\Chris\Cookies] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\Chris\Documents\My Music] -> C:\Users\Chris\Music -> Junction
[C:\Users\Chris\Documents\My Pictures] -> C:\Users\Chris\Pictures -> Junction
[C:\Users\Chris\Documents\My Videos] -> C:\Users\Chris\Videos -> Junction
[C:\Users\Chris\Local Settings] -> C:\Users\Chris\AppData\Local -> Junction
[C:\Users\Chris\My Documents] -> C:\Users\Chris\Documents -> Junction
[C:\Users\Chris\NetHood] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Chris\PrintHood] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Chris\Recent] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Chris\SendTo] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Chris\Start Menu] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Chris\Templates] -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction

< End of report >


Here is my Extra.txt Log:


OTL Extras logfile created on: 3/3/2014 6:13:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop\Clean
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 45.91% Memory free
15.96 Gb Paging File | 11.90 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 452.41 Gb Free Space | 48.57% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{074BF298-7B1E-4E7A-8F4B-01F7EDB15E4F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{096597CF-0DE1-408D-927C-F09D77C0E13C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C532ED2-EBCC-45BA-9ED3-BE39A46E4880}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0DF3ACAE-37F0-44E9-A05D-B606731BA6EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F6F1997-B58A-40D6-928F-09648FC92D55}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F6FF67D-EBF7-40EB-BC6C-70999F063AE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FB30D4C-CC6A-4615-AB90-E47400A0C89E}" = rport=137 | protocol=17 | dir=out | app=system |
"{29164726-C27F-41DD-AACD-1484A35D5383}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{317B3B5D-E13A-4025-B835-4C8D55B17D34}" = lport=139 | protocol=6 | dir=in | app=system |
"{3EE40EA0-F1F1-4923-ABC3-B038595B6539}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47ECB127-0FBC-4BEB-B340-CABE8E55C857}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{592D8012-5EAE-4394-AE67-00BFB176EC0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CE9ED5-E4DF-4C01-9F55-B243297E604D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BCBE92F-39F1-4B81-891A-D19AC5A9B50B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61E2342A-6A29-48FE-816B-12D201C88808}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\remotecrashsender.exe |
"{7F01D14E-5D69-4F4C-A076-8E54AE8C827E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{818CFCA5-F481-4DD3-8212-569B917A9922}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88010F55-8A9F-4AAD-923D-97AB99CD03AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{933D6C5D-2411-494E-8A36-9DD61C0B9B68}" = rport=80 | protocol=6 | dir=out | app=c:\users\chris\appdata\local\warframe\downloaded\public\tools\launcher.exe |
"{9D337F21-B2D4-4AD1-B950-E8DF0C461716}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ADDB1C37-519E-47B8-9F74-A00F8FA52604}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3CF0450-E149-4877-84EE-8D664B35EBC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B77F4628-84CE-407B-BEAC-AC451DBD6809}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB66F16A-1FBC-4366-9C05-4CC7855DB550}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7D54FEF-0238-41AE-885C-ABDDD4E2AC6D}" = rport=138 | protocol=17 | dir=out | app=system |
"{D982EAD3-996A-4B56-AFAC-F79012061608}" = lport=445 | protocol=6 | dir=in | app=system |
"{EADD89F5-EE75-4106-A9C6-76C4AB5C4677}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD125AC7-FFD1-440A-88ED-4AF7E612CAAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E83FBE-10EB-4566-8838-28B418D2349F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{011AE9AD-C9C4-41BB-85B4-0BC6AC0B9BE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{01254583-92F9-49C2-ADA6-F89F91589031}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{017F74DA-DE93-48E6-BF1D-D99619CE8475}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04343B82-DBBA-466C-BF47-A6ED5BAB90D2}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{04571557-A3D7-43EE-8104-07EB383D2C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{0575A34D-E747-4ACB-B656-2CB10891351D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{064AE4C7-6BB0-4778-910E-934BE9913B44}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{07695326-EF79-4723-A936-9360AF428CFC}" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"{077AF1DD-3E5C-418E-95D8-A2596DDA6682}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{094A9307-39BD-4385-8D7E-4FD1D6D5D645}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0AF023B5-D946-4D03-8D9F-07D394A21F00}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{0DDE81B3-53AD-4491-8278-F92B4C095E55}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\super street fighter iv\ssfiv.exe |
"{12191FDF-FF5A-452B-A8C1-5C246E10030B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{14EACD09-CBE5-4BA3-BA82-10881B9778A6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{16484F3D-5569-4DCB-95AC-BC3C0E1DBC00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1CDAC340-F7E2-4DC1-A5F6-33BF4CFEF718}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\super street fighter iv\ssfiv.exe |
"{217B01EA-02F9-4FF8-A934-255912D25F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{22309DE3-6CF8-4375-909B-2E04BBEF9CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{230E2FB0-499B-4F4F-8893-26E7F27FB2A5}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{23D9FBC4-7B3E-4CEB-B831-FA2109C0069B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25CEC040-63B8-44F4-B1A3-834F7C6E281B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{260DF88D-69B2-438E-95B4-17EFC7BE3E69}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26300E04-8F76-431D-B251-D23932193BE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{26C2D817-6EF4-4DCA-8454-B0B0CD482D1F}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{27424707-C43C-43CF-81D8-463A789B634C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{28EFDDFA-0C77-474D-B293-BB35E976FE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2DA89FD8-4BB8-4015-AE86-0EB16B1240EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |
