Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow PC, getting virus alerts, having general problems. [Closed]

[Possibly Infected]

  • This topic is locked This topic is locked
10 replies to this topic

#1 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 July 2014 - 01:35 AM

Hello!
Firstly, I'd like to say thank you for all your help.
 
So I've noticed a few issues with the family PC.
It's very, very slow at the moment. Infact, when I opened Task Manager the CPU usage was at 100% even though NO programs were open at the time.
 
Malwarebytes has also been giving me a lot of notifications ('threat blocked', 'malicious IP blocked', etc) as well as webpages loading extremely slowly (sometimes it takes up to a minute or two for the pages to load completely) which has led me to believe the machine is infected.
 
I would appreciate any help.
Thank you! :adios: 
 
Below are the two OTL Logs (Extras.txt will be posted in a new reply because I am unable to past it here).
 
OTL.txt:
 

OTL logfile created on: 7/4/2014 5:37:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mamo Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.96 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.98% Memory free
7.93 Gb Paging File | 6.05 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 38.02 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
 
Computer Name: MAMOFAMILY-PC | User Name: Mamo Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mamo Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
PRC - C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe (QFX Software Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Windows\SysWOW64\PrxerNsp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (CGVPNCliService) -- C:\Program Files\CyberGhost 5\Service.exe (CyberGhost S.R.L)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SPEEDbit)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (idcloakRouting) -- C:\Program Files (x86)\idcloak VPN\systray\routingservice.exe ()
SRV - (idcloakVPN) -- C:\Program Files (x86)\idcloak VPN\openvpn\openvpnserv.exe (The OpenVPN Project)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SumRandoVPNService) -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe (SumRando)
SRV - (TorchCrashHandler) -- C:\Users\Mamo Family\AppData\Local\Torch\Update\TorchCrashHandler.exe (TorchMedia Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VsEtwService120) -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (ESProtectionDriver) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys ()
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (andnetadb) -- C:\Windows\SysNative\drivers\lgandnetadb.sys (Google Inc)
DRV:64bit: - (tun3326) -- C:\Windows\SysNative\drivers\tun3326.sys (The OpenVPN Project)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 59652605
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GW_enNZ406NZ406
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://msn.co.nz/?pc...1DHP&dt=050913"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.203.0
FF - prefs.js..extensions.enabledAddons: fireforce%40scrt.ch:2.2
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...1&dt=050913&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Video Capture Master\Filters\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-7cb30356092f43ac\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mamo Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Mamo Family\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mamo Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/16 12:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/07/06 16:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/25 13:05:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2014/06/03 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/24 14:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/16 16:43:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2014/06/03 16:41:39 | 000,000,000 | ---D | M]
 
[2010/11/24 16:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Extensions
[2014/06/24 14:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions
[2014/04/23 16:35:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/12/31 16:31:42 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2013/11/03 11:10:42 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\battlefieldheroespatcher@ea.com
[2014/04/22 10:50:16 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\support@lastpass.com
[2013/10/08 19:18:19 | 000,052,316 | ---- | M] () (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\fireforce@scrt.ch.xpi
[2014/06/24 14:50:05 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/09 16:21:03 | 000,002,402 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\bingp.xml
[2014/02/21 14:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/24 14:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/24 14:49:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.c...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Users\Mamo Family\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mamo Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Mamo Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mamo Family\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.5_0\
CHR - Extension: Google Docs = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: ColorZilla = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: YouTube = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: SmoothScroll = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.3.0_0\
CHR - Extension: Battlefield Heroes = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google Search = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Screen Capture (by Google) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.1.4_0\
CHR - Extension: Tampermonkey = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.7.48_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.1.0.1_0\
CHR - Extension: AdBlock = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.5_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.33_0\
CHR - Extension: Live HTTP Headers = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo\1.0.5_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\5.1.1_0\
CHR - Extension: Google Wallet = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
CHR - Extension: Hover Zoom = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.2_0\
CHR - Extension: Gmail = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Translate = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.5_0\
CHR - Extension: Google Docs = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: ColorZilla = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp\0.5.5_0\
CHR - Extension: YouTube = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: SmoothScroll = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.3.0_0\
CHR - Extension: Battlefield Heroes = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google Search = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Screen Capture (by Google) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.1.4_0\
CHR - Extension: Tampermonkey = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.7.48_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.1.0.1_0\
CHR - Extension: AdBlock = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.5_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.33_0\
CHR - Extension: Live HTTP Headers = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo\1.0.5_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\5.1.1_0\
CHR - Extension: Google Wallet = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
CHR - Extension: Hover Zoom = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.2_0\
CHR - Extension: Gmail = C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/07/01 17:29:27 | 000,005,658 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com
O1 - Hosts: 111 more lines...
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InstallerLauncher] "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [AIM for Windows] C:\Users\Mamo Family\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKCU..\Run: [LightShot] C:\Users\Mamo Family\AppData\Local\Skillbrains\lightshot\Lightshot.exe ()
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SPEEDbit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: LastPass - file://C:\Users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000011 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.67.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{177A67E4-818A-46B5-9377-6C60DB02552E}: NameServer = 203.97.78.43,203.97.78.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{664BFB79-539A-4B1D-B4B4-13F1D9BD1BA2}: DhcpNameServer = 192.168.20.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32:64bit: VIDC.TMB0 - tmbvcm64.dll ()
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: VIDC.TMB0 - C:\Windows\SysWow64\tmbvcm32.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/04 17:33:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mamo Family\Desktop\OTL.exe
[2014/07/04 17:31:44 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Desktop\TDT
[2014/06/28 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2014/06/28 21:18:03 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Local\AOL
[2014/06/28 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2014/06/27 16:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014/06/26 23:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2014/06/26 23:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2014/06/26 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2014/06/25 15:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/06/25 15:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/06/24 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Documents\STEP BY STEP
[2014/06/24 18:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Documents\VB2013 BACKUP WHILE STEP BY STEP TUTORIAL
[2014/06/18 22:44:02 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Documents\Lightshot
[2014/06/18 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Documents\New folder
[2014/06/17 22:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\Documents\PRX
[2014/06/15 23:18:30 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Screenshot Tool
[2014/06/15 03:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skillbrains
[2014/06/15 03:06:12 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
[2014/06/15 03:06:08 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Local\Skillbrains
[2014/06/11 16:23:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/11 16:23:04 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 16:22:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 16:22:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/11 16:22:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 16:22:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/11 16:22:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 16:22:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 16:22:42 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 16:22:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 16:22:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/11 16:22:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/11 16:22:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 16:22:35 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 16:22:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 16:22:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/11 16:22:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/11 16:22:31 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/11 16:22:30 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/11 16:22:30 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 16:22:28 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/11 16:22:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/11 16:22:27 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/11 16:22:25 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 16:22:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 16:22:23 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 16:22:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/11 16:22:21 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/11 16:22:18 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/11 16:22:17 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/11 16:22:15 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/11 16:22:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/11 16:22:14 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/11 16:22:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/11 16:22:13 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/11 16:22:13 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/11 16:22:12 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/11 16:22:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/11 16:22:06 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/11 16:18:30 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/11 16:18:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/05 13:19:31 | 000,000,000 | -HSD | C] -- C:\Users\Mamo Family\AppData\Local\EmieUserList
[2014/06/05 13:19:31 | 000,000,000 | -HSD | C] -- C:\Users\Mamo Family\AppData\Local\EmieSiteList
[2014/06/04 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\Mamo Family\AppData\Local\{BE58AEDC-E319-43A2-9C49-2231D2A73B7C}
[2014/04/22 10:50:10 | 014,957,568 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2014/02/20 16:26:01 | 000,040,445 | ---- | C] (Beepa Pty Ltd) -- C:\Program Files (x86)\uninstall.exe
[2012/08/31 01:20:14 | 002,550,968 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2012/08/31 01:20:14 | 000,234,168 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2012/08/31 01:20:14 | 000,186,552 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2012/08/31 01:20:14 | 000,068,792 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2012/08/31 01:17:20 | 000,140,288 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[33 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/04 17:35:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
[2014/07/04 17:35:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
[2014/07/04 17:32:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mamo Family\Desktop\OTL.exe
[2014/07/04 17:24:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/04 17:14:19 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
[2014/07/04 16:58:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/04 16:46:30 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/04 16:33:01 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/07/04 16:27:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/04 16:27:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/04 16:24:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/04 16:19:51 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2014/07/04 16:19:14 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Malwarebytes Anti-Exploit.job
[2014/07/04 16:19:08 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/07/04 16:14:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/04 16:14:31 | 3192,987,648 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/03 19:52:09 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-718463087-3605604113-3917260930-1000.job
[2014/07/01 17:29:27 | 000,005,658 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/01 15:56:01 | 000,890,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/01 15:56:01 | 000,742,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/01 15:56:01 | 000,155,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/29 17:03:59 | 000,013,312 | ---- | M] () -- C:\Users\Mamo Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/29 15:22:06 | 000,000,132 | ---- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/06/29 13:13:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
[2014/06/28 21:18:14 | 000,001,103 | ---- | M] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2014/06/28 00:03:36 | 000,002,300 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/06/25 20:32:59 | 000,000,051 | ---- | M] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE1.dat
[2014/06/25 20:32:58 | 000,000,040 | ---- | M] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE.dat
[2014/06/25 20:13:32 | 000,005,687 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts-06-25-2014-habbo_assistant auto-backup
[2014/06/25 19:24:52 | 000,000,108 | ---- | M] () -- C:\Windows\GMouse.ini
[2014/06/24 16:57:08 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/06/24 16:57:08 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/06/24 16:34:28 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/06/18 19:16:34 | 000,005,687 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts-06-18-2014-habbo_assistant auto-backup
[2014/06/15 03:06:30 | 000,000,448 | ---- | M] () -- C:\Users\Mamo Family\AppData\Local\UserProducts.xml
[2014/06/14 20:02:21 | 000,002,411 | ---- | M] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/08 21:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 21:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/08 13:37:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[33 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/01 15:52:31 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\Malwarebytes Anti-Exploit.job
[2014/06/28 21:18:14 | 000,001,103 | ---- | C] () -- C:\Users\Mamo Family\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2014/06/25 20:32:59 | 000,000,051 | ---- | C] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE1.dat
[2014/06/15 03:06:30 | 000,000,448 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\UserProducts.xml
[2014/06/15 03:06:30 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\update-S-1-5-21-718463087-3605604113-3917260930-1000.job
[2014/06/15 03:06:24 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\update-sys.job
[2014/06/03 16:41:29 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2014/06/03 16:41:29 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2014/05/21 21:30:54 | 000,001,456 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/04/24 14:46:34 | 000,000,023 | ---- | C] () -- C:\Users\Mamo Family\jagexappletviewer.preferences
[2013/12/19 12:10:18 | 000,000,040 | ---- | C] () -- C:\Users\Mamo Family\jagex_cl_runescape_LIVE.dat
[2013/11/30 13:40:17 | 000,000,006 | ---- | C] () -- C:\Program Files\File2.zip
[2013/10/24 19:28:28 | 000,150,022 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\pic0
[2013/10/16 19:19:07 | 000,253,010 | ---- | C] () -- C:\ProgramData\1381907672.bdinstall.bin
[2013/10/16 19:04:57 | 001,151,028 | ---- | C] () -- C:\ProgramData\1381903521.bdinstall.bin
[2013/10/02 12:44:25 | 000,001,073 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\GIF Recordertmp.png
[2013/09/28 18:56:33 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2013/09/02 19:36:36 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2013/08/05 18:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013/08/05 18:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2013/07/24 01:10:58 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/07/10 21:07:21 | 000,007,605 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\Resmon.ResmonCfg
[2013/05/27 21:31:43 | 000,002,300 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/05/11 18:29:23 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/05/11 18:29:23 | 000,000,058 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/05/09 20:46:40 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/04/24 12:46:43 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/03/04 15:11:48 | 000,001,456 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/03/03 20:40:07 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/29 12:16:21 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/31 01:09:28 | 000,001,892 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2012/05/25 17:38:42 | 000,000,236 | ---- | C] () -- C:\Users\Mamo Family\.swfinfo
[2011/07/28 21:31:28 | 000,000,000 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{03811D0A-64F1-4952-B52F-6E9C4E6557D4}
[2011/07/19 20:12:34 | 000,000,000 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{3253C16D-80F2-4E6E-9374-E492B1504575}
[2011/07/09 19:11:38 | 000,000,132 | ---- | C] () -- C:\Users\Mamo Family\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/19 10:27:27 | 000,001,940 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/03 23:52:58 | 000,000,099 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\fusioncache.dat
[2010/12/17 12:47:59 | 000,013,312 | ---- | C] () -- C:\Users\Mamo Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/29 18:35:28 | 000,000,102 | ---- | C] () -- C:\Users\Mamo Family\.jupload.properties
 