"{2F88D5A1-A328-4F65-BDFE-9A8B2000C126}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{311F9836-1D24-4A55-8DB1-5A1889D3CA78}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{33FC80CD-4F11-4EF8-B8BB-BA00743D9420}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{342FFA4D-69B6-4D0D-8E9F-D6D5D7570ACD}" = protocol=6 | dir=out | app=system |
"{36806AA6-CFE1-4EF7-9AC5-952F663DC19B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{3842299D-9F14-4424-9F2C-2087969AADDB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39FCEAD8-37B4-43F5-8548-54C8BBAC4BB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3B42D3AE-78ED-4E87-9469-2244BA15FCB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{3B665F1F-3E1D-4F6D-8EF2-85DE839A3C45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3C7CC72E-391E-4F44-84A9-19E1416023ED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{3DA1A2CA-2446-436E-AAE2-B59AA76F4D29}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{3F452B35-E749-4C8E-83C8-F59BD7884472}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{406C9AE2-F418-4410-BCE8-F5C4F5574008}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{474F3568-53A2-4C04-B23F-8877DBC3799C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{47ECF117-2AAD-4FDF-B699-824D7765719E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4871CAB4-ADBE-4DD7-8E82-4533F1E1395B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{4A065D56-FC3C-432A-A9A5-C2FE1A7F6A52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{4C7104D2-7829-4DAA-988A-9A08251422CB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{4E3B9C6A-38B6-42D3-828B-ECC84CE9DBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{4FEBC088-D8D8-4EC2-BB1D-C2024435CFD1}" = protocol=17 | dir=in | app=c:\program files\luxology\modo\701\modo.exe |
"{51EE51B4-3C34-4E86-9ADA-DEC585490DF7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{52426701-2DEF-4D2F-ADEA-1634595BD990}" = dir=in | app=c:\users\chris\appdata\roaming\adobe\wmiprv\wmiprvse.exe |
"{530BE087-7F1E-4EC4-B0F6-BBF0832410A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{5460ED9E-71EA-49DB-9208-DA2FA2554001}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{54CDA346-2EA3-4740-A6FA-5CAC126955BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{554AC41A-DED8-4C0D-BA85-BC5FEB3FF8AB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{569567C1-2E26-4EDB-B4A1-FB91870A12CF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{57E551BC-C876-4880-B904-A209A3792CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AFE94EA-7BEB-4B92-9703-D3B65E579C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B0DE435-9345-48A6-90D1-F6DF27B7BA73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{5C5E149F-9271-41FE-836D-96F751EB7BC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{621A0008-0B80-4A8A-8940-E327C7919EE6}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
"{647BBDCA-6333-458E-BA46-CD390B1148E6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{686DD41A-1684-403B-A6AD-3FBF083D8118}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69184158-F28F-4ECF-B17C-EB40E07238D9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{704A7A79-B29D-4D06-BFBF-79ECD36A6DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{718D404A-4DA7-4ECD-BA23-6675E316354D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{7344AF1E-B5B9-40FB-857C-28202B651702}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7559128D-92C2-4CA5-BB34-686CCBC976FE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{757B2757-910C-46C7-BEFE-DED73C6F2EB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{795F3541-A8C5-4360-BD6D-745661D6CF59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A83E6F7-2FE4-46B1-A6A4-BAD1CFE239A1}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{7CC6C084-6E38-4C5F-B3B6-FB0394586D49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{7CCDB09D-7E4E-4740-921E-679B6F486B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mirrors edge\binaries\mirrorsedge.exe |
"{847BE4B4-B45D-4BF4-B4FB-E7684A30BF26}" = dir=in | app=c:\windows\explorer.exe |
"{8C2E0653-3009-4BB3-943B-B7F5506A13DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D2D3655-FD1B-406C-968F-EBE684D0C36A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8E5427DA-8154-48B2-A29C-C494323C2FA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{900EA05F-025D-4EB5-86EA-2A5E9C31E3CD}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{9A98BA34-31F5-4247-BC19-34CE508D88EB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9AD0CA30-7EC7-4DED-A0F3-4037B31F4A22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{9C19E794-3089-42B2-9839-7D8EF5FF0766}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{9CE9AC95-A7F8-4CD8-A2C8-4F8913D7F7A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage.exe |
"{9F41038B-0147-4428-8E91-11325B988E85}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\utorrent\utorrent.exe |
"{A178A8B3-7B39-46FA-9ED6-5EFC265F90D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2CE2911-1476-4E85-B49F-C2F2919DAE8D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A44B890F-8A51-4A70-929F-ED9338430987}" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"{A5C28CAC-612C-4AA0-8FEF-46655A935C56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{A67850DA-A08B-4F63-8D3B-697E6E800333}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AFC451FA-C47D-43FA-9EE4-212419D805C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{B207205B-412D-40A0-9663-C81F91836B02}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{B47E345D-A60B-45EB-A632-03360A7D835C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{B529E6EE-3464-44C0-859B-2308CACF1743}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B643A720-0F68-4CF4-B791-916B74F702BB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B77471F5-7BE1-4393-8680-2696E52B080F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA47A7CF-5653-4515-8E13-CDCD1FF20A17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA5C1AFE-37E5-4351-93B8-DA22972BA515}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{BA6C812B-806B-452B-B771-1AA12622CDE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC506285-969E-489F-A675-B9FB98FB6B35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rage\rage64.exe |