========== ZeroAccess Check ==========
 
[2009/07/14 16:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 14:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 13:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 13:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/26 18:33:31 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.ccdesk
[2013/05/25 18:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.ccemu
[2012/01/29 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.clickme
[2014/01/17 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.feedthebeast
[2014/06/08 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.minecraft
[2011/10/28 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.spoutcraft
[2012/11/01 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\.techniclauncher
[2013/08/19 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Acoustica
[2012/05/25 17:35:20 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Apowersoft
[2013/10/18 15:02:41 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\AVAST Software
[2012/02/26 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\AVG2012
[2011/11/17 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Axialis
[2013/02/27 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\BANDISOFT
[2014/02/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\BitTorrent
[2011/11/26 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Blender Foundation
[2013/04/28 21:24:33 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Build and Shoot
[2012/03/19 20:10:08 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Canon
[2011/05/24 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/05/09 20:14:38 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Clippy Logs
[2011/12/04 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/23 21:21:52 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/06/06 22:06:24 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\DogeCoin
[2014/06/06 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\DogeCoin - Main
[2014/04/30 01:13:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\DogeCoin Light
[2013/05/11 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\DonationCoder
[2013/09/22 11:39:39 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Dropbox
[2012/03/13 19:05:15 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\EpicBot
[2013/11/04 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\EurekaLog
[2014/01/09 20:54:41 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\ExpressVPN
[2014/02/25 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\FileZilla
[2014/01/17 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\ftblauncher
[2011/09/04 20:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\GameMaker
[2011/05/27 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\GetRightToGo
[2014/03/14 16:38:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\GIF Recorder
[2013/10/02 12:55:33 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Gif_recorder
[2013/03/10 15:20:35 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\gtk-2.0
[2013/09/15 19:23:38 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Gyazo
[2011/03/21 19:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\ImTOO
[2014/02/25 20:35:23 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\inkscape
[2013/12/16 13:29:30 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Litecoin
[2014/05/26 15:52:32 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Local
[2011/04/15 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\LolClient
[2013/08/29 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Malicious Batch Analyzer (MBA)
[2012/12/26 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Maxotek
[2011/02/23 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Minecrafter
[2011/03/23 20:25:55 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Minemapper
[2011/02/18 15:06:03 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Minetographer
[2014/06/06 22:02:30 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\MultiDoge
[2011/12/22 11:26:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Mumble
[2013/10/27 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Name_exploiter
[2011/07/09 12:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Notepad++
[2013/09/18 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Notesave
[2013/10/27 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\NuGet
[2014/03/29 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Nulld
[2010/11/15 19:45:35 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\OEM
[2013/04/09 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Old_Skype
[2014/06/14 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Omnicoin
[2010/12/14 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Opera
[2013/07/19 00:00:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Oracle
[2010/12/28 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Paltalk
[2013/04/23 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\PDAppFlex
[2013/10/24 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\pic
[2013/05/04 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\PlayClaw4
[2010/11/21 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\PowerCinema
[2012/09/17 17:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Product_RM
[2013/09/02 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Proxifier
[2013/10/22 17:13:56 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\puush
[2011/09/12 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\pymclevel
[2013/10/22 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\QFX Software
[2012/02/26 16:31:43 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\QuickScan
[2011/12/28 12:29:54 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\redsn0w
[2013/03/31 21:50:16 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\RotMG.Production
[2011/05/24 20:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Rovio
[2013/06/09 21:16:50 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\RSBot
[2014/06/16 00:17:14 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Screenshot Tool
[2010/12/12 12:03:39 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\scriptocean
[2012/11/17 13:09:19 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\skyz
[2013/05/10 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\SoftGrid Client
[2010/12/17 12:48:00 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Solveig Multimedia
[2014/06/03 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\SpeedBit
[2011/05/24 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/03/22 15:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Sublime Text 2
[2013/08/19 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\SynthMaker
[2012/04/11 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\SystemRequirementsLab
[2011/05/18 11:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Sytexis Software
[2014/01/21 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\TeamViewer
[2013/10/01 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Text to speech
[2014/03/29 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Text-to-Speech - PPLOC
[2014/03/29 20:05:06 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Text_to_Speech
[2010/12/28 03:44:28 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Tific
[2011/05/26 17:17:50 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\TP
[2013/11/06 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\TrueCrypt
[2013/10/02 10:32:10 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Uninstaller Tool(Comodo Forums)
[2010/11/17 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Unity
[2010/12/01 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\WhiteSmoke
[2011/02/13 11:41:37 | 000,000,000 | ---D | M] -- C:\Users\Mamo Family\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 14:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/11 08:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.ASPX  >
[2011/07/09 13:40:16 | 000,031,052 | ---- | M] () MD5=41E0174E2238830CD13B0124F098E46C -- C:\Program Files (x86)\Essential Objects\EO.Web Controls 2011\Samples\VB\Demos\File Explorer\Explorer.aspx
[2011/07/09 13:40:16 | 000,031,052 | ---- | M] () MD5=E9C2D9C25E04AF47EEA67B189EB4A7C7 -- C:\Program Files (x86)\Essential Objects\EO.Web Controls 2011\Samples\CS\Demos\File Explorer\Explorer.aspx
 
< MD5 for: EXPLORER.ASPX.CS  >
[2011/07/09 13:40:16 | 000,000,426 | ---- | M] () MD5=D935B187F8A3E38284120F768F9649F6 -- C:\Program Files (x86)\Essential Objects\EO.Web Controls 2011\Samples\CS\Demos\File Explorer\Explorer.aspx.cs
 
< MD5 for: EXPLORER.ASPX.VB  >
[2011/07/09 13:40:16 | 000,000,498 | ---- | M] () MD5=EEC2AD922BC8B27E3EF9E84B5B1E1A0C -- C:\Program Files (x86)\Essential Objects\EO.Web Controls 2011\Samples\VB\Demos\File Explorer\Explorer.aspx.vb
 
< MD5 for: EXPLORER.BMP  >
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1028\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1031\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1033\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1036\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1040\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1041\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1042\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\1049\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\2052\explorer.bmp
[2009/08/31 02:59:28 | 000,000,246 | ---- | M] () MD5=EB73135E745C47670BF509ACF5E91698 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\templates\3082\explorer.bmp
 
< MD5 for: EXPLORER.DESIGNER.VB  >
[2010/03/18 20:22:58 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.designer.vb
[2011/12/12 13:52:40 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.designer.vb
[2013/07/22 00:35:42 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.designer.vb
[2013/07/22 00:35:42 | 000,036,545 | ---- | M] () MD5=0BFA552D19A4A7F9130A71DFBBCB1407 -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.designer.vb
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 18:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 18:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 17:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 13:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 17:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 17:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 17:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/03/04 16:39:37 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=2DDEDC6B70E7175119D2708C0E65A139 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\SP1\explorer.exe for Windows 7 SP1 7601.17514 x86 (32 bits)\explorer.exe
[2011/02/25 18:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 18:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/10/02 15:04:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=3D816076C58D854157B6A5ADA9D30928 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\System Files\x64\explorer.exe\smallicons\explorer.exe
[2010/11/21 00:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/10 15:28:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=453270487CD212FE7AC5F25C20957A90 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\explorer.exe for Windows 7 7600.16450 x64 (64 bits)\explorer.exe
[2011/04/27 18:26:23 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=4DBAED0C3B147F7361028CA0D68865F4 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\LAST VERSION\explorer.exe for Windows 7 SP1 7601.17567 x64 (64 bits)\explorer.exe
[2009/10/06 18:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/02/04 22:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/10/02 15:10:34 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=8393D72E8C55615432BF54BAAD40D137 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\System Files\x86\explorer.exe\smallicons\explorer.exe
[2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/02 14:43:52 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=9228E56958512F8A7D7264620709C3F2 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\System Files\x86\explorer.exe\bigicons\explorer.exe
[2010/10/02 15:05:28 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=99A9D867C90A5883C2FCBE1E7D39CCE2 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\System Files\x64\explorer.exe\bigicons\explorer.exe
[2009/10/31 18:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 22:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/03/04 16:39:35 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=A7BFB7BF3546799D235B833163979EB2 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\SP1\explorer.exe for Windows 7 SP1 7601.17514 x64 (64 bits)\explorer.exe
[2010/11/21 15:24:12 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010/11/21 15:24:12 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 15:24:12 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\Resources\Themes\Theme Manager\Default\explorer.exe
[2010/11/21 01:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 18:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 22:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 13:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/04/27 18:26:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=C536758CF3595493263F468FAA53C0AD -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\LAST VERSION\explorer.exe for Windows 7 SP1 7601.17567 x86 (32 bits)\explorer.exe
[2009/10/31 18:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 18:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 18:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 22:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/10 15:48:15 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=F4C2D4BDE18DB7237B48434E438B27F0 -- C:\Users\Mamo Family\Desktop\Folders\Desktop\screenshots\steelOrb_by_AP-GRAPHIK\explorer.exe for Windows 7 7600.16450 x86 (32 bits)\explorer.exe
[2009/10/06 17:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 14:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 14:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 14:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 14:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2014/07/04 17:24:18 | 000,126,742 | ---- | M] () MD5=31C5EA673F4CBC9D5494F7F1DD736DAA -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: EXPLORER.GIF  >
[2009/08/31 02:59:28 | 000,003,342 | ---- | M] () MD5=2C9E121C2DECEF61FED6EA977A30D90F -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\VCWizards\AppWiz\MFC\Application\images\Explorer.gif
 
< MD5 for: EXPLORER.RESX  >
[2010/03/18 20:22:58 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.resx
[2011/07/08 19:35:14 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.resx
[2013/07/22 00:35:42 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.resx
[2013/07/22 00:35:42 | 000,040,049 | ---- | M] () MD5=B16D2C77324DE7222CB0EA55C7B32784 -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.resx
 
< MD5 for: EXPLORER.VB  >
[2010/03/18 20:22:58 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vb
[2011/12/12 13:52:40 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vb
[2013/07/22 00:35:42 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.vb
[2013/07/22 00:35:42 | 000,008,501 | ---- | M] () MD5=55808E7AF87B5C18B97707BEF8EBDDEA -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vb
 
< MD5 for: EXPLORER.VSTEMPLATE  >
[2010/03/18 20:22:58 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer.zip\explorer.vstemplate
[2011/12/12 13:52:40 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vstemplate
[2013/07/22 00:35:42 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer\explorer.vstemplate
[2013/07/22 00:35:42 | 000,006,491 | ---- | M] () MD5=FB731348042E3356E2215A6747CE893C -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress\ItemTemplatesCache\VisualBasic\Windows Forms\1033\Explorer\explorer.vstemplate
 