"{BDB87666-C63B-4925-9C6B-BF8ECF535E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{C0965D3A-6C55-4B93-A59B-467A13A8643D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{C3B017B6-3F80-48B8-B2D4-EED9408D611E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{C3BF4EDD-BB99-41EF-B33B-2CB98A7D3A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C4A70655-D5B6-4AB1-B6AD-6A355E071EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{C635FB36-3B94-4B87-BDAF-6F37F9F5806E}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{D5D29578-7C45-40A8-AF51-CB0E0E2B5ADE}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{D9AE7521-D9C9-4380-8654-DC4B6A07903A}" = dir=in | app=c:\windows\system32\rundll32.exe |
"{D9E361BB-BC49-437D-AF7C-3BDBB86F1E91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DAC14300-DD20-4EC1-B7E0-4A8915622377}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{DD1DEF31-60C3-4447-922A-833C85974E6E}" = protocol=6 | dir=in | app=c:\program files\luxology\modo\701\modo.exe |
"{E22CDFD5-E283-4180-83E8-D00EB068CB38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5CA6ACC-EE0F-4946-AEA5-DB1BB00055C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{EB1B7209-E4A6-4C15-A151-5CFAAAC607B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{EDC3B889-D43E-4CE4-8070-16F37AF91D1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE707962-2631-4425-9F5D-600224E49D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{EFAE62CA-1378-45F2-B3DE-0963C10ECC2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{F53F75AE-5D4C-4156-BDF5-DB32F812922B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F9919E0B-2E9E-4B13-9720-78BFC5941A69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{F9E5E2E5-0FE2-45C9-96D5-C925AB1BCEC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{11044C90-7207-41D6-A152-330AFA075498}C:\udk\udk-2013-07\binaries\win64\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"TCP Query User{3CD33FDE-D65B-4712-83E3-F6B68D99C401}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{43FB207E-D55F-47D4-89CF-898B53B9FBE7}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{45E07985-2D0C-4432-B048-B69D367E4FF3}C:\program files\autodesk\maya2014\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2014\bin\maya.exe |
"TCP Query User{614B1D82-267D-4667-A599-40A3050C4FDA}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"TCP Query User{943EF44F-7D78-4D09-9615-97213310FEC3}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe |
"TCP Query User{A691AFC5-E5E5-4762-9BA6-3B172FD0D064}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
"TCP Query User{B0FB5025-5586-49A9-91DE-33EBA3335A72}C:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe |
"TCP Query User{B8225D53-F1E9-4A6F-842E-0E4888D3121B}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{CB08FA57-F54D-4244-B0B3-F2471B027934}C:\udk\udk-2013-07\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
"TCP Query User{E862A7CE-FE1B-41D2-99F1-8C5513162639}C:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe |
"TCP Query User{F4F4BB08-820D-4645-BBCD-D165380C931E}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{327F7A93-E37D-452D-8C60-78E023CF2AE8}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{349FFA76-07FF-4816-8C89-18CAB01856A4}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe |
"UDP Query User{568D6B96-5F6C-48EC-A6C8-88DB24CB531B}C:\udk\udk-2013-07\binaries\win64\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"UDP Query User{5E3E0A05-AED7-495A-9D27-B425D04C6CE7}C:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe |
"UDP Query User{6DD8997F-4720-42DA-9AB7-6D987D18F59B}C:\program files\autodesk\maya2014\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2014\bin\maya.exe |
"UDP Query User{831E7C5B-1E22-4F3D-80C7-FEEF346039E4}C:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\3d-coat-v4\3d-coatdx64s.exe |
"UDP Query User{8663F71C-D1A4-42D8-85F5-498E0327FF83}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{AD975E87-06D8-40A3-934F-35FFD4F3E9BA}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"UDP Query User{C4DCE0FB-0C3D-47D6-961D-3D4B019E2F60}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
"UDP Query User{D7287972-05FE-4991-9B16-DA4F29DA2CB3}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{DE091258-366E-4BE9-BA35-1BA1FA696C66}C:\udk\udk-2013-07\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
"UDP Query User{F7AD1A3C-7094-4812-9384-D4F8392EFAB8}C:\users\chris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}" = mental ray renderer for Autodesk Maya 2014
"{5AAB972C-FF31-4B01-8445-50C42860EC02}" = Autodesk Composite 2014
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}" = Autodesk Maya 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}" = Autodesk DirectConnect 2014 64-bit
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}" = Autodesk MatchMover 2014
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 326.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE470020-CCCF-4C09-9AB9-B710A4FBE2C8}" = AVG 2014
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F9BE7B54-D322-43D6-83DD-CD132E4B8EEE}" = Autodesk Mudbox 2014
"Autodesk Composite 2014" = Autodesk Composite 2014
"Autodesk DirectConnect 2014 64-bit" = Autodesk DirectConnect 2014 64-bit
"Autodesk Maya 2014" = Autodesk Maya 2014
"Autodesk Mudbox 2014" = Autodesk Mudbox 2014
"AVG" = AVG 2014
"CCleaner" = CCleaner
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-cc22b77f-9cae-40b5-9806-1d755fc98774" = Unreal Development Kit: 2013-07