< MD5 for: EXPLORER.ZIP  >
[2010/03/18 19:23:00 | 000,024,306 | ---- | M] () MD5=E8E0F5E3C559D62C1A65CF2C5EB75A24 -- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplates\VisualBasic\Windows Forms\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2012/06/02 23:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/09 13:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/18 11:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2014/03/08 13:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2013/12/21 02:57:39 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2012/11/14 14:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/29 17:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 18:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/05/17 16:10:41 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=1423FF1BFD2ECD9CFC8C17EA4F98B20F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_0d07eadd80a334bf\iexplore.exe
[2010/09/08 16:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2013/08/10 18:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 19:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 19:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/18 10:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 20:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/06/12 16:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/14 13:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 23:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/06/12 12:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/22 16:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 21:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 18:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/10 16:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\erdnt\cache86\iexplore.exe
[2013/08/10 16:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/13 09:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2014/03/02 10:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[2013/10/12 21:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/04/05 10:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/02/22 16:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2014/02/07 10:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[2010/09/08 17:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2013/08/10 17:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/09 00:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2010/09/08 17:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2012/05/18 14:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2014/06/02 18:03:18 | 000,810,200 | ---- | M] (Microsoft Corporation) MD5=4F2AA3E7BD7257E4937E071E3700819E -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/06/02 18:03:18 | 000,810,200 | ---- | M] (Microsoft Corporation) MD5=4F2AA3E7BD7257E4937E071E3700819E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_7b2e0ea1c2bb6f8c\iexplore.exe
[2010/11/04 17:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2012/08/24 22:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/29 14:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2014/06/02 16:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/06/02 16:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_8582b8f3f71c3187\iexplore.exe
[2012/06/03 00:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2010/09/08 16:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2012/08/24 19:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/05/17 11:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16490_none_175c952fb503f6ba\iexplore.exe
[2013/01/09 10:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/04 17:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2013/07/03 22:59:49 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=774C18BA997F40DA7F5A9A4AF822F49C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_168386401e431b98\iexplore.exe
[2013/07/26 15:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 20:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2014/03/02 10:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe
[2010/11/21 01:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/25 16:45:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8AA8CFAF04E518C81E0C515585CD6AE4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_ffa5e0b637f57e7b\iexplore.exe
[2013/07/26 17:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/10/25 19:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2011/04/07 17:04:36 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/29 13:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/12 14:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 19:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/10/25 17:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2013/05/17 13:46:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A1397D2A4924C390E55D146FB45FDF7C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_0df2d8da9977d637\iexplore.exe
[2013/04/05 13:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/02/02 16:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/10/25 13:16:38 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=A8130AEDCC06FBDEBEC8E34732C01A16 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_09fa8b086c564076\iexplore.exe
[2013/05/17 10:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20600_none_1847832ccdd89832\iexplore.exe
[2013/02/02 19:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2012/11/16 15:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 19:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2012/06/02 20:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2013/04/05 09:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013/04/05 12:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010/11/21 00:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/02/07 10:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe
[2013/12/21 02:57:41 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/12 19:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2012/10/08 20:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/07/03 22:59:52 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=CEE28BCBC3251595396EE7FDA2B5F3CF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16618_none_20d8309252a3dd93\iexplore.exe
[2013/09/23 11:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 19:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2010/11/04 18:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2013/09/23 12:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/02 16:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2010/11/04 18:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2013/07/26 17:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/23 13:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2014/03/08 14:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2012/06/29 11:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/01/09 12:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/09 09:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/04/07 17:04:30 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 13:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 23:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/14 14:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/23 13:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/18 13:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2012/11/14 19:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/12/21 02:57:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/21 02:57:40 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/21 02:57:40 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/12/21 02:57:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2011/04/07 17:04:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/04/07 17:04:37 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/07/03 22:59:49 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/07/03 22:59:52 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 14:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 14:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 14:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 14:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/11 09:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/09 01:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 13:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 13:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 13:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 14:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 14:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 16:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 16:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2014/02/28 16:13:26 | 000,000,351 | ---- | M] () MD5=9CE95A4C9A60AC75BBB6F42A9713FE06 -- C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\2C3D8XBY\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/11 08:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 08:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 14:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 08:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 14:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 09:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 14:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 08:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 14:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 09:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/14 08:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 08:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 14:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/11 09:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 13:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 23:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 21:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 21:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009/10/28 19:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 18:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 01:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 01:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 14:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 14:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 14:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/14 08:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 08:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/09/17 22:49:46 | 000,000,005 | ---- | M] () -- C:\3T4e2st.txt
[2013/06/13 18:31:59 | 000,000,137 | ---- | M] () -- C:\Adf.ly bot Logs.txt
[2013/05/08 22:02:09 | 000,087,525 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/05/28 19:16:12 | 000,087,952 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013/05/29 17:24:57 | 000,001,424 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2013/06/02 10:01:24 | 000,000,403 | ---- | M] () -- C:\AdwCleaner[R4].txt
[2013/06/02 10:04:35 | 000,001,543 | ---- | M] () -- C:\AdwCleaner[R5].txt
[2013/06/08 20:30:28 | 000,001,664 | ---- | M] () -- C:\AdwCleaner[R6].txt
[2013/07/17 12:06:43 | 000,001,864 | ---- | M] () -- C:\AdwCleaner[R7].txt
[2013/10/01 15:52:48 | 000,000,433 | ---- | M] () -- C:\AdwCleaner[R8].txt
[2013/05/08 22:02:45 | 000,000,368 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/05/13 18:53:47 | 000,000,368 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/05/28 19:19:44 | 000,089,400 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2013/06/02 10:05:54 | 000,001,603 | ---- | M] () -- C:\AdwCleaner[S4].txt
[2013/06/08 22:02:51 | 000,000,368 | ---- | M] () -- C:\AdwCleaner[S5].txt
[2011/03/28 19:10:05 | 000,000,000 | ---- | M] () -- C:\asoutput.log
[2013/10/16 19:15:50 | 000,081,531 | ---- | M] () -- C:\bdlog.txt
[2010/06/04 10:32:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/14 11:42:41 | 000,000,000 | ---- | M] () -- C:\changed.txt
[2013/11/30 15:16:57 | 000,000,009 | ---- | M] () -- C:\END
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/08/27 19:53:43 | 000,000,065 | ---- | M] () -- C:\Hi.bat
[2013/08/27 19:53:32 | 000,000,065 | ---- | M] () -- C:\Hi.txt
[2014/07/04 16:14:31 | 3192,987,648 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/05/14 11:42:40 | 000,078,601 | ---- | M] () -- C:\jquery.js
[2013/06/13 18:23:42 | 000,000,143 | ---- | M] () -- C:\Log
[2013/06/13 18:22:58 | 000,000,137 | ---- | M] () -- C:\log.txt
[2013/06/13 18:26:10 | 000,000,140 | ---- | M] () -- C:\Logss.txt
[2011/05/14 11:42:41 | 000,013,020 | ---- | M] () -- C:\map.html
[2006/12/02 18:37:14 | 000,904,704 | -H-- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2013/07/08 18:06:07 | 000,775,168 | ---- | M] () -- C:\OSHFusion.dll
[2013/07/05 14:08:02 | 000,058,880 | ---- | M] () -- C:\OSHFusion.exe
[2013/04/28 16:34:17 | 000,009,216 | ---- | M] () -- C:\OSHFusionUnique.exe
[2014/07/04 16:14:40 | 4257,320,960 | -HS- | M] () -- C:\pagefile.sys
[2011/05/14 11:42:41 | 000,000,024 | ---- | M] () -- C:\players.js
[2010/07/25 02:28:33 | 000,002,168 | ---- | M] () -- C:\RHDSetup.log
[2011/05/14 11:42:40 | 000,000,022 | ---- | M] () -- C:\signs.js
[2013/05/28 17:39:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\tdsskiller (4).exe
[2013/10/01 20:59:35 | 000,000,200 | ---- | M] () -- C:\temp.bat
[2013/10/01 20:01:37 | 000,000,098 | ---- | M] () -- C:\temp.vbs
[2014/04/28 20:40:25 | 000,000,265 | ---- | M] () -- C:\test.txt
[2013/10/01 19:55:30 | 000,000,099 | ---- | M] () -- C:\Test.vbs
[2013/10/02 12:53:09 | 000,019,089 | ---- | M] () -- C:\testgffy.png
[2013/10/02 13:01:26 | 000,009,832 | ---- | M] () -- C:\Testgiffyagain123.png
[2013/07/08 20:20:35 | 000,000,018 | ---- | M] () -- C:\Testrnw.txt
[2013/10/02 12:42:54 | 005,760,054 | ---- | M] () -- C:\tmp.bmp
[2013/10/02 12:42:26 | 000,177,202 | ---- | M] () -- C:\tmp.png
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2013/06/17 17:43:10 | 000,000,013 | ---- | M] () -- C:\Xbox.txt
[2011/02/17 18:14:56 | 000,001,576 | ---- | M] () -- C:\zmatch.txt
[2013/07/08 18:05:43 | 000,319,372 | ---- | M] () -- C:\[www.OldSchoolHack.de]_OSHFusion (9).rar
[2011/08/03 18:06:25 | 000,002,952 | ---- | M] () -- C:\{1F9705C5-2ADB-478F-A1B7-ACC5567DEDFC}
[2011/05/30 13:22:55 | 000,002,608 | ---- | M] () -- C:\{8D6FDCFB-F531-4B3A-8C9D-9063CD2ABA6E}
 
< %systemroot%\Fonts\*.com >
[2009/07/14 17:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 17:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 17:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 17:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 08:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2014/05/25 13:05:09 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/08/31 01:11:22 | 000,027,624 | ---- | M] () -- C:\Program Files (x86)\changes.txt
[2009/07/14 16:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2012/08/31 01:20:14 | 002,550,968 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2012/08/31 01:20:14 | 000,234,168 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2012/08/31 01:20:14 | 000,068,792 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2012/08/31 01:20:14 | 000,186,552 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2012/08/31 01:17:20 | 000,140,288 | ---- | M] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[2012/08/31 01:09:28 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\README.HTM
[2014/02/20 16:26:01 | 000,040,445 | ---- | M] (Beepa Pty Ltd) -- C:\Program Files (x86)\uninstall.exe
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Gateway
 Volume Serial Number is 9841-AD46
 Directory of C:\
14/07/2009  05:08 p.m.    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08 p.m.    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08 p.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08 p.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08 p.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08 p.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08 p.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08 p.m.    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08 p.m.    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08 p.m.    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08 p.m.    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08 p.m.    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08 p.m.    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08 p.m.    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08 p.m.    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08 p.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08 p.m.    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08 p.m.    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08 p.m.    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08 p.m.    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08 p.m.    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08 p.m.    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08 p.m.    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08 p.m.    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08 p.m.    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08 p.m.    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08 p.m.    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08 p.m.    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08 p.m.    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08 p.m.    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Mamo Family
15/11/2010  07:43 p.m.    <JUNCTION>     Application Data [C:\Users\Mamo Family\AppData\Roaming]
15/11/2010  07:43 p.m.    <JUNCTION>     Cookies [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Cookies]
15/11/2010  07:43 p.m.    <JUNCTION>     Local Settings [C:\Users\Mamo Family\AppData\Local]
15/11/2010  07:43 p.m.    <JUNCTION>     My Documents [C:\Users\Mamo Family\Documents]
15/11/2010  07:43 p.m.    <JUNCTION>     NetHood [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15/11/2010  07:43 p.m.    <JUNCTION>     PrintHood [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15/11/2010  07:43 p.m.    <JUNCTION>     Recent [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Recent]
15/11/2010  07:43 p.m.    <JUNCTION>     SendTo [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\SendTo]
15/11/2010  07:43 p.m.    <JUNCTION>     Start Menu [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu]
15/11/2010  07:43 p.m.    <JUNCTION>     Templates [C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Mamo Family\AppData\Local
15/11/2010  07:43 p.m.    <JUNCTION>     Application Data [C:\Users\Mamo Family\AppData\Local]
15/11/2010  07:43 p.m.    <JUNCTION>     History [C:\Users\Mamo Family\AppData\Local\Microsoft\Windows\History]
15/11/2010  07:43 p.m.    <JUNCTION>     Temporary Internet Files [C:\Users\Mamo Family\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Mamo Family\AppData\LocalLow\Siber Systems\RoboForm
06/07/2012  04:02 p.m.    <SYMLINKD>     UserData [C:\Users\Mamo Family\Documents\My Avast EasyPass Data\Default Profile]
               0 File(s)              0 bytes
 Directory of C:\Users\Mamo Family\Documents
15/11/2010  07:43 p.m.    <JUNCTION>     My Music [C:\Users\Mamo Family\Music]
15/11/2010  07:43 p.m.    <JUNCTION>     My Pictures [C:\Users\Mamo Family\Pictures]
15/11/2010  07:43 p.m.    <JUNCTION>     My Videos [C:\Users\Mamo Family\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08 p.m.    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08 p.m.    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08 p.m.    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
25/07/2010  02:28 a.m.    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
25/07/2010  02:28 a.m.    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
25/07/2010  02:28 a.m.    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
25/07/2010  02:28 a.m.    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
25/07/2010  02:28 a.m.    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
25/07/2010  02:28 a.m.    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
25/07/2010  02:28 a.m.    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
25/07/2010  02:28 a.m.    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
25/07/2010  02:28 a.m.    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
25/07/2010  02:28 a.m.    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
25/07/2010  02:28 a.m.    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
25/07/2010  02:28 a.m.    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
25/07/2010  02:28 a.m.    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
25/07/2010  02:28 a.m.    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
25/07/2010  02:28 a.m.    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
25/07/2010  02:28 a.m.    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
25/07/2010  02:28 a.m.    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
25/07/2010  02:28 a.m.    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
25/07/2010  02:28 a.m.    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
25/07/2010  02:28 a.m.    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
25/07/2010  02:28 a.m.    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
25/07/2010  02:28 a.m.    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
25/07/2010  02:28 a.m.    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
25/07/2010  02:28 a.m.    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
25/07/2010  02:28 a.m.    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
25/07/2010  02:28 a.m.    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
25/07/2010  02:28 a.m.    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
25/07/2010  02:28 a.m.    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
25/07/2010  02:28 a.m.    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
25/07/2010  02:28 a.m.    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              80 Dir(s)  41,472,897,024 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/07 17:36:00 | 000,000,314 | -HS- | M] () -- C:\Users\Mamo Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/07/04 17:32:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mamo Family\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
[2014/04/22 10:50:21 | 014,957,568 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:56E2E879
 