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2937C578-0CDD-4936-A869-912FD029436E}" = Warframe
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}" = Roxio Game Capture HD PRO
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2014
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2F193D-4725-4518-9F23-AAF5A3475875}" = Free Soundcloud Downloader
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{5F187E71-93D7-4849-B5C2-1DD1747C81A7}" = Roxio CinePlayer Decoder Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69290A89-5CD6-42A2-BBD9-D1EE95A3E490}" = Roxio GameCAP HD PRO
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6FF4C560-A95B-42DE-83AD-62C8737115E9}" = Roxio Game Capture HD PRO
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86134348-6422-4486-AB6A-0E01DBA39DE6}" = ClipConverter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4A6011-BB10-4918-B561-3F6CF5712B37}" = Splash Lite
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CD86D42-C4DD-4E40-9211-164DFFBCA4DB}" = AVG PC TuneUp 2014 (en-US)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B9240DAE-EFA1-4A0E-824F-17B3F99194F8}" = Free CBR Reader
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"701_64" = Luxology modo 701 64-bit build 58358
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVG PC TuneUp" = AVG PC TuneUp 2014
"AVS Video Editor_is1" = AVS Video Editor 6
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Convert Audio Free FLAC to MP3_is1" = Convert Audio Free FLAC to MP3 version 1.0
"DMUninstaller" = DMUninstaller
"Fraps" = Fraps (remove only)
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"Hearthstone" = Hearthstone
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Steam" = Steam
"Steam App 230410" = Warframe
"Steam App 238960" = Path of Exile
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 9200" = RAGE
"Steam App 98200" = Frozen Synapse
"Unity" = Unity
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2014 8:33:02 AM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/28/2014 8:45:57 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: CryptoProvider.dll_unloaded, version:
 0.0.0.0, time stamp: 0x53026bf0  Exception code: 0xc0000005  Fault offset: 0x000007fef4517da8
Faulting
 process id: 0x92c  Faulting application start time: 0x01cf34810d76a60b  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: CryptoProvider.dll  Report Id:
 441e7b88-a076-11e3-a30a-94de80ce66f5