< End of report >
 

 


    Advertisements

Register to Remove


#2 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 July 2014 - 01:37 AM

Extras.txt:

 

OTL Extras logfile created on: 7/4/2014 5:37:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mamo Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.96 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.98% Memory free
7.93 Gb Paging File | 6.05 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 38.02 Gb Free Space | 6.51% Space Free | Partition Type: NTFS
 
Computer Name: MAMOFAMILY-PC | User Name: Mamo Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = TorchHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0219C687-FAF6-4BE4-B14C-C7B1D7754EF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{228E2CDA-86B0-46D6-9A7B-D633E29B0908}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EFBE5D2-9732-4804-AEA5-013B5F9C5180}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{48807F05-4DA3-40B3-A4A5-0BC42B2E3D81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57326099-6238-4771-8141-F379F18A7583}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{59FFE401-F5A6-49A7-87D1-8152FB31EAF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5E618244-7CBD-4DAD-894B-5286965756AD}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\wdexpress.exe | 
"{651658F4-3220-4C69-BE2E-6C390F250036}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B36959F-3061-4A4C-82B1-AA948FADB6DD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6EA2F2C1-16E5-4C4D-B775-A1FDCADA789F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{80109053-C206-448A-BF81-F657BD0CEBB8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{816D6A42-00B1-46EB-9898-7B86DA46C7C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{867FB7E0-839A-41B0-A747-2D2B248A66F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{981C0EC3-1B5C-4999-9A74-20BFCD80A924}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A5675529-A50B-4D7D-9A76-6917E1CB0EC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFD25F66-2D0B-48B1-922E-99E376B977C6}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{B5E3E0DD-181D-4481-8B88-C09E9C2B094D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B8A5933F-4328-4E9D-BB00-156AFF70FAC7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C88A15AB-A54B-4E5D-982E-10A5AF4E1F04}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CF067E7E-68EF-4D6E-B9C0-BF748C8F36BA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{D2CC3356-D7B8-44CD-A884-DE9B75F70462}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D8CBAE34-EDB1-4DB0-B686-0DEBB74DBBF0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D9FE0112-5FC8-4675-9E68-B1D8325E495D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DCAAB30B-D40E-4E3F-BFD7-3F500C492F68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECE07538-0970-4EDE-BA55-69CB9D1B55B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F01FEF5E-7CA0-42F3-9B15-C44FD500C61E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A52907-DDC0-4827-9BFD-3100D1C56610}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{0103A128-A9F6-4496-BF3F-57A8F424789A}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum\novofatum r3.exe | 
"{013E580E-4CB0-4311-BB37-A5517CE3BBB5}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum\novofatum r3.exe | 
"{041DAB1C-72CA-499B-AE32-CBCC2A70AAC7}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\miniweb.exe | 
"{04C6C21C-5A5D-4E6B-AB6E-40E8E2327E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{04C9122C-244D-48FE-939C-6935023F4DDE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{055F2C1E-312C-4259-8159-CADC2CB17254}" = dir=in | app=c:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe | 
"{05E12224-CF0C-4D6F-9E25-72EC55E86015}" = protocol=6 | dir=in | app=e:\terrariaserver.exe | 
"{0694F659-D5CD-401D-A39D-FBF7191887CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0A07C80A-AAE7-452A-A218-C4D4FD09139A}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe | 
"{0A5808CB-701E-4C77-A031-BF880353A06B}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{0A6798B0-C4D3-4AD2-92F6-FD2E85B0A219}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0CB0C034-425C-4726-9050-1328C0BC0A53}" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"{0ED10EFD-5852-4189-888D-C8CE74C39BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{10232400-16C8-459A-96B8-D6EE8EF6EEC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{10954AFC-FE95-4C0F-8C29-E558A2C6033B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10CD88E6-B10F-4A82-8A69-130FB1FA384C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{117603AD-587D-44CA-8F4C-245C51B25C12}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe | 
"{14C87D61-7FB1-431E-83B8-68E1C2D2825F}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{15451C29-1080-406F-822F-AB90D9F5B521}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{16378D33-0EFF-4216-AA2F-BCFA6D90700B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{16851B4B-B67F-488E-93E3-319F256008EB}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe | 
"{194F84FB-895A-49E4-A934-7618556F0C47}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{195AE30E-B21E-4336-97EF-ECCBB1C2387E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{1B12CCAA-A2AA-4E62-AD08-9C9DC9EB5FC4}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum r3(1).exe | 
"{1BECE87F-321B-4C6A-98F9-76A26E3B6CD1}" = dir=out | app=c:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe | 
"{1C1B9EF1-890E-4B0A-A831-ED20441ABD37}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{1D01C6BA-7BEB-4409-97BD-E4A9C80F8021}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{20E4488E-7771-43D4-823D-1D41DA71D1CC}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{21D17291-7E9B-4619-B95C-EC95BA2A6D53}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{2337EDC0-C00E-4B3D-AB3C-AD9E5A892CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{2447B5F6-1A84-4DE4-8272-A74303F2D811}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2462D3F0-86EF-4687-9665-0E62A65E7042}" = protocol=17 | dir=in | app=e:\terrariaserver.exe | 
"{277FA8D1-B535-42B4-A2A8-EE2DD2AA63B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{28C07AB6-2FE3-42D0-8B06-149CA43B16BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{291F00F0-AFEC-4A5D-9162-C9A953E3C5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{29EA147B-36DD-4A50-AD9E-8F40CB855984}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2A8429FC-147F-4F61-A041-D3C994CFC1C2}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{2B4CF61C-9548-4CB3-ACEE-D9F36B4CE558}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{2B8F8818-0026-4316-936E-0A4806F18CAB}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{2E95EA7D-3F2F-4DC8-B108-BE5D5B697747}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\miniweb.exe | 
"{30EEE12B-2B06-4B81-B7DA-B2BE380BA166}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema\powercinema.exe | 
"{34B043EB-47A5-4D37-A9E2-F837B99B06D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{363EEFBC-BDA3-4CB0-8600-42D7D8BA4C64}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe | 
"{36E21460-DDD9-4D6A-991B-EFC824956563}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{3751A540-66E1-41D3-A15D-2FE920449B00}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe | 
"{37A48C60-32A8-47ED-8CB0-DFB6E0B99D18}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{39CA0561-71F8-4911-99F9-43DDA27BFA3D}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"{3C876481-ACA1-4EB9-BB42-2631542F2CF6}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe | 
"{3D1DBDD2-8C51-4766-A41D-D28DDED5FE8C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3D343725-EC8A-4C09-BD3C-C2E81F066796}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3D40C3D1-CEAF-45AD-8A3C-D30CCE5A3851}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\lala\novofatum 3.exe | 
"{3F414CEA-025C-4FF6-B352-73803404FADA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{3FD47898-1E1D-4F42-91B4-DC81C8D94886}" = dir=in | app=c:\program files (x86)\common files\adobe\oobe | 
"{41920BD1-EE0E-420B-A399-E96B174FC24D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{423A3FB1-CB47-40CD-A882-C5BB81C22D69}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{43B93C2C-7EE9-4006-B118-7B415E2B4D53}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"{4482E644-B5B5-4851-AC4A-7FEE417A0A2F}" = protocol=6 | dir=in | app=c:\program files (x86)\app dynamic\airserver\airserver.exe | 
"{451514A8-53F9-401F-8754-B564AF3F3CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{4A30DD5A-C984-4C66-9052-2EF79BA79E16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D9B347B-4660-43D0-9032-42FD24F67486}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4EA02BAD-EFE1-4235-8C1E-1E7703D7F443}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4EE6CBAF-55B4-43D4-A30C-E72AFDE12584}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{4FBAD067-E4E4-4783-B63E-95318F6D12AC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{4FEE034C-B72B-41FB-A044-7C40F244A24B}" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | 
"{51979932-4843-43BB-A146-39306584FA52}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{51B3C185-EC3B-4B8A-9C9E-71EB6151F238}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{51E84D65-1B35-4A15-BEFB-5F715EF8848D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5287E869-DBCE-4748-A35C-1D844014E6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{5311BE9B-CBAB-4265-8D04-78CB7E3C553C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{53377EDE-B805-43ED-A41E-42BBC5630F2E}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum r3.exe | 
"{54F23D98-F4EB-470A-918B-77382FF93CC2}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{57F3EC8A-76C3-43A1-9E96-D11C3D440380}" = dir=in | app=c:\program files (x86)\common files\adobe\oobe\pdapp\lwa\aam registration notifier.exe | 
"{58605BC9-AA53-4E5C-BED1-6F488B908406}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"{59A6DF25-A9FB-4B0E-955E-D3825D466444}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"{5B48F65B-3C61-4E33-A209-1FF459E5A0E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{5BBA3C03-D41B-4CEF-BB06-ECBD14B3DB79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C212F5C-19C0-4901-8232-2C12FB41A7AB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5D37048D-1049-4985-91A3-735C9FCC626D}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | 
"{5E98E024-3740-46A0-881E-644CD4940015}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum r3.exe | 
"{5EAC0C95-FA6C-4554-8609-F7D6E78BA6F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5FD0879F-C8EA-48A8-9CBE-B97EE5F23749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60332A46-C30C-4265-8849-1F00DDCCC845}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe | 
"{606F4245-2AA2-4CEF-A1DC-F789FC4A94CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{62EB72FB-5860-4E28-92E7-F71F77A08EBF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6346346A-1FE9-4901-8D1F-D2FF062C6F89}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{643B32C3-26A6-46B0-901F-5BB4D149AB80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{65F15618-91C7-436B-B52D-A27A216144C4}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema movie\powercinemamovie.exe | 
"{6651197F-9258-4487-B784-66BDFF307F6B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{66B898EA-2942-4D0A-A6B0-DB1D0D8DAC70}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{68CA43F8-0F8D-4A15-B860-F9BFACC1E996}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe | 
"{6A04DB91-5416-4E53-961E-DD8913820E1D}" = dir=in | app=c:\users\mamo family\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{6AF7B2B1-5E53-4DB7-AD45-44B37430E689}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{6D7CBF73-B756-478D-B834-0DA2F03F374A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6D9E2F49-991E-440C-830A-60089193573D}" = dir=out | app=%programfiles% (x86)\common files\adobe\oobe\pdapp\core\pdapp.exe | 
"{6ECC7878-4354-4033-A4F0-D9C36A458F9F}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe | 
"{6F0F443A-6A64-40E0-B4F8-351F5DCC2FF1}" = dir=in | app=c:\users\mamo family\appdata\local\torch\plugins\torrent\torchtorrent.exe | 
"{73A0142B-ECBE-45CC-B266-81E781FE009D}" = protocol=6 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe | 
"{746ABE1A-0D38-4316-8B1C-13A876A344CB}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\mediafire express\mf_systray.exe | 
"{74764E98-2E71-49A0-9843-62ED3D8E73A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{793C9D6E-B6D4-433B-B48B-9AA39ACCEF1B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{79E79823-6DC6-40F4-820C-ABDA7D0405D5}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe | 
"{7A03BDF0-85E4-49E3-8348-2BF0583FEB60}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{7AD3031F-2122-4E98-A52F-E03E53CB4C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{7AD6065D-6D9F-4508-B296-03F9F7548E50}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe | 
"{7C8C662E-F18D-4E6D-A818-B772DF05AE4C}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"{7DDECF3A-5FC0-44D7-8C54-2976B9C6B182}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{7E79BDC9-8735-4B82-8314-2BA0C7CA3693}" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | 
"{81B3CF22-2E41-4775-85FB-F47B6C7A7FC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83384592-DADE-4B60-B5DF-9C768F59AFE1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{852088BE-4820-4D3D-89E0-BC76EAB44FA9}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{86E96BE5-0694-487D-9BC8-A91DFDC78EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{890ADADA-5EA7-4C6C-A944-D07DB2AB5155}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{891249D6-B942-4D6B-B5B8-BCCA53D71244}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe | 
"{891BCC02-4D7E-459C-9466-5958B7606A69}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8A7C04FF-759A-4A7D-BAF1-C18EB6A6A2EE}" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"{8B856D45-2D65-4E83-96C6-457F7797D65A}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\remotemouse.exe | 
"{8C8CCA4E-F726-43EC-8638-94195E49A600}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{90C12BB2-6982-404A-A6E2-06221AFE35A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9228DBA4-2E11-4B58-97BA-042F4981D6DE}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streamingvideorecorder.exe | 
"{9278836A-8508-4DC7-B548-DFD5881D30EF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{94128159-8ABA-4461-8635-2C1E83A20FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe | 
"{950F3ADC-A87D-4D95-A379-5952031BBFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{956621E8-1EE2-4918-8643-52CDAA893F9B}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{984DE713-61F7-45DA-9B76-74AE211ED32F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9AB583F5-BE4F-4163-A835-C37540D0DF6D}" = protocol=17 | dir=in | app=c:\program files (x86)\novofatum\novofatum light r4.exe | 