Error - 2/28/2014 9:02:14 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x03a70869  Faulting process id:
 0xb58  Faulting application start time: 0x01cf34811d20c1b9  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: 8afb4a19-a078-11e3-a30a-94de80ce66f5

Error - 2/28/2014 9:02:19 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc000041d  Fault offset: 0x03a70869  Faulting process id:
 0xb58  Faulting application start time: 0x01cf34811d20c1b9  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: 8dbab879-a078-11e3-a30a-94de80ce66f5

Error - 2/28/2014 11:09:41 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x025c0000  Faulting process id:
 0x14ec  Faulting application start time: 0x01cf3485dd957af0  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: 58ef1283-a08a-11e3-a30a-94de80ce66f5

Error - 2/28/2014 11:09:45 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc000041d  Fault offset: 0x025c0000  Faulting process id:
 0x14ec  Faulting application start time: 0x01cf3485dd957af0  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: 5b01f4b9-a08a-11e3-a30a-94de80ce66f5

Error - 2/28/2014 5:33:54 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/28/2014 7:06:45 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x02040816  Faulting process id:
 0x1640  Faulting application start time: 0x01cf34d855d9c47c  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: fdf4c713-a0cc-11e3-9457-94de80ce66f5

Error - 2/28/2014 7:07:01 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc000041d  Fault offset: 0x02040816  Faulting process id:
 0x1640  Faulting application start time: 0x01cf34d855d9c47c  Faulting application path:
 C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
 module path: unknown  Report Id: 0766abca-a0cd-11e3-9457-94de80ce66f5

Error - 3/1/2014 1:20:01 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/18/2014 9:21:35 AM | Computer Name = CHRIS-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/22/2014 3:13:45 AM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 1/22/2014 11:30:32 AM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 1/22/2014 11:30:45 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 1/24/2014 7:44:42 AM | Computer Name = Chris-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 1/24/2014 7:44:42 AM | Computer Name = Chris-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 1/24/2014 7:44:42 AM | Computer Name = Chris-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 1/27/2014 4:37:01 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 1/29/2014 12:34:30 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.

Error - 1/29/2014 12:34:30 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053


< End of report >

Link to post
Share on other sites

Hello,

 

 

We need to run an OTL Fix



  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Quote"
    :OTL
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...ReHzFSdngg,,&q={searchTerms}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...ReHzFSdnhQ,,&q={searchTerms}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...ReHzFSdnhQ,,&q={searchTerms}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...qb16f8gSdxa3SSg,
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...ReHzFSdnhQ,,&q={searchTerms}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...ReHzFSdnhQ,,&q={searchTerms}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-662125380-580819888-2351019072-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...ReHzFSdnhQ,,&q={searchTerms}
    FF - prefs.js..extensions.enabledAddons: %7B1F3015A6-75BF-4D05-CE58-E58B646B512F%7D:2.0.0
    FF - prefs.js..extensions.enabledAddons: %7Be91449cd-6c9e-5d65-e8b4-c9468614f780%7D:1.1
    FF - prefs.js..keyword.URL: "http://feed.helperba...ReHzFSdngQ,,&q="
    [2014/02/28 08:01:20 | 000,000,000 | ---D | M] (User Pinned) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{1F3015A6-75BF-4D05-CE58-E58B646B512F}
    [2014/03/02 20:58:17 | 000,000,000 | ---D | M] ("Muvic") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}
    [2014/03/02 20:52:56 | 000,022,864 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\searchplugins\Web Search.xml
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    [2014/02/28 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\kgbfdabplphfafenmofiofilgeglfbcp
    :commands
    [emptytemp]
  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.
  7. If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  8. Copy/paste the content of the log back here in your next post.

 

 

Regards,

Georgi
 

Link to post
Share on other sites

OTL Log:

 

 

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-662125380-580819888-2351019072-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKEY_USERS\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-662125380-580819888-2351019072-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

Prefs.js: %7B1F3015A6-75BF-4D05-CE58-E58B646B512F%7D:2.0.0 removed from extensions.enabledAddons

Prefs.js: %7Be91449cd-6c9e-5d65-e8b4-c9468614f780%7D:1.1 removed from extensions.enabledAddons

Prefs.js: "http://feed.helperba...ReHzFSdngQ,,&q=" removed from keyword.URL

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{1F3015A6-75BF-4D05-CE58-E58B646B512F}\components folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{1F3015A6-75BF-4D05-CE58-E58B646B512F} folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}\components folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}\chrome\PublisherImages folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}\chrome\images folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780}\chrome folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\extensions\{e91449cd-6c9e-5d65-e8b4-c9468614f780} folder moved successfully.