"{9C12F8B9-FBFA-4363-992C-3A582EF58BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9E1F0FFC-C259-44E6-9512-46312D383D4C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{9FF617D2-1F01-4AE9-8263-AF342A00F2BF}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A0149B52-81E9-4BDC-AB55-FDC5DCE74D2D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A099DBF8-E30F-411E-960F-D0C2A9480A15}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{A17DB46E-9584-4A8F-A353-478F478665B8}" = protocol=17 | dir=in | app=c:\program files (x86)\app dynamic\airserver\airserver.exe | 
"{A21A6F1A-10BA-4169-8E5F-91961E6C61E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{A4F62D13-61FE-4367-AC8C-2E47C09EE2D0}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe | 
"{A7808FB8-69E3-41F5-BE46-F5383D96C06C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{A8C55A1A-8114-4DD5-9ABF-7F55E282D51D}" = dir=in | app=c:\users\mamo family\appdata\local\torch\plugins\hola\hola_plugin.exe | 
"{AA4680EF-0B3C-4FDF-8239-9A5BBCAFD399}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{AC860DAE-E706-4346-9071-5F38D381D8DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF22D3EA-0838-4CC8-BF7F-32E423BEB8C5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{AF8471A6-2749-4B49-A7D2-8E85056E2C5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0E8A297-38CA-417F-B275-D57A639D795F}" = protocol=6 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe | 
"{B278DA8D-72C5-4A88-B190-7EF771EAB698}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{B4C16D70-122B-4202-8B51-E217B1971AA3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B96AF1C7-06E1-4AE1-9751-362D2E092223}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | 
"{B99CD839-04D5-4CD0-B7F5-2FD8AD16D6D4}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA64088B-F1AB-4416-A836-92F0DF3A639C}" = dir=in | app=c:\users\mamo family\appdata\local\torch\application\torch.exe | 
"{BABE1055-77C5-49C5-93EA-F35FE88A58AF}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{BCDA6AE8-B7C5-427C-9749-F0590C08BAB0}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{BD888E6D-02A9-4494-8119-9F1D2B316A56}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe | 
"{BF502D76-4E9D-447A-928D-B05B3E336D04}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe | 
"{BFDE1CC8-C389-45E7-A00B-C031A7C36837}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{C087FF65-ADD3-415F-B04D-C0176B319C23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0F67192-875F-4010-91F9-505DF36E2D59}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\lala\novofatum 3.exe | 
"{C1959423-CDE2-471A-9774-0C377E47BD48}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C2445B8E-2311-4DDB-9587-01C9DEF455ED}" = protocol=17 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe | 
"{C27D5829-A502-46A8-AEDA-235C6C41D52B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C50B480A-FDB6-455A-BDE8-1A69088E7A51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8798BF5-E1DB-4626-B84D-FA570E0D7CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{C9609696-AC24-4039-A815-AB9AB8018DBB}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{C9DDB67A-8AD5-4898-AE34-B61372ADE264}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming-video-recorder.exe | 
"{CAD31352-42EF-43A7-B89B-AFD9CA42462C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{CB4FA39B-080F-4F65-9AA6-64975CF1086C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF95194D-248D-41A5-A4AD-B8868B5C9778}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{D015D83B-D7FA-4D99-B417-1A513A5670B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D108001F-F40A-4C20-812E-8321B15B4B9E}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | 
"{D108F2B5-1EA0-4550-906A-E48CD5A9798F}" = protocol=6 | dir=in | app=c:\users\mamo family\documents\novofatum\novofatum r3.exe | 
"{D287F34B-B600-45ED-8E5C-475EB7506D48}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum r3(1).exe | 
"{D468B846-27AB-4937-82E7-037D0DA500A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D4ADCC3A-817F-4967-B295-5598DDD3CD53}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe | 
"{D911AD1C-A0A3-47C1-9D61-622C1DDA2F13}" = protocol=6 | dir=out | app=system | 
"{DB5BE7A0-AE67-474B-B2E8-5A8D4A955CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"{DC13B8C3-8F93-4467-90D2-A15A4D72E629}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{E04902E0-0337-4C5F-9E7F-B4E7E654C964}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\mediafire express\mf_systray.exe | 
"{E1D45C56-7886-46F7-945F-9B232DC66E0D}" = protocol=17 | dir=in | app=c:\users\mamo family\documents\novofatum\novofatum r3.exe | 
"{E230A866-0D6B-40A5-B9DD-9503135A3C64}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe | 
"{E2FD5570-462E-4747-B665-0C8D322A0C95}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{E377E2D4-561B-441B-8247-2990B7E4469B}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe | 
"{E6848376-D0F2-4878-9C9B-F40F48FF7A31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6AC9892-B5F7-4A28-8D75-E2C2373BCBC1}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{E79E61AD-3B45-4B09-8957-289B9BF88158}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E7BE0F55-98DA-4966-AC05-CB26BD908AEF}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe | 
"{E7CE0B3D-471D-448E-BDFB-C9B655D868D0}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{E82E63D1-66CD-474D-8E7F-F57409EEC419}" = dir=in | app=c:\users\mamo family\appdata\local\torch\plugins\hola\hola_plugin_x64.exe | 
"{EEC0FA77-3064-4D9A-B136-47262E770583}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F034A783-E5A7-45C3-9B4A-4B6B26B315E3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F0CB99B2-2BFA-49C2-AA9F-8AB2AB78BF34}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{F37E0C16-11AD-43B6-BDC0-66D85BF10A17}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{F478E587-9633-42B0-914E-E921C9E28D4F}" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe | 
"{F7B86678-C646-4197-BF12-D7139F13A3BC}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{F9EF78B0-AECA-4FAD-B6C1-DD2FA742D8E0}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{FB21603C-CF40-4723-A1DF-D074077494B5}" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FB3334BE-ACD1-4423-B211-CCF563E3BBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{FB75952C-C61C-4DE1-9896-DA8BE86B01E5}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe | 
"{FBB02346-0B19-46AB-9C03-40C88BE5A249}" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe | 
"{FCBD0D44-A3AF-401B-9EA6-C9CA8D5269F2}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{FEDD7AD2-4FC3-4621-AC99-FF1FDC393B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\novofatum\novofatum light r4.exe | 
"{FF7588FB-FA7B-4FEB-9463-C7DB277FABF2}" = dir=out | app=c:\program files\adobe\adobe flash cc\flash.exe | 
"{FFB7544E-6738-4E8D-9319-255C8FD287C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"TCP Query User{024A5A03-5A73-4990-9D8F-35F65C745CD4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{0379BAD2-B6AC-46B8-854C-9DFA40688367}C:\program files (x86)\teamviewer\version8\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"TCP Query User{04FDBE0E-2F48-42C1-907F-79FD43542975}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"TCP Query User{0636F10A-5BEF-4C76-84CC-DD9744E31F1C}C:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe | 
"TCP Query User{0DD12EE0-F7DB-4011-94B0-87A043EE43EB}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{0F61B264-C18A-4841-A790-F8CD061627C2}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{175C9029-98C4-4B3A-9934-B9014DA42072}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{1D85F295-E7C1-4607-A81D-19619C5B7446}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{2478F6BF-240F-41A2-B4C2-4278EB0A5EB3}C:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe | 
"TCP Query User{2EE5B027-5732-4E7C-BC7B-ABE68C204A96}C:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe | 
"TCP Query User{2FA16DA6-89B2-4D94-B37F-E73E5CB7952B}C:\users\mamo family\appdata\local\temp\rarsfx0\x64\pcsftool.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rarsfx0\x64\pcsftool.exe | 
"TCP Query User{3100BCC1-A2D8-4863-9CE8-84CB10A454A3}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"TCP Query User{40C8A333-49DF-4643-8454-644A9042B8D1}C:\users\mamo family\appdata\local\mediafire express\mf_systray.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\mediafire express\mf_systray.exe | 
"TCP Query User{452EF1E3-237C-4B09-8A0F-668995FA59B9}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{4B390B44-44A7-4C57-B76D-7DF6F5FC5598}C:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"TCP Query User{54D60ABD-24CB-48E0-9646-86630445DB38}C:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe | 
"TCP Query User{679F975F-E360-4ED3-A495-0D8572367BDA}C:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe | 
"TCP Query User{68BD2A74-B435-4FA4-8893-90D211732E16}C:\program files (x86)\idcloak vpn\idcloakvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe | 
"TCP Query User{69FF1F77-0179-4C3F-8A3C-A8998331E266}C:\program files (x86)\novofatum\novofatum light r4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novofatum\novofatum light r4.exe | 
"TCP Query User{6BA5C5B9-880C-4EC1-948C-4CB6008FDA83}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{6D9F8CFD-D995-498E-9DC3-4F40552C6915}C:\users\mamo family\desktop\lala\novofatum 3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\lala\novofatum 3.exe | 
"TCP Query User{6F8BA47A-4505-45A0-84F8-52605DBDF33D}C:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe | 
"TCP Query User{720916C0-727E-4EB7-98FB-8B5C408AE6B3}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{7BB42AF4-4B1C-4D69-A2C6-9FDEB3099970}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{8579F57B-0B1F-40AD-8C85-3E339FA5526C}C:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe | 
"TCP Query User{87A53BBB-39CF-48A7-87A6-70CF8B42ED1D}E:\terrariaserver.exe" = protocol=6 | dir=in | app=e:\terrariaserver.exe | 
"TCP Query User{89890B94-D1DA-44E1-8518-ADD316BBB0C8}C:\program files (x86)\ea games\pte\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\pte\battlefield heroes\bfheroes.exe | 
"TCP Query User{93FB4539-FB2A-4EBE-A435-A24418AD2A91}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"TCP Query User{96BE8983-57D5-4B94-A034-906BF402AFAC}C:\users\mamo family\appdata\local\temp\rarsfx0\x32\pcsftool.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rarsfx0\x32\pcsftool.exe | 
"TCP Query User{A3E4325E-F966-4BC0-BFEF-D34B631560A5}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{A47756C6-1111-4208-8EE3-228B95E69CDC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A4936735-D186-41A1-BF55-D5EDC44D4A98}C:\users\mamo family\documents\novofatum\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\documents\novofatum\novofatum r3.exe | 
"TCP Query User{AED8EB13-70E7-466F-943F-A7CC88BF8E74}C:\program files (x86)\litecoin\litecoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\litecoin\litecoin-qt.exe | 
"TCP Query User{B4DAE81E-F122-4B74-9B75-E345A06CC3D7}C:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"TCP Query User{B544F55D-7D65-4131-BF46-D3CE967EC64D}C:\users\mamo family\desktop\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum r3.exe | 
"TCP Query User{B66B2497-7A11-4085-A204-B1DA374C2C06}C:\users\mamo family\desktop\novofatum\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum\novofatum r3.exe | 
"TCP Query User{B8B30D12-E7F1-406B-B326-16999D343C74}C:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe | 
"TCP Query User{BCE3A642-C138-432E-A96F-C5438CA81DC3}C:\program files (x86)\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe | 
"TCP Query User{C191FAE0-052A-49BB-8466-17DEEACA60B0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{C1B58050-7E5E-4748-ADCE-2238757541AC}C:\users\mamo family\desktop\desktop\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\desktop\novofatum r3.exe | 
"TCP Query User{C43043B3-1DDB-4FD2-8E77-53707D89338D}C:\users\mamo family\appdata\roaming\omnicoin\windows\omnicoin-qt.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\roaming\omnicoin\windows\omnicoin-qt.exe | 
"TCP Query User{C6B9627F-3FE9-4AE3-91F5-D256A52AC14E}C:\users\mamo family\desktop\novofatum r3(1).exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\novofatum r3(1).exe | 
"TCP Query User{D4C1C39E-2D71-490F-9999-445E96391617}C:\users\mamo family\documents\visual studio 2013\projects\windowsapplication1x\windowsapplication1x\bin\debug\windowsapplication1x.vshost.exe" = protocol=6 | dir=in | app=c:\users\mamo family\documents\visual studio 2013\projects\windowsapplication1x\windowsapplication1x\bin\debug\windowsapplication1x.vshost.exe | 
"TCP Query User{DD7BBC26-855B-4A4C-839A-202FD23BF677}C:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe | 
"TCP Query User{E117B741-8C09-4FB7-9562-EC4960C0B52A}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{E2882962-2311-4BC6-B9A1-654DA35D7C06}C:\users\mamo family\desktop\folders\ninos's folder\fate\fate\server\server.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\folders\ninos's folder\fate\fate\server\server.exe | 
"TCP Query User{EAC85C9F-7652-4A1D-AE30-2EAF91B56659}C:\ace of spades\server.exe" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | 
"TCP Query User{EB06EBDB-B032-4082-8FBA-A4F39AB35759}C:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe | 
"TCP Query User{FCB24ADE-0D3C-4AE5-8AD1-E1A7DA828E79}C:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe" = protocol=6 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe | 
"UDP Query User{01FA7565-DDA0-48B0-94B2-77452620C6C7}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"UDP Query User{02F27A89-77EA-4D3E-99DF-FB43B746F90F}C:\users\mamo family\appdata\local\temp\rarsfx0\x32\pcsftool.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rarsfx0\x32\pcsftool.exe | 
"UDP Query User{0A1FCB01-F9E0-4171-8D0C-5C3EACA50A87}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"UDP Query User{0BDA78B9-BBE2-4D70-8300-35601679A590}C:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\folder\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"UDP Query User{0DE47C96-9FFC-4087-8E2F-BE0305BB4E7F}C:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\folder\z - other\lala\novofatum 3.exe | 
"UDP Query User{1E16A3E0-7318-47E2-A55F-F689132C2EB9}C:\users\mamo family\appdata\roaming\omnicoin\windows\omnicoin-qt.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\omnicoin\windows\omnicoin-qt.exe | 
"UDP Query User{22D65BA0-3EEC-4DC8-BC7A-F9DAFC23F64F}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{27D6CFA3-6D42-4F6E-9C17-E23EACE46841}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{2A52B4B4-7C3B-469C-B367-F882EF26A334}C:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin\dogecoin-qt.exe | 