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\o9wa5s2w.default\searchplugins\Web Search.xml moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.

C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\kgbfdabplphfafenmofiofilgeglfbcp\2.0.0 folder moved successfully.

C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\kgbfdabplphfafenmofiofilgeglfbcp folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Chris

->Temp folder emptied: 94478868 bytes

->Temporary Internet Files folder emptied: 2345223437 bytes

->Java cache emptied: 102258 bytes

->FireFox cache emptied: 78997755 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 44212224 bytes

->Flash cache emptied: 1351 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1715630 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63784 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43257594 bytes

RecycleBin emptied: 773342237 bytes

 

Total Files Cleaned = 3,225.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 03032014_142806

 

Files\Folders moved on Reboot...

C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGS6BOV9\adB6IJFM6S.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\160x600[1].js moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\959121246[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\fo[1].js moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\like[7].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\like[8].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\like[9].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\sh150[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\user_sync[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD3XD2R2\xd_arbiter[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\ifM37QNTPG.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\ifYLF1YF9A.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\like[5].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\like[6].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\p-01-0VIaSjnOLgG4MXYX3L.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\st[2] not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\tt2SNW2BEA.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\ttAN4A2VUZ.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\ttCS1HX3XX.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\ttUJMV4NRM.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRURNBUW\um[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ab[3].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ad17CKDENY.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\AdDisplayTrackerServlet[6].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\adOXVRY2NQ.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\afr[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\how-to-maximize-your-iphones-battery-life[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\if9F702Q70.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ifCBAF6VJM.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ifM8TUGYUL.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\serv[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\stDMK62YWI moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\stLM51FAMT not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\st[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\tag[3].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\tag[6].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\tt74OLYU5D.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttj1LX5YMZ0.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttj2WKE3ZEY.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttj8JPSJF58.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttj8USYC2HC.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjBE99ZVJ3.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjE3H3VUB5.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjEBI7PV1I.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjEJPZC4EE.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjHAF0RFMO.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjHF2HQ4BT.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\ttjIUBFZOR0.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\t[1].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\t[2].js moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\t[3].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\usermatch2FTL5WPB.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\usermatchEI46MLGH.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\usermatchFBW2M11N.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\vj[3].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIX8ZPJ6\VT38JC01.HTM not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\2631[1].gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ab[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\AdDisplayTrackerServlet[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\AdDisplayTrackerServlet[5].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ad[9].gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\B1WKXH7Q.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ev[1] moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\GHUCHIJ5.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\if401CI1MH.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\if7I03GK1W.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifA3P44LZ2.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifFQW9ACQ8.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifGVJV5L13.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifI611FENV.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifQ2G6DCKD.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifQJLIVV4U.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifRWYZLEXQ.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifTIZDRQOC.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ifWLLNWLFN.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\is-a-lipstick-harmful-for-health[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\p-01-0VIaSjnOLg7Z0R6ZPK.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\p-01-0VIaSjnOLgK2Y57P9K.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\pd[4].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\pixel[4].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\rt=ifr[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\serv[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\stYLGAH212 not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ttjH6EP6DID.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\ttP4C7GK6Q.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\tubes-give-your-clock-that-mad-scientist-look[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3G6FMD0\usermatch[4].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ab[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\AdDisplayTrackerServlet[3].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ad[7].gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\beacon[2].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\cs[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\d49a9527[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\empty[2].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifHPG17ZQL.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifK7BC8EOO.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifM2XM16JR.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifNTTYBAOM.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifVSWIP40T.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ifZYICFV69.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\p-01-0VIaSjnOLg84NIJGZY.gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\p-01-0VIaSjnOLgOCOURXO2.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\p-01-0VIaSjnOLgR60UE7GO.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\pd[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\pixel[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\st7TM1OR6S not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\stAKWR0Y3U not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\stBBYTWG6Q not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\st[9] not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ttjLAFQ7NTW.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OILJDUKP\ttV6W7UDE8.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ad[9].gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\afr[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\beacon[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\beacon[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ddc[3].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\emily[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ff2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\filter[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\if6IHB6RSP.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifCAZH2ANU.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifDT95H9O1.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifGE9HR4B1.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifK3GB9CJI.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifQKS9M79O.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\iframe3[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\iframe3[4].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifRJ1KK9SC.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifTP40I2Z2.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ifXX94R9AU.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\likeM9TZU4O4.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[10].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[5].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[7].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[8].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\like[9].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\NY6YLQHN.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\p-01-0VIaSjnOLg4H2CS112.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\p-01-0VIaSjnOLgDYBFTXTZ.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\p-01-0VIaSjnOLgYVGZ1MHV.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\pd[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\pd[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\st22ZLBRK1 not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\stVZW2K1VG not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\st[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\tag[2].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttGIXJ4D16.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttj102A9I1O.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttj337TJPYC.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttjHA4OLDH6.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttjHB71TJB1.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttjHY9KBFXH.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttjI915XN15.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\ttjKWZ9K3C7.js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\TXT[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\t[1].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\t[2].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\usermatch[2].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZHKLXYF\vj[2].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\ad-300BottomRight[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\ad-casc-300-tier-1[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\adC4A2W1H0.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\adRFAJNS05.gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\if89KYIZMA.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\ifBIRE51Q3.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\ifQH4J5J9Y.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\ifTD32XJ0F.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\O7LXr9xX8mQ[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLg41FNNQ35.gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLgAGAF9YAR.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLgC29CKWC2.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLgDTE6ZO9M.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLgKPWT8CJ8.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLgNMEP2RFP.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLg[10].gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLg[6].gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLg[8].gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\p-01-0VIaSjnOLg[9].gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\pd[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\st[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\t[1].js moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\t[2].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\vj[3].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KXS45N2J\W06CZZSW.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJ369DWX\cs[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJ369DWX\ff2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJ369DWX\s[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I34SFCQC\ba[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I34SFCQC\ff2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I34SFCQC\p-01-0VIaSjnOLgVRPBE3OD.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I34SFCQC\xd_arbiter[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ad455540IO.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\AdDisplayTrackerServlet[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ad[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\afr[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\dazS1PrQQuCxC3iOAJFEJTqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\html[5].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\if02JAWPSJ.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\if1WSFSU8G.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\if5YPRLF6F.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifA2J909FF.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifBFSC7QDJ.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifN9WUZ123.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifNOPLOEZL.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifNR4GMY7T.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifP622ZX10.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifUTRRBQ8F.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifVXRIYAVZ.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifYSFSHXRL.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifZ5BX8NXO.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ifZIAUZU8A.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\p-01-0VIaSjnOLg2ZAGF8I3.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\p-01-0VIaSjnOLgKBRDZBX8.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\p-01-0VIaSjnOLgKZ7ZZDPP.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\p-01-0VIaSjnOLgUFRFWHNA.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\p-01-0VIaSjnOLgXH5KCZCX.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\ping[7].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\t[1].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\vj[2].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\weird-questions[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHKQKCWM\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1T3XZIV\if3MCDFMIY.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1T3XZIV\ifMSSUS6DA.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1T3XZIV\ifZX28PCUK.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1T3XZIV\showad[4].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1T3XZIV\st[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\11537[1].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\11538[1].js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ad-300TopLeft[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ad-300TopRight[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ad-casc-300-tier-1[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\AdDisplayTrackerServlet[7].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\adRULKCW15.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\dazS1PrQQuCxC3iOAJFEJR_xHqYgAV9Bl_ZQbYUxnQU[1].woff moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\if31I9ZTB2.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifDF9ITHJP.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifIHZ0ENHA.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifM3O97ZQA.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifP6KBG4OF.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\iframe3[8].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifS4ES61GV.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifXKKNP93J.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ifYZXEYRR2.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\i[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\like[7].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\like[8].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLg2XRQ1MSR.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLg2YJTZZ1V.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLg3H2PQ3TZ.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgCMQVZX8A.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgEC4W8R8J.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgOQW78YRL.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgQ3L91KKY.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgRIBEORE1.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\p-01-0VIaSjnOLgYZGHHXV9.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\pd[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\pixel[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\stK1RFJZ41 not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ttj0Q310ZJ8.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ttjKVWC0FKW.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ttjLSFD0N90.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ttjQMO3XET8.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\ttjRYD7RVCD.js not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\usermatch[4].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BSGILBC8\y7lebkjgREBJK96VQi37ZobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\AdDisplayTrackerServlet[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\AdDisplayTrackerServlet[7].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ads[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\afr[3].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\beacon[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\CDD36BDD2702155B52BAE8825BCD0CB3.cache[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\click[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\containertag[1].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\f[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\getSegment[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\hub[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\hub[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\load[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\match[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\p-01-0VIaSjnOLgB0FE3ILM.gif moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\p-01-0VIaSjnOLg[4].gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\p-01-0VIaSjnOLg[5].gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\pixel[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\pixel[4].