"UDP Query User{3051AE2E-7D91-486B-92EA-DB9D8D099DAD}C:\program files (x86)\novofatum\novofatum light r4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novofatum\novofatum light r4.exe | 
"UDP Query User{3C315F5A-55A1-43CD-998E-3A5BC7CEA688}C:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\dogecoin\dogecoin-qt.exe | 
"UDP Query User{3F80D655-679C-45B1-B467-FB3FF5FCE0AA}C:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\docked\temp\novofatum\novofatum r3.exe | 
"UDP Query User{45330534-CF3D-4BAD-9068-5A10CFD43525}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{4BF9C433-1C7B-4392-BF01-481F27CD2736}C:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\roaming\dogecoin - main\dogecoin-qt.exe | 
"UDP Query User{4CD8B51C-724D-44F1-A972-03D9170E576B}C:\users\mamo family\appdata\local\temp\rarsfx0\x64\pcsftool.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rarsfx0\x64\pcsftool.exe | 
"UDP Query User{4D12157A-A8C4-4DB8-AB4E-D824686153FB}C:\users\mamo family\desktop\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum r3.exe | 
"UDP Query User{51EBFBB8-2CE1-4A8E-A38B-A648D90C1835}C:\users\mamo family\desktop\folders\ninos's folder\fate\fate\server\server.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\folders\ninos's folder\fate\fate\server\server.exe | 
"UDP Query User{5D9BA765-86CF-42BC-B923-E0F6D9A8B5F4}C:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex60.520\novofatum r3.exe | 
"UDP Query User{6C300E0C-C30C-4D36-A9BF-196FA2262BEF}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{72176399-50C2-438E-83CE-24FDFFC8B0E4}C:\program files (x86)\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe | 
"UDP Query User{753DE9DF-2C58-4915-8142-017627BAAFBB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{765513DC-D3C0-4B3A-AC5A-A043AB9CDDB1}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe | 
"UDP Query User{7C8AD0E8-D5DF-4309-8FFC-76C1CE17A7AA}C:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\desktop\folders\folder\z - other\lala\novofatum 3.exe | 
"UDP Query User{7CD18D49-3207-441C-AA0A-39D84710E359}C:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex93.192\novofatum r3.exe | 
"UDP Query User{7E71663E-9CD3-4877-AA5A-589EDA9A4E04}C:\users\mamo family\desktop\lala\novofatum 3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\lala\novofatum 3.exe | 
"UDP Query User{940FAA42-17FF-4366-80CF-901F511B7F6D}C:\users\mamo family\documents\novofatum\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\documents\novofatum\novofatum r3.exe | 
"UDP Query User{97AEDBD3-04C4-468F-9C3E-905807B76A53}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{99004DAE-992E-4DCD-8B18-0D766E30CA65}C:\program files (x86)\litecoin\litecoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\litecoin\litecoin-qt.exe | 
"UDP Query User{99187C67-BEF6-4537-AB34-6F773FD7292F}C:\users\mamo family\desktop\novofatum r3(1).exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum r3(1).exe | 
"UDP Query User{A58BAB0D-DF48-4D36-B393-D144CE6DE92A}C:\program files (x86)\ea games\pte\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\pte\battlefield heroes\bfheroes.exe | 
"UDP Query User{AB6C089D-887F-448C-852A-80C42F27E6AC}C:\users\mamo family\desktop\desktop\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\desktop\novofatum r3.exe | 
"UDP Query User{AD6F6851-39BC-48A8-A06B-5232560EDC2A}C:\users\mamo family\documents\visual studio 2013\projects\windowsapplication1x\windowsapplication1x\bin\debug\windowsapplication1x.vshost.exe" = protocol=17 | dir=in | app=c:\users\mamo family\documents\visual studio 2013\projects\windowsapplication1x\windowsapplication1x\bin\debug\windowsapplication1x.vshost.exe | 
"UDP Query User{B0603811-B2F5-4BE5-B6D7-87EBD7A85EF6}C:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex72.984\novofatum r3.exe | 
"UDP Query User{B3537A7F-1417-4F77-AC83-0D1BE148C22E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{B87A67EF-BD6B-4046-A1A0-5F94F1104B54}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B9C27FF2-E31D-4D5D-A75F-03F7020191A5}C:\ace of spades\server.exe" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | 
"UDP Query User{BA6B843D-CB53-43D3-8B37-D05637457080}C:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex50.840\novofatum r3.exe | 
"UDP Query User{BBF22621-9A94-4C2F-B653-4A867B178D6B}C:\users\mamo family\appdata\local\mediafire express\mf_systray.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\mediafire express\mf_systray.exe | 
"UDP Query User{BDD2B2F0-3661-4C40-ADEB-658FB160AC85}C:\users\mamo family\desktop\novofatum\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\desktop\novofatum\novofatum r3.exe | 
"UDP Query User{C096FEC0-0445-44C8-A89C-4A5A0C42DB37}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{C2D36215-D607-4A7C-A42A-46DC89A3AB31}E:\terrariaserver.exe" = protocol=17 | dir=in | app=e:\terrariaserver.exe | 
"UDP Query User{D54E9509-7E35-4A54-9300-20112229B3CC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{D7623020-4CB4-4D77-8B90-D54F2CB12047}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{E25E5ACF-D539-40CC-A7A3-BC7301259C47}C:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex20.896\novofatum r3.exe | 
"UDP Query User{E4FA41D1-994B-48A6-B7E0-85DB2C2FBBD3}C:\program files (x86)\idcloak vpn\idcloakvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\idcloak vpn\idcloakvpn.exe | 
"UDP Query User{E7979B69-690B-4472-BE11-4366F6021ABE}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{EB533D8F-09B5-4FD9-9A70-82D284116303}C:\program files (x86)\teamviewer\version8\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"UDP Query User{EEEDE281-B387-4137-A7F2-9DF8F62E0715}C:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe" = protocol=17 | dir=in | app=c:\users\mamo family\appdata\local\temp\rar$ex87.984\novofatum r3.exe | 
"UDP Query User{F96D8CE3-EC8A-47CC-A72C-66820496D06E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05198C22-FFCE-374A-B190-9F18CC99DAEA}" = Build Tools Language Resources - amd64
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V4.0.3
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4AE29B5C-87B1-3C4E-8E15-17B83BA745CB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CC3444D-7279-4E83-984F-18E9A7B2E803}" = Oracle VM VirtualBox 4.2.16
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities 
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60391499-BB97-3FC7-9F17-2BF560DCE231}" = Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{65C91666-C3E8-3A42-BDA8-87932DD34F89}" = Microsoft Team Foundation Server 2013 Object Model (x64)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB 
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7B72F338-EBCC-32A6-A44C-DEF9B436AEF2}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{C41498FE-0BF8-3B22-9785-231CE53C728E}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client 
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7DD9E2F-25BB-3488-AA6A-6C5A9A27DA76}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F74753A3-C93C-34F5-A199-993CAF602B7D}" = Build Tools - amd64
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Blender" = Blender
"CCleaner" = CCleaner
"CyberGhost VPN 5_is1" = CyberGhost 5
"CyberGhost VPN_is1" = CyberGhost VPN
"HyperCam 2 (64 bit)" = HyperCam 2 (64 bit)
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 0.09.5.1000
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Sandboxie" = Sandboxie 4.08 (64-bit)
"Sublime Text 2_is1" = Sublime Text 2.0.2
"TAP-Windows" = TAP-Windows 9.9.2
"Total Uninstall 6_is1" = Total Uninstall 6.2.4
"WhoCrashed_is1" = WhoCrashed 4.02
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1" = Remote Mouse version 2.06
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" = NCDownloader
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1AA110-D758-30C1-A1B4-5484C72BCACE}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294A2E0E-3A0B-4D1F-8282-11DEF2040227}" = InstallIQ Updater
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects 
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.1.3.0
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{3229EE49-2ED9-477A-BD41-BE76A0001D2C}" = .NET Reflector Visual Studio Extension 8.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT 
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{37FC691D-93E6-4FF1-A056-A40C4F99AAA7}_is1" = UberStrike HD version 4.3.10
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}" = SlimDrivers
"{3D083545-D87F-4053-81AB-50B212642EC3}" = .NET Reflector Desktop
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{580A2212-7116-46E6-9229-472E23F1DCC8}" = Ace of Spades
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5F2C7928-68CC-4886-8919-BCEAE3AF75FE}" = Windows Internet Explorer Platform Preview
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64484316-E4BA-38B3-8954-0358522A8D40}" = Microsoft Visual Studio Express 2013 for Windows Desktop
"{676A51E8-97BE-4F08-9F08-453FC25C5905}" = EO.Web Controls 2011
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6B34251B-AB68-4b47-AA5E-09B50EFE41A0}" = Battlefield Heroes (PTE)
"{6B794BA0-DAF8-4527-8E15-165BA3EBC423}" = Folder Crypto Password
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6C44519A-497D-382C-8596-E972C77057C2}" = Microsoft Portable Library Multi-Targeting Pack
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.2.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = CyberLink PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{721DE640-9745-4907-AF6D-1032BE76AA7A}_is1" = NovoFatum version 1.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79F1C34C-3253-46ED-B34B-36A97714A7D3}_is1" = NovoFatum version 4.0.2
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7E1B484F-C15A-48C2-BF42-450310E39165}_is1" = Free Stuff version 1.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{800218C2-2E07-461C-85D6-8FDB4F9161D9}" = FPS Creator Free
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{85B4AF4C-AB5D-42E0-991D-18D986376990}_is1" = Convert PDF to Text Desktop Software version 1.5
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E7DE17D-A9E2-4762-8C10-1E80F5976F4A}" = Microsoft Visual Studio 2013 Preparation
"{A0169C20-A5C9-430B-A2BD-8C5DA22ED7B6}" = AirServer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA70FA9-D9FF-49FB-A98C-5F21ED3692E2}" = LogMeIn Hamachi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.00" = NavDesk 7.00
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}" = Adobe Flash Professional CC
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BAC8C2FD-1FF8-4615-B827-9042248121CB}" = Mobile Mouse Server
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C218ABCD-2C64-49D4-A891-83BD007D55D5}" = Theme Manager
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C342E30B-52F9-4657-96B6-32E399B9DEB2}" = 3D Pinball
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED885463-044B-436D-9DD9-B486A4FFF964}" = Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{f6718361-5d90-4368-a05f-dce9fa352112}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123VideoMagicBasic" = 123VideoMagicBasic
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.05.8039
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AI RoboForm" = avast! EasyPass
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Blueline_is1" = Blueline 1.1.1
"Brick-Force" = Brick-Force 
"Build and Shoot Launcher" = Build and Shoot Launcher 1.1
"CamStudio" = CamStudio
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comic Book Creator 2" = Comic Book Creator 2
"Comodo Dragon" = Comodo Dragon
"CraftBukkit" = CraftBukkit
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Setup" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EpicBot" = EpicBot
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressVPN" = ExpressVPN v3.416
"FileZilla Client" = FileZilla Client 3.7.0.1
"Fraps" = Fraps (remove only)
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"GhostMouse_is1" = GhostMouse
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Hotkey Utility" = Hotkey Utility
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"HyperSnap 6" = HyperSnap 6
"idcloak VPN" = idcloak VPN
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.48.0
"Install Creator" = Install Creator
"Installer Setup_is1" = Installer Setup version 1.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"Kepard" = Kepard
"KeyScrambler" = KeyScrambler
"LastPass" = LastPass (uninstall only)
"List Alphabetizer" = List Alphabetizer
"LogMeIn Hamachi" = LogMeIn Hamachi
"M Multi Yahoo Messenger 1.0" = M Multi Yahoo Messenger 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MarbleBlastGoldDemo" = Marble Blast Gold Demo (remove only)
"MediaFire Express (beta) 0.11.0.3001" = MediaFire Express (beta)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MultiDoge 0.1.2" = MultiDoge 0.1.2
"MySQL Connector/Net_is1" = MySQL Connector/Net 5.0.9
"NortonPCCheckup" = Norton PC Checkup
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenTTD" = OpenTTD 1.1.4
"OpenVPN" = OpenVPN 2.2.2
"Opera 11.62.1347" = Opera 11.62
"PlayClaw" = PlayClaw
"Postal 2 Demo" = Postal 2 Demo
"Proxifier_is1" = Proxifier version 3.15
"proXPN" = proXPN 2.6.1
"PunkBusterSvc" = PunkBuster Services
"ScreenshotCaptor_is1" = Screenshot Captor 4.01.00
"ShortKeys Lite" = ShortKeys Lite
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Speed Dial Utility" = Canon Speed Dial Utility
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Steam App 107100" = Bastion
"Steam App 200210" = Realm of the Mad God
"SumRandoSumRando" = SumRando
"TeamViewer 9" = TeamViewer 9
"TrueCrypt" = TrueCrypt
"uTime" = uTime 1.11
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.11
"WildTangent gateway Master Uninstall" = Gateway Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT078871" = Bejeweled 2 Deluxe
"WT078886" = Insaniquarium Deluxe
"WT078903" = Zuma Deluxe
"WT078959" = Blasterball 3
"WT078963" = Bob the Builder Can-Do-Zoo
"WT079019" = Faerie Solitaire
"WT079023" = FATE - The Traitor Soul
"WT079063" = Jewel Quest
"WT079067" = Jewel Quest Solitaire 3
"WT079107" = Penguins!
"WT079115" = Polar Bowler
"WT079119" = Polar Golfer
"WT079123" = Polar Pool
"WT079176" = Virtual Villagers - A New Home
"WT079182" = Yahtzee
"WT079239" = Build-a-lot 2
"WT079245" = Chicken Invaders 3 - Revenge of the Yolk
"WT079258" = Escape Rosecliff Island
"WT079263" = Mahjongg Artifacts
"WT079419" = Virtual Families
"WTA-54f73eb5-fc3e-4e97-ac88-f36b13c7ed21" = Dora's Carnival Adventure
"WTA-ddd901f8-83fc-4062-8339-4e9ff92c0d7a" = SpongeBob: Clash of Triton
"Yahoo! Companion" = Yahoo!Xtra Toolbar
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3cc47ede019b8987" = Screen capturer
"a87d8e93174496f4" = Club Penguin Money Maker
"AIM" = AIM for Windows
"Bitcoin" = Bitcoin
"Bitcoin Core (64-bit)" = Bitcoin Core (64-bit)
"d216b1e9da751a44" = Broswer
"Dropbox" = Dropbox
"e03277e4e74a6109" = Kill me
"Flux" = f.lux
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"Patch Maker" = Patch Maker
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/1/2014 2:09:49 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8377
 
Error - 7/1/2014 2:09:49 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8377
 
Error - 7/1/2014 2:09:51 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/1/2014 2:09:51 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9750
 
Error - 7/1/2014 2:09:51 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9750
 
Error - 7/1/2014 2:09:52 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/1/2014 2:09:52 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11076
 
Error - 7/1/2014 2:09:52 AM | Computer Name = MamoFamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11076
 
Error - 7/4/2014 1:20:42 AM | Computer Name = MamoFamily-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 7/4/2014 1:20:55 AM | Computer Name = MamoFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NovoFatum Light R4.exe, version: 1.0.0.0,
 time stamp: 0x5365143e  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
 time stamp: 0x53159a86  Exception code: 0xe0434352  Fault offset: 0x0000c42d  Faulting
 process id: 0x151c  Faulting application start time: 0x01cf9747aeefce44  Faulting application
 path: C:\Program Files (x86)\NovoFatum\NovoFatum Light R4.exe  Faulting module path:
 C:\Windows\syswow64\KERNELBASE.dll  Report Id: f8f599d7-033a-11e4-91d8-c39d3fb2a3bb
 
[ Media Center Events ]
Error - 11/17/2013 10:55:55 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:55:54 p.m. - Error connecting to the internet.  3:55:55 p.m. -    
 Unable to contact server..  
 
Error - 11/17/2013 10:56:44 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:56:24 p.m. - Error connecting to the internet.  3:56:24 p.m. -    
 Unable to contact server..  
 
Error - 11/20/2013 10:58:09 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:58:09 p.m. - Error connecting to the internet.  3:58:09 p.m. -    
 Unable to contact server..  
 
Error - 11/20/2013 10:58:49 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:58:38 p.m. - Error connecting to the internet.  3:58:38 p.m. -    
 Unable to contact server..  
 
Error - 11/26/2013 10:58:23 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:58:23 p.m. - Error connecting to the internet.  3:58:23 p.m. -    
 Unable to contact server..  
 
Error - 11/26/2013 11:00:03 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:59:02 p.m. - Error connecting to the internet.  3:59:04 p.m. -    
 Unable to contact server..  
 
Error - 11/28/2013 10:12:33 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:12:33 p.m. - Error connecting to the internet.  3:12:33 p.m. -    
 Unable to contact server..  
 
Error - 11/28/2013 10:13:10 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 3:13:02 p.m. - Error connecting to the internet.  3:13:02 p.m. -    
 Unable to contact server..  
 
Error - 11/28/2013 11:14:00 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 4:14:00 p.m. - Error connecting to the internet.  4:14:00 p.m. -    
 Unable to contact server..  
 
Error - 11/28/2013 11:14:31 PM | Computer Name = MamoFamily-PC | Source = MCUpdate | ID = 0
Description = 4:14:29 p.m. - Error connecting to the internet.  4:14:29 p.m. -    
 Unable to contact server..  
 
[ System Events ]
Error - 7/4/2014 12:17:40 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
 Detection service which failed to start because of the following error:   %%1058
 
Error - 7/4/2014 12:17:54 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7000
Description = The Torch Crash Handler service failed to start due to the following
 error:   %%193
 
Error - 7/4/2014 12:18:59 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CyberGhost
 VPN 5 Client Service service to connect.
 
Error - 7/4/2014 12:18:59 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7000
Description = The CyberGhost VPN 5 Client Service service failed to start due to
 the following error:   %%1053
 
Error - 7/4/2014 12:19:00 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   CFRMD
 
Error - 7/4/2014 12:19:08 AM | Computer Name = MamoFamily-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 7/4/2014 12:19:08 AM | Computer Name = MamoFamily-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 7/4/2014 1:17:44 AM | Computer Name = MamoFamily-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 7/4/2014 1:17:44 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
 Detection service which failed to start because of the following error:   %%1058
 
Error - 7/4/2014 1:18:30 AM | Computer Name = MamoFamily-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
 Detection service which failed to start because of the following error:   %%1058
 
 
< End of report >
 


#3 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 05 July 2014 - 11:03 AM

Hello and welcome to What the Tech.
 
Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#4 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 05 July 2014 - 07:59 PM

Hello!

Here is the requested log:

 

ComboFix 14-07-03.01 - Mamo Family 06/07/2014  13:29:47.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.4060.2627 [GMT 12:00]
Running from: c:\users\Mamo Family\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\fraps.exe
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\program files (x86)\Uninstall.exe
c:\programdata\1381903521.bdinstall.bin
c:\programdata\1381907672.bdinstall.bin
C:\test.txt
c:\users\Mamo Family\AppData\Roaming\Local
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-06 to 2014-07-06  )))))))))))))))))))))))))))))))
.
.
2014-07-06 01:50 . 2014-07-06 01:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-06 01:50 . 2014-07-06 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-05 01:09 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B8DBE5C-EED7-4345-9556-A825F29D7DC0}\mpengine.dll
2014-07-04 23:47 . 2014-07-04 23:47 -------- d-----w- c:\programdata\TorchCrashHandler
2014-06-28 09:18 . 2014-06-28 09:18 -------- d-----w- c:\users\Mamo Family\AppData\Local\AOL
2014-06-28 09:17 . 2014-06-28 09:18 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2014-06-27 05:52 . 2014-06-27 05:52 0 ----a-w- c:\windows\SysWow64\sho7A0.tmp
2014-06-27 04:49 . 2014-06-27 04:49 -------- d-----w- c:\programdata\PreEmptive Solutions
2014-06-26 11:03 . 2014-06-26 11:03 -------- d-----w- c:\programdata\VS
2014-06-25 03:59 . 2014-06-25 03:59 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-06-24 02:49 . 2014-06-24 02:49 74648 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-06-24 02:49 . 2014-06-24 02:49 271256 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-06-24 02:48 . 2014-06-24 02:48 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2014-06-24 02:48 . 2014-06-24 02:48 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2014-06-24 02:48 . 2014-06-24 02:48 27544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-06-24 02:48 . 2014-06-24 02:48 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-06-24 02:48 . 2014-06-24 02:48 107416 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-06-15 11:18 . 2014-06-15 12:17 -------- d-----w- c:\users\Mamo Family\AppData\Roaming\Screenshot Tool
2014-06-14 15:06 . 2014-06-14 15:06 -------- d-----w- c:\program files (x86)\Skillbrains
2014-06-14 15:06 . 2014-06-14 15:06 -------- d-----w- c:\users\Mamo Family\AppData\Local\Skillbrains
2014-06-11 13:32 . 2014-06-11 13:32 0 ----a-w- c:\windows\SysWow64\sho2B8.tmp
2014-06-11 04:23 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 04:23 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-11 04:23 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 04:23 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 04:23 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 04:23 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 04:23 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-11 04:18 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 04:18 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-06 01:10 . 2014-04-27 09:34 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-05 08:15 . 2012-09-29 00:16 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-07-05 08:15 . 2010-11-24 05:33 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-05 08:07 . 2012-09-29 00:16 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-28 15:33 . 2010-12-12 04:24 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-06-11 13:26 . 2010-11-30 02:47 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-08 01:37 . 2010-11-24 04:55 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-03 04:41 . 2014-06-03 04:41 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2014-06-03 04:41 . 2014-06-03 04:41 109696 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2014-06-03 04:41 . 2014-06-03 04:41 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2014-06-02 10:45 . 2014-06-02 10:45 0 ----a-w- c:\windows\SysWow64\sho5B22.tmp
2014-05-29 09:51 . 2014-05-29 09:51 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-05-29 09:51 . 2014-05-29 09:51 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-05-28 12:00 . 2014-05-28 12:00 0 ----a-w- c:\windows\SysWow64\sho1AE.tmp
2014-05-25 01:06 . 2014-01-17 05:39 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-25 01:06 . 2013-11-21 07:37 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-25 01:06 . 2013-11-21 07:36 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-25 01:05 . 2013-11-21 07:36 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-25 01:05 . 2014-05-25 01:05 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-25 01:05 . 2013-11-21 07:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-25 01:05 . 2013-11-21 07:36 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-25 01:05 . 2013-10-27 23:30 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-25 01:05 . 2013-11-21 07:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-25 01:05 . 2014-05-25 01:05 43152 ----a-w- c:\windows\avastSS.scr
2014-05-14 06:58 . 2012-04-21 00:39 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 06:58 . 2011-05-20 11:10 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-11 19:26 . 2014-04-27 09:10 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-11 19:26 . 2014-04-27 09:10 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 19:25 . 2013-04-28 03:44 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 16:50 . 2014-04-30 16:50 0 ----a-w- c:\windows\SysWow64\sho3762.tmp
2014-04-28 13:00 . 2014-04-28 13:00 0 ----a-w- c:\windows\SysWow64\sho1D03.tmp
2014-04-24 12:20 . 2014-04-24 12:20 0 ----a-w- c:\windows\SysWow64\shoEE7F.tmp
2014-04-22 11:47 . 2014-04-22 11:47 0 ----a-w- c:\windows\SysWow64\shoAA8F.tmp
2014-04-21 22:50 . 2014-04-21 22:50 14957568 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2014-04-20 15:06 . 2014-04-20 15:06 0 ----a-w- c:\windows\SysWow64\sho7474.tmp
2014-04-17 13:48 . 2014-04-17 13:48 0 ----a-w- c:\windows\SysWow64\sho8E92.tmp
2014-04-14 14:34 . 2014-04-14 14:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 08:13 . 2014-04-24 01:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 11:24 . 2014-04-13 11:24 0 ----a-w- c:\windows\SysWow64\shoC2F.tmp
2014-04-12 02:22 . 2014-05-14 04:23 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 04:23 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 04:23 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 04:23 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 04:23 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 04:23 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 04:23 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 04:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 04:23 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-04-11 10:32 . 2014-04-11 10:32 0 ----a-w- c:\windows\SysWow64\shoAD22.tmp
2012-08-30 13:20 . 2012-08-30 13:20 68792 ----a-w- c:\program files (x86)\fraps64.dat
2012-08-30 13:20 . 2012-08-30 13:20 234168 ----a-w- c:\program files (x86)\fraps32.dll
2012-08-30 13:20 . 2012-08-30 13:20 186552 ----a-w- c:\program files (x86)\fraps64.dll
2012-08-30 13:17 . 2012-08-30 13:17 140288 ----a-w- c:\program files (x86)\frapslcd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2014-06-03 04:41 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-03 39408]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-09-15 567880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-07 21444224]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2014-06-03 4110992]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2014-06-03 1517224]
"LightShot"="c:\users\Mamo Family\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-03-12 226592]
"AIM for Windows"="c:\users\Mamo Family\AppData\Local\AOL\AIM\aim.exe" [2014-02-04 1075144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 3890208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-06-22 3816272]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2014-05-31 508144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-4-22 14957568]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-4-22 14957568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R2 TorchCrashHandler;Torch Crash Handler;c:\users\Mamo Family\AppData\Local\Torch\Update\TorchCrashHandler.exe;c:\users\Mamo Family\AppData\Local\Torch\Update\TorchCrashHandler.exe [x]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 idcloakRouting;idcloakRouting;c:\program files (x86)\idcloak VPN\systray\routingservice.exe;c:\program files (x86)\idcloak VPN\systray\routingservice.exe [x]
R3 idcloakVPN;idcloakVPN;c:\program files (x86)\idcloak VPN\openvpn\openvpnserv.exe;c:\program files (x86)\idcloak VPN\openvpn\openvpnserv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 SumRandoVPNService;SumRandoVPNService;c:\program files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe;c:\program files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE Mobile USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys;c:\windows\SYSNATIVE\DRIVERS\lgx64gps.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 FlyCryptor;FlyCryptor;SysWOW64\drivers\FlyCryptor64.sys;SysWOW64\drivers\FlyCryptor64.sys [x]
S1 VBoxDRV;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tun3326;VPN Tunnel Adapter;c:\windows\system32\DRIVERS\tun3326.sys;c:\windows\SYSNATIVE\DRIVERS\tun3326.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 06:58]
.
2014-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
- c:\users\Mamo Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 04:30]
.
2014-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
- c:\users\Mamo Family\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 04:30]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 10:44]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 10:44]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000Core.job
- c:\users\Mamo Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 09:10]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-718463087-3605604113-3917260930-1000UA.job
- c:\users\Mamo Family\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 09:10]
.
2014-07-06 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-02-17 00:40]
.
2014-07-06 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-07-09 20:58]
.
2014-07-05 c:\windows\Tasks\update-S-1-5-21-718463087-3605604113-3917260930-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-06-14 06:44]
.
2014-07-05 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-06-14 06:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-25 01:05 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Mamo Family\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Mamo Family\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.20.1
TCP: Interfaces\{177A67E4-818A-46B5-9377-6C60DB02552E}: NameServer = 203.97.78.43,203.97.78.44
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
FF - ProfilePath - c:\users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://msn.co.nz/?pc=UP21&ocid=UP21DHP&dt=050913
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050913&q=
FF - ExtSQL: 2014-06-03 16:41; {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}; c:\program files (x86)\DAP\DAPFireFox
FF - ExtSQL: 2014-06-03 16:41; daplinkchecker@speedbit.com; c:\program files (x86)\DAP\daplinkchecker
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-HyperCam Toolbar - c:\program files (x86)\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-Installer Setup_is1 - c:\program files (x86)\Program Files\Setup\unins000.exe
AddRemove-{6B794BA0-DAF8-4527-8E15-165BA3EBC423} - c:\program files (x86)\Folder Crypto Password\Uninstall.exe
AddRemove-{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{B56B95BF-7161-4166-8288-DB1BA9F6C9B8} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-718463087-3605604113-3917260930-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-07-06  13:55:00
ComboFix-quarantined-files.txt  2014-07-06 01:54
.
Pre-Run: 42,689,019,904 bytes free
Post-Run: 43,095,085,056 bytes free
.
- - End Of File - - 07D1C45F45600BA40C685BB08FFDD9DB
A36C5E4F47E84449FF07ED3517B43A31
 


#5 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 06 July 2014 - 10:12 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#6 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 08 July 2014 - 02:14 AM

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mamo Family on Tue 08/07/2014 at 19:03:34.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] torchcrashhandler 
Successfully deleted: [Service] torchcrashhandler 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DogeCoin Price Checker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DogeCoin Price Checker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DogeCoin Price Checker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DogeCoin Price Checker_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho14F4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho175B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1B72.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1D03.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2B8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho328B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3762.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3AE5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho583B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5B22.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho69C2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6DA9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho731.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7369.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7474.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7AD8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7D15.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho89F6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A19.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8E92.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9F41.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA1DF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAA8F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAD22.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE50.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB309.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBA21.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC2F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD56.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE22.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE7F.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler"
Successfully deleted: [Folder] "C:\Users\Mamo Family\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Mamo Family\AppData\Roaming\mozilla\firefox\profiles\mm9bir06.default\user.js
Emptied folder: C:\Users\Mamo Family\AppData\Roaming\mozilla\firefox\profiles\mm9bir06.default\minidumps [10 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/07/2014 at 19:15:52.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner:
 
# AdwCleaner v3.214 - Report created 08/07/2014 at 19:22:21
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mamo Family - MAMOFAMILY-PC
# Running from : C:\Users\Mamo Family\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\Program Files (x86)\Skillbrains
Folder Deleted : C:\Program Files (x86)\Yandex Seach Selection
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Mamo Family\AppData\Local\Skillbrains
Folder Deleted : C:\Users\Mamo Family\AppData\Local\torch
Folder Deleted : C:\Users\Mamo Family\AppData\Local\Yandex Seach Selection
Folder Deleted : C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
File Deleted : C:\Users\Mamo Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Mamo Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Mamo Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\searchplugins\bingp.xml
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\Tasks\update-sys.job
File Deleted : C:\Windows\System32\Tasks\update-sys
File Deleted : C:\Windows\System32\Tasks\Your File Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\Software\SkillBrains
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Mamo Family\AppData\Roaming\Mozilla\Firefox\Profiles\mm9bir06.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Mamo Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [6580 octets] - [08/07/2014 19:18:11]
AdwCleaner[S0].txt - [6445 octets] - [08/07/2014 19:22:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6505 octets] ##########

 

Attached Files



#7 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 08 July 2014 - 09:52 AM

Please run a fresh scan with Malwarebytes, update the definitions first, then post the new log.
Also post the most recent "Protection Lof" as well, I'd like to see if there have been any more IP blocks.

NEXT


Go to http://go.eset.com/us/online-scanner to run the online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start - Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Start
Wait for the scan to finish
When the scan completes, press the LIST OF FOUND THREATS button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Press the BACK button.
Press Finish
Please attach the ESET report to your next reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#8 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 09 July 2014 - 08:36 AM

Apologies for the delays.

I will run the scans tomorrow.

 

Cheers!



#9 IcedTea

IcedTea

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 10 July 2014 - 06:54 AM

Hello!

I have completed the Malwarebytes' scan.

 

However, the ESET scan has been running for 5 hours and 39 minutes and is only at 41%.

I may cancel the scan and retry tomorrow.

 

Thank you.

 

Malwarebytes Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/07/2014
Scan Time: 6:01:05 p.m.
Logfile: Malwarebytes Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.09.13
Rootkit Database: v2014.07.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mamo Family
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335618
Time Elapsed: 32 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Protection Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 10/07/2014 1:40:32 a.m., SYSTEM, MAMOFAMILY-PC, Scheduler, Malware Database, 2014.7.9.3, 2014.7.9.4, 
Protection, 10/07/2014 1:40:43 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Starting, 
Protection, 10/07/2014 1:40:43 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 10/07/2014 1:40:44 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 10/07/2014 1:41:28 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Success, 
Protection, 10/07/2014 1:41:29 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10/07/2014 1:41:33 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Started, 
Update, 10/07/2014 2:39:34 a.m., SYSTEM, MAMOFAMILY-PC, Scheduler, Malware Database, 2014.7.9.4, 2014.7.9.5, 
Protection, 10/07/2014 2:39:37 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Starting, 
Protection, 10/07/2014 2:39:37 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 10/07/2014 2:39:37 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 10/07/2014 2:39:58 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Success, 
Protection, 10/07/2014 2:39:59 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10/07/2014 2:40:00 a.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Started, 
Protection, 10/07/2014 3:28:40 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malware Protection, Starting, 
Protection, 10/07/2014 3:28:40 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malware Protection, Started, 
Protection, 10/07/2014 3:28:40 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10/07/2014 3:30:04 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Started, 
Update, 10/07/2014 3:49:58 p.m., SYSTEM, MAMOFAMILY-PC, Scheduler, Rootkit Database, 2014.7.7.1, 2014.7.9.1, 
Update, 10/07/2014 3:50:09 p.m., SYSTEM, MAMOFAMILY-PC, Scheduler, Malware Database, 2014.7.9.5, 2014.7.9.13, 
Protection, 10/07/2014 3:50:12 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Starting, 
Protection, 10/07/2014 3:50:12 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 10/07/2014 3:50:13 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 10/07/2014 3:50:57 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Refresh, Success, 
Protection, 10/07/2014 3:50:57 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 10/07/2014 3:51:02 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Started, 
Protection, 10/07/2014 7:02:01 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malware Protection, Stopping, 
Protection, 10/07/2014 7:02:01 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malware Protection, Stopped, 
Protection, 10/07/2014 7:02:01 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 10/07/2014 7:02:02 p.m., SYSTEM, MAMOFAMILY-PC, Protection, Malicious Website Protection, Stopped, 
 
(end)
 
 
Edit: I stopped the ESET scan. Here's the log it produced:
 
C:\AdwCleaner\Quarantine\C\Users\Mamo Family\AppData\Local\torch\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA potentially unsafe application
C:\Program Files (x86)\EpicBot\epicbot.jar a variant of Java/Obfuscated.AllatoriDemo.A potentially unsafe application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Sandbox\Mamo_Family\SafeBox\user\current\AppData\Local\Temp\nsxA786.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\Sandbox\Mamo_Family\SafeBox\user\current\AppData\Local\Torch\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
 
 
 
 
 

Edited by IcedTea, 10 July 2014 - 07:03 AM.


#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 10 July 2014 - 01:06 PM

As long as you are aware of those applications on your system, ESET is just alerting to the "type" of program that they are.

How is the computer running now, are there any outstanding issues?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 17 July 2014 - 11:35 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users