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\s2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\sb[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\sb[2].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\st[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\st[3] not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\tt4RWZ4OVS.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ttj1T74IIVL.js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ttj8GAT1X9V.js moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ttJ93YBS0K.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ttjCGDRALJY.js moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\ttW5Q6BPZD.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\usermatch[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\usermatch[6].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0DRVKN4\vj[3].js not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ad-casc-728-tier-1[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\AdDisplayTrackerServlet7Q4F1TQ9.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\AdDisplayTrackerServletDAIOF33W.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\AdDisplayTrackerServlet[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ad[4].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ad[7].gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ad[8].gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\afr[9].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\BG54B9N2.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\cs[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\display[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\emily[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\emily[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\emily[4].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ev[1] moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\groupm[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\html[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\html[3].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\if04PVB5M5.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\if63R58XBO.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\if8UZBQLB9.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\if9J6239C9.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ifN0A4S5KL.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ifP6O9Y3M9.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ifQF0OJL6V.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\iframe3[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\iframe3[4].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ifUNZNDN6J.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ifV804RMEJ.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\MDTP6SCB.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\net[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\p-01-0VIaSjnOLg0I9HBUT5.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\p-01-0VIaSjnOLg[7].gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ping[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\QDSMCULY.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\r2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\s2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\sb[2].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\sb[3].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\sb[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\search[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\video-20130514-256809[1].mp4 moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\W15LB6FS.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5509N7U8\ZXBW751Z.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\adTag[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\adTag[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\comments[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\Dailymotion.eot[1].veaeea4b850068a67 moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\ifL1DQ265I.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\ifSC0D1SI0.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\p-01-0VIaSjnOLg1UCHUUTH.gif moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\s2[2].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\usermatchGZWLPKPJ.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3WBQXLY7\visitormatch[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\93JP10N1.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\ad-300BottomRight[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\ad-300TopRight[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\adHJDS41FP.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\engine[5].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\html[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\ifI5VN2JXD.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\info[1].gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\p-01-0VIaSjnOLgA14IV6VB.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34NQ12B4\We_iSDqttE3etzfdfhuPRVMR8FhBa8rkfAKaPBwAU3s[1].woff moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\2bmg[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\7HWRLEM5.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\84316402_mp4_h264_aac_2[1].dat moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ad-300BottomLeft[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ad-300TopRight[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ad-casc-300-tier-1[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ad[9].gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\click[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\fastbutton[2].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\if4CQS7MQ9.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ifKYPDP53W.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\ifO0C2LMSY.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\info[1].gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31LUD1GT\usermatch[8].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\3qPfgRJhy_o6IWGjH-pPcw[1].eot moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad-casc-300-tier-1[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad-casc-300-tier-1[4].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad-casc-300-tier-1[6].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad-casc-300-tier-1[7].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad-casc-728-tier-1[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\AdDisplayTrackerServlet[5].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ad[9].gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\beacon[4].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\blank[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\if8U5OVOUI.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ifBKV74MG7.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\ifI77RPR7S.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\p-01-0VIaSjnOLg913DYU9J.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\p-01-0VIaSjnOLgZX6CY3D5.gif not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\pd[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\px[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\s2[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\tt0XMTQV4T.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\video-20140112-536269[1].dat moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\videos[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\x1e5e3f[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3099QHCC\zrt_lookup[1].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ac[1].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ac[2].htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ad-300TopRight[1].htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ad-casc-300-tier-1[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ad-casc-300-tier-1[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ad-casc-728-tier-1[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\AdDisplayTrackerServlet[8].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\AdDisplayTrackerServlet[9].htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\if8L01O4EF.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifAHPPJHEU.htm not found!

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifB7HUD5J1.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifE58LJ525.htm moved successfully.

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifRUXOML0Y.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifS6A9XOM5.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifWLXUZV0U.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ifYT994NWK.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\p-01-0VIaSjnOLg02US9AMC.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\p-01-0VIaSjnOLg1RUC5O57.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\p-01-0VIaSjnOLgDB4XIFVH.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\p-01-0VIaSjnOLgEDC3LS3Y.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\p-01-0VIaSjnOLgKXTY9NQ7.gif not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\ttAOQ12NJ6.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\usermatchQPFO88MW.htm not found!

File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26WOO3KX\VFN925Q2.htm not found!

File move failed. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites