Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Comcast says I have bots. [Solved]

comcast bots

  • This topic is locked This topic is locked
15 replies to this topic

#1 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 05 September 2014 - 04:20 PM

Hi,

  Comcast says I have bots. I have no indication that it is so. Need a pro to check my logs please.

Thanks.

 

OTL

 

OTL logfile created on: 9/5/2014 2:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lewlew\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 53.35% Memory free
11.98 Gb Paging File | 8.49 Gb Available in Paging File | 70.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 485.97 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 295.32 Gb Free Space | 31.70% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 292.66 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive J: | 14.89 Gb Total Space | 10.03 Gb Free Space | 67.32% Space Free | Partition Type: FAT32
 
Computer Name: BLACKHOLE | User Name: Lewlew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lewlew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
PRC - C:\Program Files (x86)\Adguard\Adguard.exe (Insoft LLC)
PRC - C:\Program Files (x86)\Adguard\AdguardSvc.exe (Insoft LLC)
PRC - C:\Program Files (x86)\StorageCraft\ShadowProtect\MountNotify.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtect.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files (x86)\StorageCraft\ShadowProtect\sbrun.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe (NeoSoft Tools)
PRC - C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe (VueSoft)
PRC - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\Breevy.exe (16 Software (www.16software.com))
PRC - C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
PRC - C:\Program Files (x86)\Sharp World Clock\Sharp World Clock.exe (Johannes Wallroth)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe (WiseCleaner.COM)
PRC - C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files (x86)\AJC Software\AJC Active Backup\AJCActiveBackup.exe (AJC Software)
PRC - C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC)
PRC - C:\Program Files\Listary\Listary.exe (Bopsoft)
PRC - C:\Program Files\Listary\ListaryService.exe ()
PRC - C:\Program Files (x86)\ac'tivAid\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Program Files (x86)\FlashNote\Flashnote.exe ()
PRC - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
PRC - C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe (Kensington)
PRC - C:\Program Files (x86)\textBEAST3pro\textBEASTpro.exe (ASBware, LLC)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
PRC - C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe (Green Parrots Software)
PRC - C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Program Files (x86)\Conceptworld\NoteZilla\NoteZilla.exe (Conceptworld Corporation)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VueMinder\838e4821c60c5f729e9b16c9bce51499\VueMinder.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MySql.Data\59252920e76b42f690ce0cc533f39018\MySql.Data.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vuesoft.App1ad85be5#\bc6964039108fce5092c5af0b7d7fb1a\Vuesoft.Applications.Vueminder.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\ae18426916e4acf912f54aefb8cd00c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O7c0023ad#\6cbcfec902f4dfda6f939451b5a7444f\Microsoft.Office.Interop.Outlook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\office\9706ae53475ae99bb5029c8457d7781a\office.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic951817b1#\1eec57cfd2790e835d850040bd53680b\Infragistics2.Win.AppStylistSupport.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic9fd77c0e#\5da7d3d9d5905f3475fd1f88f02eb68b\Infragistics2.Win.UltraWinDock.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic018292d7#\7c21e892f174e422cca045de703332d6\Infragistics2.Win.SupportDialogs.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.mshtml\406fcc6be8c26cdcbdc738eb516a7d2f\Microsoft.mshtml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic147bc10b#\8fcc1091a1d1f75868076fa1e732b25e\Infragistics2.Win.UltraWinTree.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic7815e788#\7c9ecd8bb31643c3034a8be8ce6784a2\Infragistics2.Win.UltraWinGrid.ExcelExport.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic9522a2e2#\4a41aa85581bd36228939df4f9914b8e\Infragistics2.Win.UltraWinListView.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlAgilityPack\db8a1b0df8fe5d0eca4107aa11d3aab0\HtmlAgilityPack.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic0a615d00#\24a87a6f2335822883cbd4b3a61b6aaf\Infragistics2.Win.UltraWinDataSource.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\stdole\100ff835a3cbd030b0bb6c2facc9e646\stdole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Ebaf313d4#\18484cc1d6b8d957b995c76650864cc0\Microsoft.Exchange.WebServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragisticfe14f775#\ca1b3da0df1d1bb14e823dae88a49adf\Infragistics2.Win.UltraWinGrid.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic91b0e417#\dfab8c695113133da70ccbb9abd6e602\Infragistics2.Win.UltraWinToolbars.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic266c5ac8#\875b7f7e1a8f022cbb4afe7f01ad96f8\Infragistics2.Win.UltraWinSchedule.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic808a5bb9#\491c217b805f26893f4b5c6bd324bbe4\Infragistics2.Win.UltraWinTabbedMdi.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic5530c6bd#\d070f0cc6bc87519a35464851f874642\Infragistics2.Win.UltraWinTabControl.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic2ebadc1c#\3b850267ff50a48c9cc94e9a63f9d286\Infragistics2.Win.UltraWinGauge.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic3151830d#\ab3c4116d88bfa03b0d9153a18e8cda6\Infragistics2.Win.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragisticb1f0f048#\5b58521bd7bd68c65e6a8d17b906bf52\Infragistics2.Win.UltraWinStatusBar.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic6a3402d7#\121cc832c7d24133b564c8b34fdde48f\Infragistics2.Win.Misc.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragistic2f2b555f#\228d18f7f6ea1f958a4a85bd030b6c8c\Infragistics2.Win.UltraWinEditors.v10.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WinFormHtmlEditor\b82cbad83ffe753cd8a37e5cf037b92b\WinFormHtmlEditor.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\protobuf-net\cd3e8abc649e23c3bca02836a0512cbb\protobuf-net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Infragisticfa5d9f74#\f351666af7f93e250036d10f3d020c49\Infragistics2.Shared.v10.1.ni.dll ()
MOD - C:\Program Files\Listary\ListaryService.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Speech\6e9da6b97cdd396132aca78c3d8cfc78\System.Speech.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\b71ff7f0fb61d547d06ba13548d68748\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\a018b9c52b58afe1eeddde17bbcd5d44\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files\Listary\CrashRpt1402.dll ()
MOD - C:\Program Files (x86)\ac'tivAid\AutoHotkey\AutoHotkey.exe ()
MOD - C:\Program Files (x86)\FlashNote\Flashnote.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\KeepOutlookRunning.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\freetype6.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libexpat.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Breevy332 PORTABLE\app\Breevy\zlib1.dll ()
MOD - C:\Program Files (x86)\FlashNote\sqlite3.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Program Files (x86)\Conceptworld\NoteZilla\sqlite3.dll ()
MOD - C:\Program Files (x86)\Conceptworld\NoteZilla\zlib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ERPx64Svc) -- C:\Program Files\NoVirusThanks\EXE Radar Pro\ERPx64Svc.exe File not found
SRV:64bit: - (_wfcs) -- C:\Program Files\Windows Firewall Control\wfcs.exe (BiniSoft.org)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ListaryService) -- C:\Program Files\Listary\ListaryService.exe ()
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Business 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (ISRService) -- C:\$ISR\0\ISRService.exe File not found
SRV - (Adguard Service) -- C:\Program Files (x86)\Adguard\AdguardSvc.exe (Insoft LLC)
SRV - (VSNAPVSS) -- C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (StorageCraft ImageReady) -- C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe ()
SRV - (ShadowProtectSvc) -- C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe (Mister Group)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (BRN_APPGUARD_SERVICE) -- C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe (Blue Ridge Networks)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AnyDesk) -- C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
SRV - (StorageCraft ImageManager) -- C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AxAutoMntSrv) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (PRMonitorService) -- C:\Program Files (x86)\Personal Renamer\PRService1.exe (VC)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (GPAdjustTimeService) -- C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe (Green Parrots Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) -- C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY (BIT Software))
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (sbmount) -- C:\Windows\SysNative\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV:64bit: - (adgnetworktdi) -- C:\Windows\SysNative\drivers\adgnetworktdi.sys ()
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (BrnFileLock) -- C:\Windows\SysNative\drivers\brnfilelock.sys (Blue Ridge Networks)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (stcvsm) -- C:\Windows\SysNative\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (Visicom Media Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv.sys (Visicom Media Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (tbwkern) -- C:\Windows\SysNative\drivers\tbwkern.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (FAMv4) -- C:\Windows\SysNative\drivers\FAMv4.sys (VisionWorks Solutions, Inc)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Business 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH)
DRV - (cleanhlp) -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lewlew\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 39 C8 8F 6C 72 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {FF6BC2B2-758D-4098-9F3D-FEC76ADB0C16}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{9989A0E8-1378-431D-BE0A-87946CFC6EC9}: "URL" = http://duckduckgo.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{FF6BC2B2-758D-4098-9F3D-FEC76ADB0C16}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.3
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.4
FF - prefs.js..extensions.enabledAddons: %7B943b5589-7808-4a70-acdc-7b6ee21e7cce%7D:0.7
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.23
FF - prefs.js..extensions.enabledAddons: %7B3541c267-2580-4144-854e-2e05c8670121%7D:2.2.1
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.5
FF - prefs.js..extensions.enabledAddons: sidebarBookmarksSearch%40alice:2.0.1
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.1
FF - prefs.js..extensions.enabledAddons: goParentFolder%40alice:2.9.1
FF - prefs.js..extensions.enabledAddons: %7B578e7caa-210f-4967-a0d3-88fe5b59a39f%7D:0.9.3.2
FF - prefs.js..extensions.enabledAddons: pagezipper%40printwhatyoulike.com:0.6.2
FF - prefs.js..extensions.enabledAddons: 54c7d9671b9eccd9e5686a73df34ab60%40button.codefisher.org:1.4.1
FF - prefs.js..extensions.enabledAddons: openinchrome%40griffeltavla.wordpress.com:1.5.3
FF - prefs.js..extensions.enabledAddons: DragUrLink%40mozilla.org:0.9.8
FF - prefs.js..extensions.enabledAddons: copylinkurl%40bluelightdev.com:1.5
FF - prefs.js..extensions.enabledAddons: copy-urls-expert%40kashiif-gmail.com:2.2.1
FF - prefs.js..extensions.enabledAddons: %7B8B72860F-C5F8-4286-865E-D2C2DB98A9E6%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.23
FF - prefs.js..extensions.enabledAddons: tabgroupshelper%40kevinallasso.org:0.1.3
FF - prefs.js..extensions.enabledAddons: TabGroupBar%40krzysztof.dawidowicz.uj.edu.pl:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:8.0.4
FF - prefs.js..extensions.enabledAddons: scrapbookx%40addons.mozilla.org:1.12.0a25
FF - prefs.js..extensions.enabledAddons: formhistory%40yahoo.com:1.3.3.0
FF - prefs.js..extensions.enabledAddons: s3menu%40wizard:1.12
FF - prefs.js..extensions.enabledAddons: %7B8620c15f-30dc-4dba-a131-7c5d20cf4a29%7D:3.7
FF - prefs.js..extensions.enabledAddons: %7B996bb709-9ff1-4b3e-a865-b5820fd84345%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: s3google%40translator:3.01
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: extensionlistdumper%40sogame.cat:1.15.2
FF - prefs.js..extensions.enabledAddons: closealltabs%40michael.grafl:2.3.1
FF - prefs.js..extensions.enabledAddons: copyplaintext%40teo.pl:1.3.2
FF - prefs.js..extensions.enabledAddons: %7Bcd6c4ebf-366e-45a0-98b5-b8217288eed7%7D:0.7.4
FF - prefs.js..extensions.enabledAddons: yesscript%40userstyles.org:2.0
FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:3.3
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.5beta3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lewlew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/08/30 11:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2014/03/03 15:07:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/08/30 11:35:59 | 000,000,000 | ---D | M]
 
[2014/08/08 19:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Extensions
[2014/09/04 14:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions
[2014/08/16 11:14:41 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2014/08/21 14:59:32 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2014/08/10 13:35:29 | 000,000,000 | ---D | M] ("Converter") -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2014/08/12 23:40:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/09/02 23:06:14 | 000,000,000 | ---D | M] (TextMarker Go) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}
[2014/08/29 19:05:31 | 000,000,000 | ---D | M] (Fastest Search) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\fastestsearch@mingyi.org
[2014/08/20 14:41:37 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\formhistory@yahoo.com
[2014/08/08 19:23:29 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\foxmarks@kei.com
[2014/08/09 03:15:19 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\isreaditlater@ideashower.com
[2014/08/09 03:31:19 | 000,000,000 | ---D | M] ("Sidebar Bookmarks Search Plus") -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\sidebarBookmarksSearch@alice
[2014/08/15 18:28:11 | 000,000,000 | ---D | M] (Tab Groups Helper) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\tabgroupshelper@kevinallasso.org
[2014/08/09 03:39:03 | 000,014,810 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi
[2014/08/10 13:29:42 | 000,016,444 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\addonsmgrhilte@cfl.xpi
[2014/08/08 19:41:03 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2014/09/04 14:06:19 | 000,385,439 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi
[2014/08/12 23:32:18 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\clearConsole@penzil.com.xpi
[2014/09/02 13:17:19 | 000,034,712 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\closealltabs@michael.grafl.xpi
[2014/08/09 12:30:51 | 000,053,991 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\copy-urls-expert@kashiif-gmail.com.xpi
[2014/08/09 12:30:51 | 000,012,941 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\copylinkurl@bluelightdev.com.xpi
[2014/09/02 14:40:14 | 000,061,214 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\copyplaintext@teo.pl.xpi
[2014/08/09 10:34:39 | 000,017,396 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\DragUrLink@mozilla.org.xpi
[2014/08/29 12:23:53 | 000,074,928 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\extensionlistdumper@sogame.cat.xpi
[2014/08/28 23:38:25 | 000,095,444 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\fbp@fbpurity.com.xpi
[2014/08/16 06:05:08 | 000,232,021 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\fbt@quicksaver.xpi
[2014/09/04 14:06:19 | 000,077,092 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\firefoxaddon@youtubeenhancer.com.xpi
[2014/08/09 03:31:19 | 000,013,861 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\goParentFolder@alice.xpi
[2014/08/17 21:02:22 | 000,118,081 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid0-BhB0u1jjAYBkCecSVdoY1yjuo6o@jetpack.xpi
[2014/08/09 03:33:50 | 000,203,009 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid0-IPSuVKD0J7yL1cIBwQAdoHTCWmY@jetpack.xpi
[2014/08/08 20:11:09 | 000,667,234 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2014/08/23 14:28:12 | 000,096,878 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid1-D7momAzRw417Ag@jetpack.xpi
[2014/08/09 03:34:15 | 000,056,667 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi
[2014/09/02 15:31:01 | 000,097,929 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi
[2014/08/30 14:07:59 | 000,122,557 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi
[2014/08/31 16:46:02 | 000,109,277 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\newtabtools@darktrojan.net.xpi
[2014/08/09 11:05:35 | 000,010,666 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\noverflow@sdrocking.com.xpi
[2014/08/09 04:34:25 | 000,033,064 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\openinchrome@griffeltavla.wordpress.com.xpi
[2014/08/09 03:39:03 | 000,038,604 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\pagezipper@printwhatyoulike.com.xpi
[2014/08/09 12:26:44 | 000,066,455 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\Profilist@jetpack.xpi
[2014/08/08 19:41:55 | 000,015,751 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\restartless.restart@erikvold.com.xpi
[2014/08/22 01:19:33 | 000,100,161 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\s3google@translator.xpi
[2014/08/20 23:36:07 | 000,088,969 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\s3menu@wizard.xpi
[2014/08/17 13:58:10 | 000,594,210 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\scrapbookx@addons.mozilla.org.xpi
[2014/08/09 03:31:19 | 000,009,488 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\showParentFolder@alice.xpi
[2014/08/15 18:28:11 | 000,009,270 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\TabGroupBar@krzysztof.dawidowicz.uj.edu.pl.xpi
[2014/09/03 14:19:53 | 000,053,620 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\yesscript@userstyles.org.xpi
[2014/08/08 20:03:30 | 000,452,422 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/08/08 19:45:02 | 000,541,094 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2014/08/08 20:09:20 | 000,023,434 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}.xpi
[2014/08/09 03:39:03 | 000,055,933 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi
[2014/09/02 13:18:23 | 000,541,661 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/08/08 19:49:18 | 000,052,412 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{943b5589-7808-4a70-acdc-7b6ee21e7cce}.xpi
[2014/08/21 21:17:38 | 000,007,690 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{996bb709-9ff1-4b3e-a865-b5820fd84345}.xpi
[2014/08/12 23:32:18 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2014/08/08 19:44:39 | 000,788,466 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/08/25 17:40:32 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/08/16 06:02:26 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2014/08/29 12:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/29 12:18:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Magic Actions for YouTubeâ„¢ = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.9.2_0\
CHR - Extension: Tab-Snap = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjloplcjllkammemhenacfjcccockde\1.2.8_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.28_0\
CHR - Extension: Sexy Undo Close Tab = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.5.4_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckieTV - 'Browser Action' mode = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfkaloficjmdjbgmckaddgfcghgidei\0.70_0\
CHR - Extension: Go Extensions = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdlogpoaigpjcfjfllhjdaniobkjnkmg\0.2_0\
CHR - Extension: Tab Scissors = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdochbecpfdpjobpgnacnbepkgcfhoek\1.2_0\
CHR - Extension: Share Extensions = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe\0.1.1_0\
CHR - Extension: Incognito-Filter = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik\0.0.9_0\
CHR - Extension: Google Search = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Restart your browser = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfmhdgpigoebiiccopgpbjacndhldoo\1.0_0\
CHR - Extension: Subscriptions Grid For YouTubeâ„¢ = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed\1.10_0\
CHR - Extension: Spell Bee = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfbnahffpakjbdlccohcoglcnafhgnhm\1.0_0\
CHR - Extension: Copy All Urls = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk\2.9_0\
CHR - Extension: Session Buddy = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.9_0\
CHR - Extension: Tabs Outliner = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.78_0\
CHR - Extension: Video Downloader professional = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.43_0\
CHR - Extension: SearchBar = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed\0.7.4_0\
CHR - Extension: Close Tabs = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo\1.1_0\
CHR - Extension: Tampermonkey BETA = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf\3.9.4275_0\
CHR - Extension: Close tabs to the left = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmjpicopfkgmjdomahfjkmhpcelklba\1.3_0\
CHR - Extension: Selection Search = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe\0.7.22_0\
CHR - Extension: No name found = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\glaohkkooicollgefkkmndjcbblominl\3.1.20_0\
CHR - Extension: Dream Afar New Tab = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn\0.2.14_0\
CHR - Extension: Social Fixer for Facebook = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\10.6_0\
CHR - Extension: Yet Another Drag and Go FIX = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbfjijnippekinigficbmbmfkiihpng\0.2.1_0\
CHR - Extension: Bookmarks Shortcut for Google Chromeâ„¢ = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhcephcagmjfljemognihhmophkdoe\1.0.2_0\
CHR - Extension: close pinned tab = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnlecdojfenkidbfdjejdmajggkegca\0.2_0\
CHR - Extension: Fast Search for eBay = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf\4.5.9.4_0\
CHR - Extension: The Great Suspender = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg\4.74_0\
CHR - Extension: Zoom = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd\1.1.0.6_0\
CHR - Extension: Reload All Tabs = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci\1.0_0\
CHR - Extension: Currency Converter = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg\0.6.0_0\
CHR - Extension: Lazarus: Form Recovery = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.2_0\
CHR - Extension: Tab Glue = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfedioikeigljhjfpghdejnogniddhna\1.2_0\
CHR - Extension: Clickable Links = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\2.3_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\10.5.2_0\
CHR - Extension: Comment Save = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmcbhmmonjkclhmeidccodfhlifmmco\0.6.4_0\
CHR - Extension: Save to Pocket = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.9.2_0\
CHR - Extension: Extensions Update Notifier = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm\2.3.1_0\
CHR - Extension: Google Wallet = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: ImTranslator: Google Translate = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh\2.10_0\
CHR - Extension: Pickpocket = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfomjjafcdfkdodojjgkhlepcofaail\1.3.7.3_0\
CHR - Extension: OneClick Cleaner for Chrome = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.9_0\
CHR - Extension: Oh My Tabs! = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pafbcbpkhdaannjjnemdlohnoaecbohb\2.0.0_0\
CHR - Extension: Gmail = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Open External Links in New Tab = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgjfdndcgbblimbigekghdmgkjbffba\1.1_0\
CHR - Extension: RoboForm = C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.9.2_0\
 
O1 HOSTS File: ([2014/07/21 12:49:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [AppGuardGUI] C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Blue Ridge Networks)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Kensington TrackballWorks Helper] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe (Kensington)
O4 - HKLM..\Run: [StorageCraft Mount Notifier] C:\Program Files (x86)\StorageCraft\ShadowProtect\MountNotify.exe (StorageCraft Technology Corporation)
O4 - HKLM..\Run: [textBEASTpro] C:\Program Files (x86)\textBEAST3pro\textBEASTpro.exe (ASBware, LLC)
O4 - HKCU..\Run: [AJC Active Backup 2] C:\Program Files (x86)\AJC Software\AJC Active Backup\AJCActiveBackup.exe (AJC Software)
O4 - HKCU..\Run: [Breevy] C:\Program Files (x86)\Breevy332 PORTABLE\BreevyPortable.exe (16 Software (www.16software.com))
O4 - HKCU..\Run: [Chameleon System Monitor] c:\program files (x86)\common files\Chameleon Manager\monitor.exe (NeoSoft Tools)
O4 - HKCU..\Run: [Flashnote] c:\Program Files (x86)\FlashNote\Flashnote.exe ()
O4 - HKCU..\Run: [Kensington TrackballWorks] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe (Kensington)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk = C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
O4 - Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk = C:\Program Files (x86)\ac'tivAid\Portable_ac'tivAid.exe ()
O4 - Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe (XRayz Software)
O4 - Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
O4 - Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IR Service.lnk = C:\$ISR\0\isrservice.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: >Search in Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_search.htm ()
O8:64bit: - Extra context menu item: Add to Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_add.htm ()
O8:64bit: - Extra context menu item: Add to Linkman (all tabs) - C:\Users\Lewlew\Documents\Linkman\iescript_addall.htm ()
O8:64bit: - Extra context menu item: Add to Linkman and Edit - C:\Users\Lewlew\Documents\Linkman\iescript_edit.htm ()
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Show Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_show.htm ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: >Search in Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_search.htm ()
O8 - Extra context menu item: Add to Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_add.htm ()
O8 - Extra context menu item: Add to Linkman (all tabs) - C:\Users\Lewlew\Documents\Linkman\iescript_addall.htm ()
O8 - Extra context menu item: Add to Linkman and Edit - C:\Users\Lewlew\Documents\Linkman\iescript_edit.htm ()
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show Linkman - C:\Users\Lewlew\Documents\Linkman\iescript_show.htm ()
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70A9CA21-B53D-4B84-A473-7B11D73B4D36}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8063F15B-8886-47FE-AD80-DCCD5526ED7B}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{088acb4b-de46-11e1-9eaf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{088acb4b-de46-11e1-9eaf-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.ultimatebootcd.com/
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.spv1 - C:\Users\Lewlew\AppData\Local\Learnpulse\Screenpresso\ScreenpressoCodec.dll (LearnPulse)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/05 14:40:36 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Lewlew\Desktop\dds.scr
[2014/09/05 14:40:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lewlew\Desktop\HiJackThis.exe
[2014/09/05 14:39:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lewlew\Desktop\OTL.exe
[2014/09/05 14:38:02 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Users\Lewlew\Desktop\SysInfo.exe
[2014/09/05 00:09:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/09/05 00:09:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/09/05 00:09:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/09/05 00:06:01 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lewlew\Desktop\tdsskiller.exe
[2014/09/04 23:40:48 | 005,576,440 | R--- | C] (Swearware) -- C:\Users\Lewlew\Desktop\ComboFix.exe
[2014/09/04 23:29:21 | 030,517,960 | ---- | C] (Microsoft Corporation) -- C:\Users\Lewlew\Desktop\Windows-KB890830-x64-V5.15.exe
[2014/09/04 20:51:27 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/09/04 20:51:27 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/09/04 20:51:27 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/09/04 20:51:17 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/09/04 20:51:17 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/09/04 20:51:16 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/09/04 20:51:16 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/09/04 20:51:16 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/09/04 20:51:16 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/09/04 20:51:13 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/09/04 20:51:13 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/09/04 20:51:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/09/04 20:51:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/09/04 18:27:50 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\Documents\PhraseExpress
[2014/09/04 18:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhraseExpress_USB
[2014/09/04 18:25:54 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\Desktop\Malwarebytes AntiRootkit
[2014/09/04 14:40:40 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Breevy
[2014/09/04 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Breevy332 PORTABLE
[2014/09/04 05:25:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/02 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blasteroids Win64
[2014/09/02 22:16:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epCheck_beta
[2014/09/01 20:07:12 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\DVDVideoSoft
[2014/09/01 15:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStoneResizer33 PORTABLE
[2014/09/01 15:24:38 | 000,000,000 | R--D | C] -- C:\Users\Lewlew\Desktop\TheFappening2014 AppleGoof
[2014/08/30 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2014/08/29 18:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\usbtreeview
[2014/08/28 13:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2014/08/28 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2014/08/28 13:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2014/08/26 19:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NoVirusThanks
[2014/08/25 00:45:09 | 000,000,000 | -HSD | C] -- C:\$ISR
[2014/08/25 00:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco
[2014/08/21 14:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp_Info_Tool
[2014/08/21 14:47:41 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Winamp Info Tool
[2014/08/21 14:45:02 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Winamp Backup Tool
[2014/08/20 03:46:09 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Everything
[2014/08/20 03:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2014/08/19 22:09:11 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\Documents\TEBookConverter
[2014/08/19 22:09:11 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\TEBookConverter
[2014/08/19 22:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TEBookConverter
[2014/08/17 20:20:35 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Process Hacker 2
[2014/08/17 20:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\processhacker-2.33-bin
[2014/08/17 03:25:21 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Notation
[2014/08/17 03:25:20 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Local\Alison_Robson
[2014/08/17 03:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Notation
[2014/08/17 02:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\npp.6.6.8.bin
[2014/08/17 00:48:31 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Local\Leanterface_Inc
[2014/08/17 00:46:56 | 000,000,000 | ---D | C] -- C:\OneCommanderLatest64bit
[2014/08/16 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Insoft LLC
[2014/08/16 12:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\streamwriter
[2014/08/16 04:21:31 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\dwhelper
[2014/08/14 15:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileLocator Pro 2042 PORTABLE
[2014/08/14 11:01:16 | 000,132,840 | ---- | C] (StorageCraft Technology Corporation) -- C:\Windows\SysNative\drivers\sbmount.sys
[2014/08/14 02:42:51 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\uTorrent
[2014/08/14 01:56:42 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Mythicsoft
[2014/08/14 01:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
[2014/08/12 18:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATTRIBUTE CHANGER
[2014/08/12 16:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoDateChanger
[2014/08/12 12:33:25 | 000,000,000 | ---D | C] -- C:\PPLog
[2014/08/09 19:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/08/08 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2014/08/08 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Roaming\Mozilla
[2014/08/08 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\Lewlew\AppData\Local\Mozilla
[2014/08/08 19:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/08 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\webapprt
[2014/08/08 18:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uninstall
[2014/08/08 18:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dictionaries
[2014/08/08 18:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults
[2014/08/08 18:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\browser
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Lewlew\Desktop\*.tmp files -> C:\Users\Lewlew\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/05 14:55:04 | 000,007,180 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/09/05 14:54:30 | 000,001,110 | -H-- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\tlbdata.xml
[2014/09/05 14:40:35 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Lewlew\Desktop\dds.scr
[2014/09/05 14:40:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lewlew\Desktop\HiJackThis.exe
[2014/09/05 14:39:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lewlew\Desktop\OTL.exe
[2014/09/05 14:39:09 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/05 14:39:09 | 000,013,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/05 14:37:59 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\Lewlew\Desktop\SysInfo.exe
[2014/09/05 14:31:44 | 000,786,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/05 14:31:44 | 000,665,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/05 14:31:44 | 000,123,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/05 14:25:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/05 14:25:15 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/05 00:06:04 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lewlew\Desktop\tdsskiller.exe
[2014/09/04 23:56:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/04 23:54:42 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/04 23:40:48 | 005,576,440 | R--- | M] (Swearware) -- C:\Users\Lewlew\Desktop\ComboFix.exe
[2014/09/04 23:29:18 | 030,517,960 | ---- | M] (Microsoft Corporation) -- C:\Users\Lewlew\Desktop\Windows-KB890830-x64-V5.15.exe
[2014/09/04 18:38:41 | 000,001,600 | ---- | M] () -- C:\Users\Lewlew\Desktop\PhraseExpress.lnk
[2014/09/04 14:43:07 | 000,001,466 | ---- | M] () -- C:\Users\Lewlew\Desktop\BreevyPortable.exe - Shortcut.lnk
[2014/09/04 03:10:24 | 000,049,015 | ---- | M] () -- C:\Users\Lewlew\Desktop\Emet.xml
[2014/09/04 03:05:51 | 000,000,956 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk
[2014/09/04 03:05:50 | 000,001,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk
[2014/09/04 03:05:50 | 000,001,089 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
[2014/09/04 03:05:50 | 000,001,060 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk
[2014/09/04 03:05:50 | 000,000,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
[2014/09/04 03:05:50 | 000,000,852 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk
[2014/09/04 03:05:50 | 000,000,814 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Listary.lnk
[2014/09/04 03:05:50 | 000,000,676 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IR Service.lnk
[2014/09/03 14:42:34 | 011,239,424 | ---- | M] () -- C:\Users\Lewlew\Desktop\EMET Setup.msi
[2014/09/03 14:42:32 | 001,244,739 | ---- | M] () -- C:\Users\Lewlew\Desktop\EMET User's Guide.pdf
[2014/09/02 22:17:26 | 000,001,343 | ---- | M] () -- C:\Users\Lewlew\Desktop\epCheck.exe - Shortcut.lnk
[2014/09/02 13:27:45 | 000,001,924 | ---- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\chrome - INCOGNITO MODE.lnk
[2014/09/01 21:09:12 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/01 21:09:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/01 01:23:52 | 004,174,612 | ---- | M] () -- C:\Users\Lewlew\Desktop\The Human Beinz - Nobody But Me (with guitar chord intro) - [STEREO].mp3
[2014/08/31 14:48:59 | 000,001,303 | ---- | M] () -- C:\Windows\MultiTimer.ini
[2014/08/29 12:19:02 | 000,001,107 | ---- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/28 13:25:34 | 000,001,249 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/08/26 12:54:19 | 000,000,833 | ---- | M] () -- C:\Users\Lewlew\Desktop\services.msc.lnk
[2014/08/23 23:58:18 | 000,001,052 | ---- | M] () -- C:\ProgramData\EXERadar.LIC
[2014/08/19 22:16:08 | 000,001,837 | ---- | M] () -- C:\Users\Lewlew\Desktop\AnyDesk.lnk
[2014/08/19 22:16:03 | 000,001,102 | ---- | M] () -- C:\Users\Lewlew\Desktop\TeamViewer 9.lnk
[2014/08/19 22:14:49 | 000,001,293 | ---- | M] () -- C:\Users\Lewlew\Desktop\calibre.exe - Shortcut.lnk
[2014/08/19 22:09:07 | 000,001,051 | ---- | M] () -- C:\Users\Lewlew\Desktop\TEBookConverter.lnk
[2014/08/19 03:14:39 | 000,001,757 | ---- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\chrome.lnk
[2014/08/17 00:49:41 | 000,001,064 | ---- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\OneCommander.lnk
[2014/08/16 19:32:21 | 000,001,674 | ---- | M] () -- C:\Users\Lewlew\Desktop\Aces High.lnk
[2014/08/14 18:38:23 | 000,004,214 | -H-- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\setup.ini
[2014/08/14 15:48:29 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2014/08/14 11:01:16 | 000,132,840 | ---- | M] (StorageCraft Technology Corporation) -- C:\Windows\SysNative\drivers\sbmount.sys
[2014/08/14 10:58:11 | 000,001,780 | ---- | M] () -- C:\parameters.reg
[2014/08/10 01:58:55 | 000,000,482 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/08/09 10:46:30 | 000,002,249 | ---- | M] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\[WindowsExplorer] Windows Explorer.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Lewlew\Desktop\*.tmp files -> C:\Users\Lewlew\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/04 18:27:29 | 000,001,600 | ---- | C] () -- C:\Users\Lewlew\Desktop\PhraseExpress.lnk
[2014/09/04 14:43:07 | 000,001,466 | ---- | C] () -- C:\Users\Lewlew\Desktop\BreevyPortable.exe - Shortcut.lnk
[2014/09/04 03:10:23 | 000,049,015 | ---- | C] () -- C:\Users\Lewlew\Desktop\Emet.xml
[2014/09/04 03:05:50 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk
[2014/09/04 03:05:50 | 000,001,089 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
[2014/09/04 03:05:50 | 000,001,060 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk
[2014/09/04 03:05:50 | 000,000,956 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk
[2014/09/04 03:05:50 | 000,000,852 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk
[2014/09/04 03:05:50 | 000,000,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Listary.lnk
[2014/09/04 03:05:50 | 000,000,676 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IR Service.lnk
[2014/09/03 14:42:44 | 011,239,424 | ---- | C] () -- C:\Users\Lewlew\Desktop\EMET Setup.msi
[2014/09/03 14:42:38 | 001,244,739 | ---- | C] () -- C:\Users\Lewlew\Desktop\EMET User's Guide.pdf
[2014/09/02 22:17:26 | 000,001,343 | ---- | C] () -- C:\Users\Lewlew\Desktop\epCheck.exe - Shortcut.lnk
[2014/09/01 21:29:36 | 000,001,924 | ---- | C] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\chrome - INCOGNITO MODE.lnk
[2014/09/01 01:23:50 | 004,174,612 | ---- | C] () -- C:\Users\Lewlew\Desktop\The Human Beinz - Nobody But Me (with guitar chord intro) - [STEREO].mp3
[2014/08/28 13:25:34 | 000,001,249 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/08/26 12:54:19 | 000,000,833 | ---- | C] () -- C:\Users\Lewlew\Desktop\services.msc.lnk
[2014/08/19 22:16:08 | 000,001,837 | ---- | C] () -- C:\Users\Lewlew\Desktop\AnyDesk.lnk
[2014/08/19 22:16:03 | 000,001,102 | ---- | C] () -- C:\Users\Lewlew\Desktop\TeamViewer 9.lnk
[2014/08/19 22:14:49 | 000,001,293 | ---- | C] () -- C:\Users\Lewlew\Desktop\calibre.exe - Shortcut.lnk
[2014/08/19 22:14:10 | 000,001,051 | ---- | C] () -- C:\Users\Lewlew\Desktop\TEBookConverter.lnk
[2014/08/17 00:47:20 | 000,001,064 | ---- | C] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\OneCommander.lnk
[2014/08/14 15:48:29 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX
[2014/08/14 10:58:01 | 000,001,780 | ---- | C] () -- C:\parameters.reg
[2014/08/10 01:58:55 | 000,000,482 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/09 10:46:30 | 000,002,249 | ---- | C] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\[WindowsExplorer] Windows Explorer.lnk
[2014/08/08 19:54:07 | 000,007,180 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2014/08/08 19:17:24 | 000,001,107 | ---- | C] () -- C:\Users\Lewlew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/06 12:34:42 | 000,253,952 | ---- | C] () -- C:\Program Files\Timer.exe
[2014/08/04 14:51:17 | 000,001,052 | ---- | C] () -- C:\ProgramData\EXERadar.LIC
[2014/06/24 01:41:22 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/08 16:07:28 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2014/05/26 01:43:24 | 000,003,584 | ---- | C] () -- C:\Users\Lewlew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/10 18:08:04 | 000,004,986 | ---- | C] () -- C:\ProgramData\giiynunu.mau
[2014/04/06 03:07:17 | 000,000,067 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\burnaware.ini
[2014/03/28 10:01:21 | 000,007,605 | ---- | C] () -- C:\Users\Lewlew\AppData\Local\Resmon.ResmonCfg
[2014/03/09 06:56:34 | 000,000,407 | ---- | C] () -- C:\Windows\SysWow64\drivers\vwifikerneldrv.sys
[2014/03/09 06:56:34 | 000,000,407 | ---- | C] () -- C:\ProgramData\fontcacheev1.dat
[2014/03/03 01:24:41 | 000,001,303 | ---- | C] () -- C:\Windows\MultiTimer.ini
[2014/03/03 01:05:57 | 000,012,176 | ---- | C] () -- C:\Users\Lewlew\AppData\Local\BlackToText907.tif
[2014/03/03 01:04:22 | 000,000,015 | ---- | C] () -- C:\Users\Lewlew\AppData\Local\gt-props
[2014/03/02 22:57:42 | 000,004,993 | ---- | C] () -- C:\ProgramData\zmlomobd.kxh
[2014/03/01 08:42:48 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2014/03/01 03:13:21 | 000,000,673 | ---- | C] () -- C:\Windows\clipc.INI
[2012/08/08 13:55:01 | 011,632,640 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Sandra.mdb
[2012/08/08 13:55:01 | 000,000,064 | ---- | C] () -- C:\Users\Lewlew\AppData\Roaming\Sandra.ldb
[2012/08/07 01:58:40 | 000,000,195 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/04 08:35:43 | 000,004,952 | ---- | C] () -- C:\ProgramData\ipqjxxho.fyn
[2007/11/23 14:03:05 | 000,000,046 | -H-- | C] () -- C:\Users\Lewlew\AppData\Roaming\UsrClass.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/02 12:52:15 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\.kde
[2012/08/11 11:27:38 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\2BrightSparks
[2014/03/29 16:10:05 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\aicon
[2014/08/16 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\AJC Software
[2014/08/03 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\AnyDesk
[2014/07/02 14:22:32 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\ASBware
[2012/08/04 16:54:37 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\ASUS
[2014/06/08 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\AuctionSentry
[2012/08/11 17:34:29 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\BITS
[2014/03/09 15:52:53 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\blue ridge networks
[2014/09/04 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Breevy
[2014/03/08 17:36:47 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\calibre
[2012/08/06 00:53:25 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Conceptworld
[2012/08/08 13:45:50 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Desktop Background Tuner
[2014/08/04 00:52:28 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\DVDFab9
[2014/09/01 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\DVDVideoSoft
[2014/03/01 03:11:49 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Eazy-Ware
[2014/09/04 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Everything
[2014/03/04 02:16:25 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Firetrust
[2012/08/11 20:51:09 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\FlashgetSetup
[2014/09/05 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Flashnote
[2012/08/05 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Forte
[2014/04/02 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\gnupg
[2014/03/01 17:06:44 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Green Parrots Software
[2014/03/06 01:42:51 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Hard Disk Sentinel
[2014/08/15 00:10:45 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\ImgBurn
[2014/08/16 14:05:03 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Insoft LLC
[2014/03/04 03:11:43 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\JAM Software
[2014/03/03 01:23:25 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Jumbo Timer
[2012/08/04 21:33:03 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Kensington
[2014/08/06 11:00:30 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Ketarin
[2012/08/04 23:30:32 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Leadertech
[2014/03/15 02:36:21 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Learnpulse
[2014/03/03 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Listary
[2014/03/10 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\ManyCam
[2014/03/08 18:10:10 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\MediaPlayerLite
[2014/08/14 01:56:42 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Mythicsoft
[2012/08/04 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\NeoSoftTools
[2014/08/17 03:25:21 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Notation
[2014/04/07 00:55:16 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Oberon Media
[2012/08/04 11:31:53 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\OBP8Backup
[2014/03/01 03:24:47 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\OBP9Backup
[2012/08/08 14:56:16 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\PhraseExpress
[2014/04/18 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\POP Peeper
[2014/06/07 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\PotPlayerMini64
[2014/05/24 04:34:03 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Presentation Assistant
[2014/08/17 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Process Hacker 2
[2014/03/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Relative Data
[2014/08/30 11:36:26 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\RoboForm
[2014/04/08 11:21:18 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\RSG
[2012/08/11 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Shareaza
[2014/06/15 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Sony
[2014/04/20 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\SQLiteManager
[2012/08/05 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Stardock
[2014/08/14 10:54:41 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\StorageCraft
[2014/04/13 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\TeamViewer
[2014/08/19 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\TEBookConverter
[2012/08/05 13:03:59 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\textBEAST3-Pro
[2014/05/17 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\UpdateInfo
[2014/09/04 20:57:30 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\uTorrent
[2012/08/07 01:58:38 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Veodin
[2014/06/05 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\WinPatrol
[2014/03/04 07:59:58 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Wise Auto Shutdown
[2014/05/17 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\Wise Plugin Manager
[2014/03/03 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\WordWeb
[2014/03/01 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\XRayz
[2014/06/13 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Lewlew\AppData\Roaming\YoWindow
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 19:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2009/07/13 19:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.BACKUP.EXE  >
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.backup.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/24 23:19:30 | 002,388,992 | ---- | M] (Microsoft Corporation) MD5=E030FE165210F87F517B0E4EDBFED30D -- C:\Windows\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-7A3328DA.PF  >
[2014/09/05 14:33:10 | 000,033,178 | ---- | M] () MD5=4545935013D09D7E3387ECDB3402CBEB -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf
 
< MD5 for: EXPLORER.ZIP  >
[2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2014/03/07 18:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2014/03/13 23:13:02 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2014/02/22 23:00:18 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=10EB5C0E376727E21198B14E2F1637F7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16540_none_1792a6b1b4db682c\iexplore.exe
[2014/02/23 02:21:57 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=18B08541BDD00000578E5DDB47C4DFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20964_none_ff9acc7237fde74f\iexplore.exe
[2014/06/20 13:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation) MD5=24868C9D422EDB5B249C0C81B01A0C19 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/06/20 13:14:31 | 000,810,160 | ---- | M] (Microsoft Corporation) MD5=24868C9D422EDB5B249C0C81B01A0C19 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_7b212759c2c57270\iexplore.exe
[2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=27019747D97AB5CEFB97677DBB5CF577 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17006_none_1a11a2ba7297e4ee\iexplore.exe
[2014/03/13 17:55:23 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2014/02/22 23:26:53 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=32FC0953B384A11B4AB422E56E2BDBCD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20651_none_181273dace003d3e\iexplore.exe
[2012/08/04 10:39:34 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2014/02/23 00:18:06 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=390914F89AFA344319B9CF59306FF9A9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16540_none_0d3dfc5f807aa631\iexplore.exe
[2014/03/01 15:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[2012/04/19 21:53:37 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=4866404D6657D6E50619CCAF56B17D27 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21198_none_1a3bf0cd8bfcb2df\iexplore.exe
[2014/06/01 23:03:18 | 000,810,200 | ---- | M] (Microsoft Corporation) MD5=4F2AA3E7BD7257E4937E071E3700819E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_7b2e0ea1c2bb6f8c\iexplore.exe
[2014/06/01 21:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_8582b8f3f71c3187\iexplore.exe
[2012/08/04 10:39:34 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2014/03/13 17:55:23 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe
[2014/02/23 00:43:36 | 000,763,632 | ---- | M] (Microsoft Corporation) MD5=698102FF40FC7A63DA1245BB8DE0FF53 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20651_none_0dbdc988999f7b43\iexplore.exe
[2009/04/19 21:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\32788R22FWJFW\iexplore.exe
[2014/03/01 15:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe
[2010/11/20 06:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2014/02/23 00:36:18 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=896C91412A334910709C38473DF79912 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20964_none_09ef76c46c5ea94a\iexplore.exe
[2014/02/23 02:38:10 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=A4916CEE3278F39F606CCA2CAC35CF31 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16844_none_167142661e5038fb\iexplore.exe
[2005/08/15 10:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\32788R22FWJFW\EN-US\iexplore.exe
[2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/03/13 23:13:03 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2014/06/20 12:39:54 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=CD900EFB4F8946A2BB1950D9F45915C2 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/06/20 12:39:54 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=CD900EFB4F8946A2BB1950D9F45915C2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_8575d1abf726346b\iexplore.exe
[2012/04/19 23:26:39 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=D889681C78E7BFE45587398AC42FC2D4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17006_none_0fbcf8683e3722f3\iexplore.exe
[2014/03/07 19:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () MD5=F042EE4C8D66248D9B86DCF52ABAE416 -- C:\32788R22FWJFW\License\iexplore.exe
[2012/04/19 23:13:05 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=F293ACB373FD8F090E08F183C06E07ED -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21198_none_0fe7467b579bf0e4\iexplore.exe
[2009/07/13 18:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2014/02/23 00:07:23 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=F71D97B6B631D565AF7C6E0BDF9D49F4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16844_none_20c5ecb852b0faf6\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2014/03/13 23:13:03 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2014/03/13 23:13:02 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2014/03/13 23:13:02 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2014/03/13 23:13:03 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2012/08/04 10:39:34 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/08/04 10:39:34 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2014/03/13 17:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2014/03/13 17:55:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/20 23:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.HTML  >
[2014/01/23 19:53:14 | 000,006,329 | ---- | M] () MD5=89DEC3D453DBE77544CC378866F543AF -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html
 
< MD5 for: SERVICES.JSM  >
[2011/01/31 10:51:38 | 000,005,970 | ---- | M] () MD5=0AA0A4C3AFBB008F7B349BCEF039D09D -- C:\Program Files (x86)\FireFox profilemanager Beta\xulrunner\modules\Services.jsm
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.MSC.LNK  >
[2014/08/26 12:54:19 | 000,000,833 | ---- | M] () MD5=00E68312DC61D53AB83CC1B9108AA3D7 -- C:\Users\Lewlew\Desktop\services.msc.lnk
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 19:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2009/07/13 19:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 04:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 02:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 02:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 19:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2010/01/30 20:12:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/05/27 20:38:08 | 000,000,630 | ---- | M] () -- C:\Add_Show_Hide_Hidden_Files_Option.reg
[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/08/04 09:05:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/09/05 14:25:15 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/05 14:25:15 | 2138,234,879 | -HS- | M] () -- C:\pagefile.sys
[2014/08/14 10:58:11 | 000,001,780 | ---- | M] () -- C:\parameters.reg
[2010/05/30 15:48:06 | 000,000,446 | ---- | M] () -- C:\Show_Hidden_Files_On_Off.vbs
[2014/09/05 00:08:54 | 000,006,498 | ---- | M] () -- C:\TDSSKiller.3.0.0.40_05.09.2014_00.08.23_log.txt
[2012/05/01 14:28:11 | 000,032,256 | ---- | M] () -- C:\TRACK1.BAK
[2014/08/14 15:48:29 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX
[2012/05/26 23:32:24 | 003,157,504 | ---- | M] () -- C:\Windows 7 Logon Branding changer.exe
 
< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2014/06/15 22:36:04 | 000,859,456 | ---- | M] (repkasoft) -- C:\Windows\yowindow.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is BCD2-D4D7
 Directory of C:\
07/13/2009  10:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  10:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  10:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  10:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  10:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  10:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  10:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  10:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  10:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  10:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  10:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  10:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lewlew
08/04/2012  08:23 AM    <JUNCTION>     Application Data [C:\Users\Lewlew\AppData\Roaming]
08/04/2012  08:23 AM    <JUNCTION>     Cookies [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Cookies]
08/04/2012  08:23 AM    <JUNCTION>     Local Settings [C:\Users\Lewlew\AppData\Local]
08/04/2012  08:23 AM    <JUNCTION>     My Documents [C:\Users\Lewlew\Documents]
08/04/2012  08:23 AM    <JUNCTION>     NetHood [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/04/2012  08:23 AM    <JUNCTION>     PrintHood [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/04/2012  08:23 AM    <JUNCTION>     Recent [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Recent]
08/04/2012  08:23 AM    <JUNCTION>     SendTo [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\SendTo]
08/04/2012  08:23 AM    <JUNCTION>     Start Menu [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu]
08/04/2012  08:23 AM    <JUNCTION>     Templates [C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lewlew\AppData\Local
08/04/2012  08:23 AM    <JUNCTION>     Application Data [C:\Users\Lewlew\AppData\Local]
08/04/2012  08:23 AM    <JUNCTION>     History [C:\Users\Lewlew\AppData\Local\Microsoft\Windows\History]
08/04/2012  08:23 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Lewlew\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lewlew\AppData\LocalLow\Siber Systems\RoboForm
08/30/2014  11:35 AM    <SYMLINKD>     UserData [C:\Users\Lewlew\Documents\My RoboForm Data\Default Profile]
               0 File(s)              0 bytes
 Directory of C:\Users\Lewlew\Documents
08/04/2012  08:23 AM    <JUNCTION>     My Music [C:\Users\Lewlew\Music]
08/04/2012  08:23 AM    <JUNCTION>     My Pictures [C:\Users\Lewlew\Pictures]
08/04/2012  08:23 AM    <JUNCTION>     My Videos [C:\Users\Lewlew\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  10:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              51 Dir(s)  521,120,731,136 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2014/03/13 19:42:13 | 000,000,345 | -HS- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2012/08/07 16:47:07 | 000,000,168 | ---- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\New E-Mail.url
[2014/08/14 18:38:23 | 000,004,214 | -H-- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\setup.ini
[2014/09/05 14:54:30 | 000,001,110 | -H-- | M] () -- C:\Users\Lewlew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\tlbdata.xml
 
< %USERPROFILE%\Desktop\*.exe >
[2014/09/04 23:40:48 | 005,576,440 | R--- | M] (Swearware) -- C:\Users\Lewlew\Desktop\ComboFix.exe
[2012/08/10 01:10:52 | 001,189,888 | ---- | M] (MEDANASBO) -- C:\Users\Lewlew\Desktop\Files Arranger.exe
[2014/09/05 14:40:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lewlew\Desktop\HiJackThis.exe
[2014/09/05 14:39:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lewlew\Desktop\OTL.exe
[2014/09/05 14:37:59 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\Lewlew\Desktop\SysInfo.exe
[2014/09/05 00:06:04 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lewlew\Desktop\tdsskiller.exe
[2014/06/30 04:16:15 | 005,708,376 | ---- | M] (ASBware, LLC                                                ) -- C:\Users\Lewlew\Desktop\textBEAST_ClinicalScribe_TRIAL_setup.exe
[2014/09/04 23:29:18 | 030,517,960 | ---- | M] (Microsoft Corporation) -- C:\Users\Lewlew\Desktop\Windows-KB890830-x64-V5.15.exe
[1 C:\Users\Lewlew\Desktop\*.tmp files -> C:\Users\Lewlew\Desktop\*.tmp -> ]
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 54 bytes -> C:\Users\Lewlew\ntuser.ini:l_encryption_d
@Alternate Data Stream - 354 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:A8971B32
@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:E2874B02
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:ED3F622D
@Alternate Data Stream - 16 bytes -> C:\Users\Lewlew\Downloads:Shareaza.GUID
@Alternate Data Stream - 124 bytes -> C:\Users\Lewlew\ntuser.ini:l_encryption_e

< End of report >
 

 

 


Lew/+Silat
Oregon

    Advertisements

Register to Remove


#2 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 05 September 2014 - 04:22 PM

OTL 2nd log

 

OTL Extras logfile created on: 9/5/2014 2:47:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lewlew\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 53.35% Memory free
11.98 Gb Paging File | 8.49 Gb Available in Paging File | 70.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 485.97 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 295.32 Gb Free Space | 31.70% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 292.66 Gb Free Space | 31.42% Space Free | Partition Type: NTFS
Drive J: | 14.89 Gb Total Space | 10.03 Gb Free Space | 67.32% Space Free | Partition Type: FAT32
 
Computer Name: BLACKHOLE | User Name: Lewlew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open] -- "C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe" /M "%1" (ZabKat)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open] -- "C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe" /M "%1" (ZabKat)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F7EB60-1F09-4534-92DD-D80B6EE1ABDA}" = rport=80 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{0C75C308-AD67-4830-A9C5-18AD0F082C4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14733CD0-C647-46AA-8B33-1B46F9D92825}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B9C258D-2015-40EA-BC02-72867F7E88DD}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe |
"{1E6BA145-E076-4750-A631-57C662A2D5C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{317BC3DD-EA17-4375-B328-86AA9FD9DC9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46C2A716-B6CC-4A8D-A8D9-136DFDFE1F34}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4ED0AE4B-82A7-413C-85C7-7F9BFC25B766}" = lport=445 | protocol=6 | dir=in | app=system |
"{520BAEF7-63EA-4B39-896D-00AB6B993FF5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{688E7AD9-AA33-4931-A4C7-6B48F1688E90}" = lport=10243 | protocol=6 | dir=in | app=system |
"{695F931E-522C-4306-BE31-BAB256C2EFC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F3DEA1C-0F96-4B27-A207-181A06F6CC4D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\windows firewall control\wfc.exe |
"{713C53D0-1A46-4477-BF2B-9277CAFC537F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\windows firewall control\wfc.exe |
"{7F6D07C7-2776-4566-8BE3-83216D93D06E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84BB5328-61FB-47ED-B23B-74444C5C2531}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86E26A69-DAC1-49B8-A012-D8241996D5A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E99AEEC-8DC6-4667-8E93-202FD61F73CD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FB2A631-CF47-4869-BBC9-3B9E8D5C335E}" = rport=138 | protocol=17 | dir=out | app=system |
"{93365363-A26F-433F-96D8-2F813BFF7704}" = lport=139 | protocol=6 | dir=in | app=system |
"{A0778407-BAB1-4162-AC87-27FE2A117D85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A82013C7-EF59-446F-BA3A-B99B6C58FD32}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB5562DA-C4DD-4AE2-8318-A1BCA0E775D2}" = rport=80 | protocol=6 | dir=out | app=c:\program files\windows firewall control\wfc.exe |
"{AFEB24D9-3301-43D6-B292-91A6E1791DDA}" = rport=139 | protocol=6 | dir=out | app=system |
"{B289A869-7E65-4A0D-8B0B-86EE64F6AB6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3DB45A9-3536-4934-8D12-4B4BDC7CB58E}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe |
"{B8322173-CFA0-4AED-AE2E-92278553F61F}" = lport=8298 | protocol=6 | dir=in | name=techsmith snagit |
"{BD9DE915-EB53-4DCD-AFAC-E87ED38143AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CD2403F4-64A8-4D79-AB45-8C458C93908F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3DD8E08-D489-4188-94A5-23EE60C22ED8}" = rport=445 | protocol=6 | dir=out | app=system |
"{DBEE3567-FB54-49AA-AD7A-2412E3CCDF14}" = rport=123 | protocol=17 | dir=out | svc=w32time | app=c:\windows\system32\svchost.exe |
"{DC43EA8E-1F6E-4DA1-8FB9-E5C0165472CE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra business 2012.sp4c\rpcagentsrv.exe |
"{DEB372C4-F4E7-4B4C-ADF7-6522A8EAF708}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DF6C0033-17F9-4E7C-8761-DAA204924557}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7ACEBC6-BDE3-4CD8-884F-E47D041799B5}" = rport=80 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{E8E4F1E2-295D-48AB-B82E-2E2FA8800E68}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra business 2012.sp4c\wnt500x64\rpcsandrasrv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B1EAC-2ED8-4A12-A08C-F5A79464A695}" = dir=out | app=c:\program files (x86)\siber systems\ai roboform\chrome\rf-chrome-nm-host.exe |
"{02BE5292-27EF-45A0-A607-67A53C7F44C9}" = dir=out | app=c:\program files (x86)\canon\ij network scanner selector ex\cnmnsst.exe |
"{039FCD8B-DDB8-448D-A870-444BFF738F2D}" = protocol=17 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardagent.exe |
"{044AD504-8EF8-41E5-9188-596734EA2814}" = dir=out | app=c:\program files (x86)\system explorer\systemexplorer.exe |
"{0742877B-2513-40AF-9AE5-77CD0BEDDFF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{082C0D0C-5066-47BA-B3C2-0EC226CFA57E}" = dir=out | app=c:\windows\system32\svchost.exe |
"{083743F7-5657-4D9A-83BC-A104A7078F93}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{085FD693-244E-46E1-A073-C0D934FC491F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{09CFB404-9FE4-45BA-AFEA-2BB4DBA577B8}" = dir=out | app=c:\program files\superantispyware\superantispyware.exe |
"{0AC08D35-A0AA-4869-9393-F4C517DA3430}" = dir=out | app=c:\program files (x86)\common files\microsoft shared\office12\offdiag.exe |
"{0BB22034-D4A0-44C7-9526-9785822F3626}" = dir=out | app=c:\program files (x86)\greentree applications\ytd video downloader\ytd.exe |
"{0BCBE68F-BB67-43EF-A7B5-EB8F0B4257EA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{0D25E7C7-C49A-4496-BED3-6CC5BEB61D6E}" = dir=out | app=c:\program files\java\jre7\bin\javaw.exe |
"{0D7E4190-AE43-4158-86E5-47D5EF9E5A8D}" = dir=out | app=c:\program files (x86)\google\update\googleupdate.exe |
"{0EDD3B57-57C2-4A48-9986-9826D7D49F97}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{0F4349AF-2A1B-48D5-B622-DCF5C5A45EFC}" = dir=out | app=c:\program files (x86)\pfrouterscreenshotgrabber\pfrouterscreenshotgrabber.exe |
"{0F619AA8-6F9A-44CD-BDD7-58664C1A7A83}" = dir=out | app=c:\program files\sandboxie\license.exe |
"{11C100E1-5A59-487F-826B-D6CFD136DFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardagent.exe |
"{11F12895-308B-40DF-B559-9C64881B4017}" = dir=out | app=c:\program files (x86)\pop peeper\poppeeper.exe |
"{15354619-1586-459D-ABBA-A32E082251C5}" = dir=out | app=c:\program files (x86)\firefox profilemanager beta\profilemanager.exe |
"{158E5FF2-081A-4D0B-B406-E93FCF2F67E4}" = dir=out | app=c:\program files (x86)\processhacker-2.33-bin\x64\processhacker.exe |
"{1945BECB-AC68-4B6C-AFBB-58DC7EE21046}" = dir=out | app=c:\program files (x86)\firefoxportable\app\firefox\firefox.exe |
"{1987AEC7-BB08-4B83-A7DB-83703BA9AB14}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{19FE0C72-6E05-4B46-8C21-4E23DF14AF3D}" = dir=out | app=c:\program files (x86)\firefoxportableaustralis29\app\firefox\firefox.exe |
"{1E41D323-AE92-4769-A55F-A277A84425DF}" = dir=out | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{20886135-84ED-49FC-A00C-30478B70B0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{20F3AE70-6CEC-4AC1-96DE-D03F14A06C14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{211FF2B5-3B5C-4689-A35F-1C245F468BA8}" = dir=out | app=c:\windows\system32\svchost.exe |
"{2185F881-2AEC-4FFB-8416-CE1ECC2968D9}" = dir=out | app=c:\hitech creations\aces high\aceshigh.exe |
"{21F0B1C7-BF1C-4035-8CEC-3DEA65476B24}" = dir=out | app=c:\program files (x86)\1st clock\1stclock.exe |
"{226050EC-6C6E-4BE0-836F-C83BCE4F014D}" = dir=out | app=c:\program files (x86)\estsoft\alupdate\alupdate.exe |
"{23621656-92C8-4648-AA4C-968380D8A213}" = dir=out | app=c:\program files (x86)\siber systems\ai roboform\robotaskbaricon.exe |
"{240C4B9D-3ADF-4180-BCB6-98BB5CC9DC8D}" = dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{2496AA4F-D8C8-4BEE-9780-D8173FF6C85C}" = dir=out | app=c:\program files (x86)\storagecraft\shadowprotect\shadowprotect.exe |
"{24D6A5BB-C4BA-43F9-B427-E8D817608E37}" = dir=out | app=c:\program files (x86)\estsoft\common\alstscollector.exe |
"{24F6338A-9BFE-4289-8F34-B48B2E7AF0E5}" = dir=out | app=c:\program files (x86)\wscc portable\wscc.exe |
"{25B3F35C-039B-4A0B-BC6B-0013DB92A572}" = dir=out | app=c:\program files (x86)\freemake\freemake video downloader\freemakevd.exe |
"{2652B16D-4A4F-4D43-8248-D4F9422623B4}" = dir=out | app=c:\program files (x86)\billp studios\winpatrol\winpatrol.exe |
"{269F5731-F8B4-4539-8BC5-85782FADD175}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2999809C-1207-4EE0-A1C7-5EB7DC49EAF1}" = dir=out | app=c:\program files (x86)\ccenhancer\ccenhancer-3.5.exe |
"{29D6B399-57E7-4F1F-8C73-43D3FD6A5446}" = dir=out | app=c:\windows\system32\svchost.exe |
"{2BB6EF96-BF0A-40B3-AEAC-D749EE32F987}" = dir=out | app=c:\program files (x86)\maxthonportable\bin\maxthon.exe |
"{2BF35CA6-5B56-459C-B557-B2AC0BAA3CB4}" = dir=out | app=c:\program files (x86)\manycam\manycam.exe |
"{2C01385C-1EFC-4F49-B9B4-A50114B916F7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2DD47D60-C29C-4A4E-B164-43608F61D344}" = dir=out | app=c:\program files (x86)\ad muncher\admunch.exe |
"{2F8F34F0-DB85-4AD0-8942-7733F86C0E19}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{309079D1-1536-4715-ACCD-56AB20B33177}" = dir=out | app=c:\users\lewlew\appdata\roaming\firetrust\mailwasher\updater.exe |
"{3414F3EE-8771-4EFE-8747-6E42A1F8B977}" = protocol=1 | dir=out | app=system |
"{35630B36-E486-4BB4-B3A3-1674C96AA886}" = dir=out | app=c:\users\lewlew\desktop\combofix.exe |
"{35A2C147-1360-4BAD-9298-DD03E9C18216}" = dir=out | app=c:\program files (x86)\wise\wise auto shutdown\wiseautoshutdown.exe |
"{376498BB-6F27-411B-ADD4-3274B66C19A0}" = dir=out | app=c:\program files\microsoft office 15\clientx64\officeclicktorun.exe |
"{3851C615-1B78-45B2-B9D2-AC0C2B2D76BE}" = dir=out | app=c:\program files (x86)\anydesk\anydesk.exe |
"{3A3E49CE-D329-4856-BAC8-FB2C409816EC}" = dir=out | app=c:\program files (x86)\maxthonportable\bin\mxcrashreport.exe |
"{3B226F6F-9A07-4222-9B72-A218062D6035}" = dir=out | app=c:\program files (x86)\billp studios\winpatrol\winpatrolex.exe |
"{3D0CFE97-45E3-4D35-B988-C805060E20B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E0B6889-F5CD-4399-A144-72A7E94B6D14}" = dir=out | app=c:\windows\system32\msiexec.exe |
"{407D9F63-2F4D-4D2D-8813-D9A97FB6052F}" = protocol=58 | dir=in | app=system |
"{41B019F7-D4EC-4D17-85E4-7EFFC480FBCC}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{41DE3DBE-E320-4AAA-BC5E-F63F189BA92C}" = dir=out | app=c:\program files (x86)\tentimer skwire empire\tentimer.exe |
"{44C1F1D9-7315-41DD-BF31-C9079888D22E}" = dir=out | app=c:\program files (x86)\yowindow\yowindow.exe |
"{453039A2-2E23-4692-A11F-4619AA3AFB67}" = dir=out | app=c:\program files (x86)\emsisoft anti-malware\a2service.exe |
"{459BA5EB-C108-4EE6-AF2D-90F83410E0A0}" = dir=out | app=c:\program files (x86)\nirlauncher\nirsoft\networkconnectlog.exe |
"{46182DD3-17BD-46C7-ADD8-3FF716E1560A}" = protocol=17 | dir=in | app=c:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe |
"{4E11CC2A-3357-4ED2-A5B1-4B4AA2F09E28}" = dir=out | app=c:\windows\system32\svchost.exe |
"{4FCC95F2-5676-4648-916D-0C8CD4C1A8A4}" = dir=out | app=c:\program files (x86)\s.p.d\abbyy finereader 11.0.110.121 professional edition final\fineexec.exe |
"{5057CD8C-927D-45AD-928F-5481A03A632B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51E43CA2-4336-4C19-9FB1-0AEC13B8C296}" = protocol=17 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardagent.exe |
"{5218F05D-5A15-47E8-A4A2-F62E81661B87}" = dir=out | app=c:\program files (x86)\microsoft office\office12\winword.exe |
"{52286020-59C6-4E65-B70B-08A19CE76111}" = dir=out | app=c:\program files (x86)\blasteroids win64\blasteroids.exe |
"{52B36716-93EC-441F-BFF9-1FA78AF31834}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{54DE96C0-2F6E-4FE6-B2BB-679E2BF5053F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{565D9EAF-FDAA-496C-A3A4-9FA058546124}" = dir=out | app=j:\gegeek toolkit\ketarin.exe |
"{56DDB0E7-3ACB-4CFB-9090-A1116E8E2E66}" = dir=out | app=c:\program files (x86)\agent\agent.exe |
"{580A7719-D602-4632-940A-DA435A5C787A}" = dir=out | app=c:\program files (x86)\abbyy screenshot reader\screenshotreader.exe |
"{588ADFEC-1A9D-4A99-9D50-0EFB0846E1AA}" = protocol=6 | dir=out | app=system |
"{59AE9F0E-9A8D-47CB-8944-B4FBBE79A0BC}" = dir=out | app=c:\program files (x86)\smplayer-portable-14.3.0-x64\smplayer.exe |
"{5A223710-BF83-4AD0-8B67-3662A57BDCE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A506976-C09E-4570-83D7-43B3BE6D708F}" = dir=out | app=c:\windows\syswow64\rundll32.exe |
"{5A51AC95-1405-43CA-9AF7-2173C920B15B}" = dir=out | app=c:\windows\microsoft.net\framework64\v4.0.30319\dfsvc.exe |
"{5B595440-B200-494D-8C03-B2640ED04024}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C4F1DB6-7034-480D-8C72-0A76640DB3C1}" = dir=out | app=c:\program files (x86)\ajsystems common\liveupd4.exe |
"{5C8429B2-6B33-4887-8650-98EB9037DD51}" = dir=out | app=c:\windows\system32\svchost.exe |
"{5E7014F8-FD0A-458F-AC7D-BEC7C36D1F5C}" = dir=out | app=c:\program files (x86)\adobe\reader 11.0\reader\acrord32.exe |
"{5E85FF87-3141-4383-AEA3-F0CE7CA432E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{638713E3-CCD7-4DCD-85F1-A5A2A50D9609}" = dir=out | app=c:\program files\streamwriter\streamwriter.exe |
"{64178139-A06E-43DC-96C9-6F5D67810DA5}" = dir=out | app=c:\program files\vs revo group\revo uninstaller pro\revouninpro.exe |
"{6514C912-5338-427B-974D-60D42FEBCECA}" = dir=out | app=c:\program files\listary\listary.exe |
"{65C01BE1-5E6E-488E-819F-1C5B3C8812B1}" = dir=out | app=c:\program files\sandboxie\sbiectrl.exe |
"{67FE7536-850C-4D6B-BCC9-8C5E2DDC57AD}" = protocol=6 | dir=in | app=c:\users\lewlew\appdata\roaming\utorrent\utorrent.exe |
"{690C399D-31B9-4A15-BFD8-7C9B2E2FC687}" = dir=out | app=c:\program files\logitech gaming software\lu_1\logitechupdate.exe |
"{6953B01C-1B14-41F2-9194-8729D3F18238}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{69A1DBB7-B726-4F11-B459-EF534CA4C494}" = dir=out | app=c:\program files (x86)\clipcache portable\clipc.exe |
"{6A21130A-E236-41B0-AA41-896C403EDFDD}" = dir=out | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{6B9E4CE1-0578-422F-B16B-E3E4A8EB514B}" = dir=out | app=c:\program files\sandboxie\sandboxiecrypto.exe |
"{6C8E018F-D9EF-41C5-8FD6-2B95F7A19853}" = dir=out | app=c:\program files (x86)\sharp world clock\sharp world clock.exe |
"{6D1739FA-F668-4D01-B497-38C2D28D9EEA}" = protocol=17 | dir=in | app=c:\users\lewlew\appdata\roaming\utorrent\utorrent.exe |
"{6E8BCB27-4F10-4F3D-859F-6AF54D029730}" = dir=out | app=c:\program files (x86)\chameleon window manager\manager_wnd.exe |
"{7279D694-1C2B-4CEE-8F7A-4D7362268EB2}" = dir=out | app=c:\program files (x86)\pfconfig\pfconfig.exe |
"{727ACC7E-1D9D-4831-9FDD-B6953C1FE3B0}" = dir=out | app=c:\program files (x86)\ajs open file manager\fileaccessmanager.exe |
"{7281C6A0-D0A5-40CA-8FF0-24A8A705E7F3}" = dir=out | app=c:\program files (x86)\winamp\winamp.exe |
"{73F38120-CDF5-4E37-83A6-04BD28B50E16}" = dir=out | app=c:\program files (x86)\skype\phone\skype.exe |
"{75E3190D-8DA5-4309-A276-6D441F5033FE}" = dir=out | app=c:\windows\system32\svchost.exe |
"{76346929-9182-4EA6-9D48-8B87318B4455}" = dir=out | app=c:\program files\calibre2\calibre.exe |
"{7851C675-8690-443B-8E5D-210496034DFD}" = dir=out | app=c:\program files (x86)\auction sentry 4\auctionsentry.exe |
"{799FC842-EB6F-4672-9DD6-E67A46950582}" = protocol=6 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardagent.exe |
"{7A77265E-2795-4576-BE37-14619E083AEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7ADC6365-B673-4687-847B-604130EFB9A7}" = dir=out | app=c:\program files (x86)\openvpn\bin\openvpn.exe |
"{7CBF4D8E-479B-43ED-8E28-00D462C15B9E}" = dir=out | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7E0F082F-5DED-476B-8A4F-6D3FB6D7F20E}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{7ED37E05-BA4A-4F99-8BB0-34265F167000}" = dir=out | app=c:\program files\zabkat\xplorer2_ult\xplorer2_64.exe |
"{7FD39772-69E9-4BE6-8B83-E31BA56A718D}" = dir=out | app=c:\program files (x86)\epcheck_beta\epcheck.exe |
"{80C59CF8-01C3-4FC8-AE8F-5EEC867C7DC1}" = dir=out | app=c:\program files (x86)\autohotkey\autohotkey.exe |
"{83D46569-7AC5-40A7-9F56-6A420C08172A}" = dir=out | app=c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe |
"{86626620-DFB4-4AA6-B8A8-F0DE700F43ED}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{8980E550-D2F2-4C33-A0B6-83615B8F65A0}" = dir=out | app=c:\program files (x86)\jdownloader v2.0\jdownloader2.exe |
"{8A6382B6-C998-4985-A31B-98DA5BA00D5A}" = dir=out | app=c:\windows\system32\slui.exe |
"{8ADFC660-7C17-4382-969C-284D87E4E63C}" = dir=out | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"{8BE8B9F0-4B7C-42C7-8EDC-4555AA98307A}" = protocol=6 | dir=in | app=c:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe |
"{8BEC01B4-14AD-47B7-A232-5B6203907E2F}" = dir=out | app=c:\users\lewlew\appdata\local\stardock\stardockcentral\stardock central.exe |
"{8C187B40-8CE2-4BA5-9ADC-938B209AD562}" = dir=out | app=c:\program files\reason\herdprotect\scanner_portable\herdprotectscan.exe |
"{8C1B93F0-A285-435D-ADF8-53580D915A56}" = dir=out | app=c:\windows\system32\svchost.exe |
"{8ECDDF45-61C9-4A89-A1E8-36454DF93682}" = dir=out | app=c:\program files\shareaza\shareaza.exe |
"{8F78CA84-97D7-4901-9B8F-D69734A8DC43}" = dir=out | app=c:\program files (x86)\popcap games\bejeweled 3\bejeweled3.exe |
"{9212FE3F-03E6-4A61-AE5C-51A7DD5F197C}" = dir=out | app=c:\program files\superantispyware\ssupdate64.exe |
"{92EAFECC-FFDB-4E99-8897-4B112040641F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93241604-ED1A-4EF4-872A-747DB91F81CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{956A4DB3-5CE0-463A-9B45-49970FD4A05A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95768FDA-C4C7-40CE-87EB-6034296B1D8B}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{95B0882A-4D9A-4FB1-AF5E-3E5910D3EA62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{95FCD74C-3226-4691-93E0-EBC46566A6C1}" = dir=out | app=c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe |
"{97EAB6D0-3EAC-452E-BB2F-1C68E8ABDBA1}" = protocol=1 | dir=out | app=system |
"{982522E8-52DD-459C-84C2-C4B027000DC0}" = dir=out | app=c:\program files (x86)\sweather\sweather.exe |
"{98912346-E4E5-4B2E-A681-FAD143253FC9}" = dir=out | app=c:\program files (x86)\stardock\fences\fences.exe |
"{9B5EEA7C-5AE9-4FD0-A79B-F117A73C345A}" = dir=out | app=c:\program files (x86)\conceptworld\notezilla\notezilla.exe |
"{9CA39E99-A027-4084-909D-407921FCE9C5}" = dir=out | app=c:\program files (x86)\chameleon startup manager 3\manager.exe |
"{9CDA38BA-D287-4494-9F98-59EDF73F9BF9}" = dir=out | app=c:\program files (x86)\vuesoft\vueminder\vueminder.exe |
"{9D21CF5C-F42D-4B57-870D-58761E5C535D}" = dir=out | app=c:\program files (x86)\filemenutools portable\app\filemenu tools\filemenutools64.exe |
"{9D98F1AD-9F0E-4214-8DC4-F7AB9D88E507}" = dir=out | app=c:\windows\system32\mrt.exe |
"{9EA1BE22-CAA2-4013-9B73-47216EB55B46}" = protocol=17 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardgui.exe |
"{9F770EDF-B3AE-47B7-9747-07ADF0FBFA6E}" = dir=out | app=c:\users\lewlew\appdata\roaming\utorrent\utorrent.exe |
"{9FD09D66-3DCA-40DE-A4EF-44ACD4520B5E}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"{A1802254-A0B4-46AF-AA38-07C20E86CAD2}" = dir=out | app=c:\program files (x86)\stardock\fences\fences.exe |
"{A2FBC388-9A3B-40FF-A174-447B93AC2E07}" = dir=out | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{A3C9B831-6B9F-4B32-B569-5391796FE6A0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{A4AEBB14-7012-46CB-B39C-B81A6EE61350}" = dir=out | app=c:\program files\ccleaner\#trimmer\ccleaner64.exe |
"{A512300F-96E6-4A88-82D7-7AF7EC2B96AD}" = dir=out | app=c:\windows\syswow64\msiexec.exe |
"{A524C176-4D02-44E3-9F79-257B8BF77B21}" = dir=out | app=c:\program files\sandboxie\sandboxiebits.exe |
"{A71158FF-BB0E-4DE2-9DED-198A1BBD54C3}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A797C4D5-090A-452B-921C-B66662C65C53}" = protocol=6 | dir=out | svc=wuauserv | app=c:\windows\system32\svchost.exe |
"{A827F22F-80EC-4B7B-AB54-AE228FA638EE}" = dir=out | app=c:\program files (x86)\flashnote\flashnote-portable.exe |
"{A83BC3B1-B7E2-424D-B88A-8E1EB4034135}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A843274A-6CFA-41BD-8FFE-F2133AC0BC32}" = dir=out | app=c:\program files (x86)\blue ridge networks\appguard\appguardgui.exe |
"{A86EA7D3-C00F-42A4-BEA7-D4BFBE944F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{AA0FBD97-441E-42A2-88EC-206E31E43FFE}" = dir=out | app=c:\users\lewlew\desktop\breevyportable\app\breevy\breevy.exe |
"{AB066151-695E-47FB-9A43-0B4FC24A8CD6}" = dir=out | app=c:\windows\system32\svchost.exe |
"{AB84720C-7E8E-4504-BFC5-8EFF0C14B9CB}" = dir=out | app=c:\windows\syswow64\macromed\flash\flashplayerplugin_14_0_0_179.exe |
"{AC86CA03-F875-4FFE-B48A-C1624B817A95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACC9C38F-F949-4948-9F1A-86CE7EF74E6C}" = dir=out | app=c:\program files\truelaunchbar\tlbupd.exe |
"{ACDFE4E7-5BA6-4DF9-ABBD-B50BB47F9974}" = dir=out | app=c:\program files (x86)\winamp backup tool\winamp backup tool.exe |
"{ADA9B8F7-E1A7-4956-BED4-4AAA841E026F}" = dir=out | app=c:\program files (x86)\wordweb\wweb32.exe |
"{AE8CAA8B-D583-4FE2-AE30-47AA8B7F8790}" = dir=out | app=c:\program files (x86)\mediaplayerlite\mpl.exe |
"{AF6D3A08-2950-4726-94B8-21A2723A3733}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0174BBE-02C6-4F6D-B11C-D0400D2D0E33}" = dir=out | app=c:\program files (x86)\javara\javara.exe |
"{B1A938B0-C414-4ECD-B2A3-9BB5E04695C9}" = dir=out | app=c:\program files (x86)\gretech\gomplayer\grlauncher.exe |
"{B432423B-8543-4FCD-85D0-68F91010CDBA}" = dir=out | app=c:\program files\microsoft office 15\root\office15\onenote.exe |
"{B54979C6-0F8A-4C19-92B4-21BE99790923}" = dir=out | app=c:\program files (x86)\blue ridge networks\appguard\licqueryapp.exe |
"{B55F9102-F713-406C-8F48-B676FF6D41F1}" = dir=out | app=c:\program files (x86)\gretech\gomplayer\gom.exe |
"{B7A241D6-2B49-4CEA-8ED8-82827357EAC5}" = dir=out | app=c:\program files (x86)\emsisoft anti-malware\a2guard.exe |
"{B7D79F09-329F-468C-81F2-1199476F7572}" = dir=out | app=c:\program files\reason\herdprotect\scanner_portable\herdprotectscancmd.exe |
"{B9ED6543-C730-4C44-9BA3-AE9E30CAEED1}" = dir=out | app=c:\program files (x86)\no-ip\duc40.exe |
"{BA86E86A-A99E-47D2-B3B2-17F3B8621A26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB783572-A826-43A0-B5DC-18CBD110FE41}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{BBA4C3EC-E91E-48EA-9D65-E65A9CA997CA}" = dir=out | app=c:\program files (x86)\everything-1.3.3.658b.x64 portable\everything.exe |
"{BBB30B7F-534C-4140-8E8D-834EC4A8A6C9}" = dir=out | app=c:\program files\clipcache\clipc.exe |
"{BC0881F0-FF3C-4965-9A52-0CDDA2FDC254}" = protocol=6 | dir=in | app=c:\program files (x86)\anydesk\anydesk.exe |
"{BC53D50B-A3C9-47FA-A95F-93E9635830E2}" = dir=out | app=c:\windows\system32\svchost.exe |
"{BC864931-165D-49FA-9703-6B6E5E585EA3}" = dir=out | app=c:\program files (x86)\hfs\hfs.exe |
"{BE26944C-7A22-431F-943A-F1E282A26638}" = dir=out | app=c:\program files (x86)\techsmith\snagit 11\snagit32.exe |
"{C1CA1E74-9266-4124-9D26-192D0A2D92CC}" = dir=out | app=c:\users\lewlew\desktop\tdsskiller.exe |
"{C34AAAE0-626A-40CC-BA98-DF1753188D0A}" = dir=out | app=c:\program files\sisoftware\sisoftware sandra business 2012.sp4c\sandra.exe |
"{C39CA5A4-F5ED-4F38-B9BE-33BE9A46B8DF}" = dir=out | app=c:\windows\system32\svchost.exe |
"{C46513B6-38DC-4C3C-86E3-9F2920ABC47C}" = dir=out | app=c:\windows\explorer.exe |
"{C5F665C3-EE48-4F86-93E7-89B4DABC1CD0}" = dir=out | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{C6D013B8-4F49-4A29-AA28-15E96938EFDD}" = dir=out | app=c:\windows\system32\svchost.exe |
"{C7A673D8-46B4-4D12-BCBB-233409073E98}" = dir=out | app=c:\program files (x86)\chameleon task manager 3\manager_task.exe |
"{C7D32964-501F-49B9-8F41-CC887C75E051}" = dir=out | app=c:\hitech creations\aces high\aceshigh.exe |
"{C8557C3F-D345-44B1-8D0C-2C0AF998C966}" = dir=out | app=c:\tor browser\tor\tor.exe |
"{C89FA1E7-9B01-442D-9B2F-17CB435E1441}" = dir=out | app=c:\program files\internet explorer\iexplore.exe |
"{CC194CAE-3C8F-47E9-AD90-E61C5D2E871B}" = dir=out | app=c:\windows\system32\spoolsv.exe |
"{CD4EF8B8-B887-487A-8692-9A572E5D6E67}" = dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{CD975A4F-3C4F-4B23-8AF4-DCE5A3074C4B}" = dir=out | app=c:\program files (x86)\blue ridge networks\appguard\appguardagent.exe |
"{CE013866-F4BA-4557-9CDA-F2E7944217E4}" = dir=out | app=c:\program files (x86)\common files\techsmith shared\updater\tscupdclt.exe |
"{D1B1E92A-3F03-4D5A-A47E-C699895EB617}" = dir=out | app=c:\program files (x86)\adguard\adguard.exe |
"{D26C0C02-C0B0-40FE-9075-FD0E68510692}" = dir=out | app=c:\program files (x86)\malwarebytes anti-malware\mbam.exe |
"{D509C4E4-3D8F-4C37-AA02-EE6DFC67FFA5}" = dir=out | app=j:\gegeek toolkit\ketarin.exe |
"{D6AD86F1-F015-47B9-AA69-FC187EC4FD3E}" = dir=out | app=c:\program files (x86)\storagecraft\shadowprotect\shadowprotect.exe |
"{D78A172F-5CFE-49D5-AD82-511C197F81A7}" = dir=out | app=c:\program files (x86)\burnaware professional\burnaware.exe |
"{D94D86A2-A1BB-4558-83E4-E127DBC86D76}" = dir=out | app=c:\onecommanderlatest64bit\onecommander.exe |
"{DA3A2A5F-2531-44B7-A5B6-0F4CCFCB6693}" = dir=out | app=c:\program files (x86)\linkman\linkman.exe |
"{DA635962-0BA0-4DC0-B2AC-BD86E28671CB}" = dir=in | app=c:\program files (x86)\adguard\adguardsvc.exe |
"{DBCCFA46-0A76-4088-A989-F15B283784C0}" = dir=out | app=c:\program files\vs revo group\revo uninstaller pro\revoappbar.exe |
"{E04576C0-FF29-4262-A4CB-EC40FEB25886}" = dir=out | app=c:\program files (x86)\textbeast3pro\textbeastpro.exe |
"{E3D35ED3-DBBF-423E-A6AE-40B559F55A52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4562CED-C283-4FC1-8261-041117168F99}" = dir=out | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{E6662C60-B333-41EC-B0AB-C2EAB45CD5EA}" = dir=in | app=c:\program files (x86)\vuesoft\vueminder\vueminder.exe |
"{E6E071CD-7EAC-4589-A03B-39AE896A0653}" = dir=out | app=c:\program files (x86)\breevy332 portable\app\breevy\breevy.exe |
"{E6E95161-DB3D-4910-97DD-AB71000BAC39}" = dir=out | app=c:\program files (x86)\agent\agent.exe |
"{E6F3625D-6026-4B76-8E5F-A27DD28514EF}" = protocol=6 | dir=in | app=c:\program files (x86)\blue ridge networks\appguard\appguardgui.exe |
"{E8A1DDCF-ECB2-4580-8310-BAE64F9F62FA}" = dir=out | app=c:\program files (x86)\freemake\freemake video converter\freemakevc.exe |
"{E8DC0EBB-BF6C-433E-BF44-43F26CEDC8EF}" = protocol=1 | dir=out | app=system |
"{EA5516ED-A145-4E1C-8AE5-734C3B1BCCBD}" = dir=out | app=c:\program files (x86)\siber systems\ai roboform\identities.exe |
"{EAAF259C-2B68-4D18-94B2-8D4DD70EACB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB605B47-BD6A-4F65-B51D-552A78B71FFF}" = dir=out | app=c:\program files (x86)\firetrust\mailwasher\mailwasherpro.exe |
"{ED83881D-4D04-4B3B-8798-B5E72675541B}" = dir=out | app=c:\program files (x86)\adguard\adguardsvc.exe |
"{EDE443F3-F6A4-4006-AC0B-348DA29DB5F1}" = dir=out | app=c:\program files (x86)\flashnote\flashnote.exe |
"{F42DC3FF-AF13-4CB3-9C57-A82C17194EC7}" = dir=in | app=c:\users\lewlew\appdata\local\microsoft\skydrive\skydrive.exe |
"{F49C4FE7-A588-46B5-BE37-21DBE33379A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F644B236-9A3E-4059-80D5-F5F0B94FFEEA}" = dir=out | app=c:\program files (x86)\maxthonportable\bin\maxthon.exe |
"{F8A60107-AD62-4EB7-A73B-381D3D74B05E}" = dir=out | app=c:\program files\daum\potplayer\potplayermini64.exe |
"{F8AE6C09-230B-4D3B-9387-3381788533B4}" = dir=out | app=c:\hitech creations\aces high\aceshigh.exe |
"{FA34C9B8-48CD-4A00-AC72-16ABA8222413}" = dir=out | app=c:\program files (x86)\stardock\fences\sddisplay.exe |
"{FA5B5BDB-8E38-49FB-9155-24A0AE93BC72}" = dir=out | app=c:\users\lewlew\desktop\phraseexpress portable\mbar\mbar.exe |
"{FA5C86C7-D7A6-4524-8D9F-AF8364725B9B}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FB8454C7-84DB-47B0-907E-F35069A4CCD3}" = dir=out | app=c:\users\lewlew\appdata\roaming\utorrent\utorrent.exe |
"{FBFE213F-2127-4653-A5D2-E7B4D0ADECFF}" = dir=out | app=c:\program files (x86)\textbeast3pro\textbeastpro.exe |
"{FC0B6227-609D-4034-A808-54A81AC27021}" = dir=out | app=c:\program files (x86)\pfconfig\pfconfiglauncher.exe |
"TCP Query User{CC4502C2-134B-4AF0-B3F6-522DE2CFC05B}C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe |
"TCP Query User{D9654596-3F9E-4D62-88B4-0EBD2415FFD5}C:\program files (x86)\hfs\hfs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hfs\hfs.exe |
"TCP Query User{E0CC755B-E3F4-40C5-BFE8-AE4C8B4AF1D5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{F2B1EF8A-DDA7-4CB3-AE6A-6B24C4B7931E}C:\program files (x86)\nirlauncher\nirsoft\networkconnectlog.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nirlauncher\nirsoft\networkconnectlog.exe |
"UDP Query User{0281E8DE-520D-442A-BB82-5B83CB48F9E0}C:\program files (x86)\nirlauncher\nirsoft\networkconnectlog.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nirlauncher\nirsoft\networkconnectlog.exe |
"UDP Query User{5A5C053E-2F88-4158-8580-B7774A39E805}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5A889399-DEA3-4135-978B-E21A624793F6}C:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\storagecraft\imagemanager\imagemanager.client.exe |
"UDP Query User{8EB2E8D4-A241-4C74-A45C-D30C97D64727}C:\program files (x86)\hfs\hfs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hfs\hfs.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{4005B365-636F-4FAB-88CD-9A6BDA9BD7AA}" = StorageCraft ImageManager
"{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}" = calibre 64bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Business 2012.SP4c
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7DDA334-FF1D-4A04-B056-22AB301026C8}" = Agent Ransack x64
"{DE19E597-E2E9-4F3B-B70B-3E7B7D4CD60A}_is1" = Notation
"{FC712CA0-A945-11d4-A594-956F6349FC18}" = True Launch Bar
"AJS Open File Manager" = AJS Open File Manager
"ClipCache_is1" = ClipCache Pro 3.5.3
"C-Media Oxygen HD Audio Driver" = ASUS Xonar D1 Audio Driver
"Everything" = Everything 1.3.4.686 (x64)
"jdownloader2" = JDownloader 2
"Listary_is1" = Listary version 4.20
"Logitech Gaming Software" = Logitech Gaming Software 8.51
"OneNoteFreeRetail - en-us" = Microsoft OneNote 2013 - en-us
"Photo Date Changer_is1" = PhotoDateChanger 1.03
"PotPlayer64" = Daum PotPlayer 1.6.47995 x64 Edition
"Registry Workshop" = Registry Workshop
"Sandboxie" = Sandboxie 4.13.1 (64-bit)
"Shareaza_is1" = Shareaza 2.6.0.0
"Unlocker" = Unlocker 1.9.2
"Windows Firewall Control" = Windows Firewall Control
"xplorer2p64_u" = xplorer² Ultimate 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1584E26E-3E21-40C3-80D7-7C64F4844CCF}" = PowerArchiver 2013
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.8.4
"{1FB78CB6-F4EA-474F-8B0B-100EFACF3558}" = Snagit 11
"{252e1599-df2c-407f-8cf9-29119e5d7d21}" = StorageCraft ImageManager
"{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1" = Aiseesoft Total Video Converter Platinum 7.1.28
"{3da5479b-f99f-42ad-bbe0-aea1530ab9ac}" = Adguard
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 5.9.3
"{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}" = Sawbuck
"{4622F96A-780B-48B8-8304-1CD8A40043E8}" = MailWasherPro
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}" = TrackballWorks
"{54ADC836-5F99-43DD-9B7D-C7B90DE883CC}" = InstantRecovery
"{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1" = Emsisoft Anti-Malware
"{685F6AB3-7C61-42D1-AE5B-3864E48D1035}" = Adguard
"{730AF0A6-E338-4B79-B926-95B8B41256A5}" = Auction Sentry
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96C45BE0-C1AA-41B3-B161-F331DBC29B84-startup}}_is1" = Chameleon Startup Manager version 4.0.0.872
"{96C45BE0-C1AA-41B3-B161-F331DBC29B84-task}}_is1" = Chameleon Task Manager version 4.0.0.744
"{96C45BE0-C1AA-41B3-B161-F331DBC29B84-window}}_is1" = Chameleon Window Manager version 2.2.0.402
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B18537F1-B130-4C4B-A606-01128D45907E}" = Blue Ridge Networks AppGuard
"{BFF81F05-5E78-492C-8C80-3D474ED0031A}" = VueMinder Ultimate
"{C8187D08-DC8E-4382-9AEB-00F311C119F9}" = GTText
"{D29BA5EE-70F9-475E-9B32-A1091716E271}" = Personal Renamer
"{D4DB8BAA-EB6B-443D-AD5F-BE80D90ED6F4}_is1" = TEBookConverter version 1.5
"{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}" = Forté Agent
"{ECE17478-56C5-4280-AB67-AC2C2CAFA30F}_is1" = ChrisPC DNS Switch 1.20
"{F9000000-0015-0000-0000-074957833700}" = ABBYY Screenshot Reader
"1st Clock_is1" = 1st Clock Pro 5.0 (Full)
"ABBYY FineReader 11.0.110.121 Professional Edition Final (Activated) Full" = ABBYY FineReader 11.0.110.121 Professional Edition Final (Activated) Full
"Aces High" = Aces High (remove only)
"ac'tivAid" = ac'tivAid
"Ad Muncher" = Ad Muncher v4.93.33707
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AI RoboForm" = RoboForm 7-9-9-1 (All Users)
"AJC Active Backup_is1" = AJC Active Backup v2.1.0.4
"AJC Revision Archive_is1" = AJC Revision Archive v2.0.8.12
"Alcohol 120%" = Alcohol 120%
"ALShow_is1" = ALShow 2.01
"ALUpdate_is1" = ALTools Update
"AnyDesk" = AnyDesk
"AudibleManager" = AudibleManager
"AutoHotkey" = AutoHotkey 1.0.47.06
"Bejeweled 3" = Bejeweled 3
"BurnAware Professional_is1" = BurnAware Professional 6.9.4
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CloseAll" = CloseAll
"Dupli Find_is1" = Dupli Find 6.16
"DVDFab 9_is1" = DVDFab 9.1.5.9 (24/07/2014)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 7.9
"Flashnote" = Flashnote 4.5
"Freemake Video Converter_is1" = Freemake Video Converter version 4.1.4
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Jumbo Timer_is1" = Jumbo Timer 2.3
"Karen's Directory Printer" = Karen's Directory Printer
"Linkman" = Linkman Pro
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"ManyCam" = ManyCam 4.0.63
"MediaPlayerLite" = MediaPlayerLite 0.5.1.0
"MoffCalc2_is1" = Moffsoft Calculator 2
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"NoIPDUC" = No-IP DUC
"NoteZilla_is1" = NoteZilla 7.0
"OBP8_is1" = OutBack Plus 8.0
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.4
"PatchBeam" = PatchBeam
"PFConfig" = PFConfig 1.0.296
"PFConfig Support Tool" = PFConfig Support Tool 1.0.26
"PFRouterScreenshotGrabber" = PFRouterScreenshotGrabber 1.0.100
"PhraseExpress_is1" = PhraseExpress v8.0.154
"POP Peeper" = POP Peeper
"PowerArchiver 2013 14.02.05" = PowerArchiver 2013
"PySort0.5b" = PySort
"RealAlt_is1" = Real Alternative 2.0.2
"ShadowProtect" = StorageCraft ShadowProtect
"Sharp World Clock_is1" = Sharp World Clock 6.32
"Stardock Fences 2" = Stardock Fences 2
"SyncBackSE_is1" = SyncBackSE
"TeamViewer 9" = TeamViewer 9
"textBEAST Pro Clipboard Manager_is1" = textBEAST Pro Clipboard Manager 3.6
"TreeSize Professional_is1" = TreeSize Professional V5.5.5
"TweakUAC_is1" = TweakUAC
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 2.1.3
"Winamp" = Winamp
"Winamp Backup Tool" = Winamp Backup Tool
"WinCDEmu" = WinCDEmu
"WinPcapInst" = WinPcap 4.1.2
"Wise Auto Shutdown_is1" = Wise Auto Shutdown 1.41
"Wise Plugin Manager_is1" = Wise Plugin Manager 1.01
"WordWeb" = WordWeb Pro
"yowindow" = YoWindow
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"Screenpresso" = Screenpresso
"Stardock Central" = Stardock Central
"Time Zone Master" = Time Zone Master - Relative Data, Inc.
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = ESENT | ID = 455
Description = Windows (1344) Windows: Error -1811 occurred while opening logfile
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00077.log.
 
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 9000
Description =
 
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 7040
Description =
 
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 7042
Description =
 
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 9002
Description =
 
Error - 7/24/2014 10:04:02 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 3029
Description =
 
Error - 7/24/2014 10:04:03 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 3029
Description =
 
Error - 7/24/2014 10:04:03 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 3028
Description =
 
Error - 7/24/2014 10:04:03 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 3058
Description =
 
Error - 7/24/2014 10:04:03 AM | Computer Name = Blackhole | Source = Windows Search Service | ID = 7010
Description =
 
[ System Events ]
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.
 
Error - 9/5/2014 5:29:15 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 9/5/2014 5:29:16 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.
 
Error - 9/5/2014 5:29:16 PM | Computer Name = Blackhole | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
[ WFC Events ]
Error - 3/31/2014 2:07:47 AM | Computer Name = Blackhole | Source = WFC | ID = 105
Description = Modifing the rule:  "hfs" failed. Reason:  System.ArgumentException:
 Value does not fall within the expected range.     at NetFwTypeLib.INetFwRule.set_ApplicationName(String
 imageFileName)     at WindowsFirewallControl.Proxy.ProxyServer.ModifyRule(RuleData
 ruleData)
 
Error - 3/31/2014 2:55:48 AM | Computer Name = Blackhole | Source = WFC | ID = 105
Description = Modifing the rule:  "hfs" failed. Reason:  System.ArgumentException:
 Value does not fall within the expected range.     at NetFwTypeLib.INetFwRule.set_LocalPorts(String
 portNumbers)     at WindowsFirewallControl.Proxy.ProxyServer.ModifyRule(RuleData
ruleData)
 
Error - 3/31/2014 2:59:01 AM | Computer Name = Blackhole | Source = WFC | ID = 105
Description = Modifing the rule:  "hfs" failed. Reason:  System.ArgumentException:
 Value does not fall within the expected range.     at NetFwTypeLib.INetFwRule.set_RemotePorts(String
 portNumbers)     at WindowsFirewallControl.Proxy.ProxyServer.ModifyRule(RuleData
ruleData)
 
Error - 4/14/2014 7:30:20 AM | Computer Name = Blackhole | Source = WFC | ID = 202
Description = The communication channel with the service was unexpectedly closed.
 Can't create a new rule. The server was unable to process the request due to an
internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults
 (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration
behavior) on the server in order to send the exception information back to the client,
 or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect
 the server trace logs.
 
Error - 5/8/2014 5:58:54 PM | Computer Name = Blackhole | Source = WFC | ID = 201
Description = Can't unsubscribe from Windows Firewall Control Service. The service
 is not running or is not installed. This operation would deadlock because the reply
 cannot be received until the current Message completes processing. If you want
to allow out-of-order message processing, specify ConcurrencyMode of Reentrant or
 Multiple on CallbackBehaviorAttribute.
 
Error - 5/26/2014 2:35:26 AM | Computer Name = Blackhole | Source = WFC | ID = 202
Description = The communication channel with the service was unexpectedly closed.
 Can't create a new rule. This request operation sent to net.pipe://localhost/binisoft/1bbc4e9a705d5008dcf1681af47162f6
 did not receive a reply within the configured timeout (00:00:59.9839991).  The
time allotted to this operation may have been a portion of a longer timeout.  This
 may be because the service is still processing the operation or because the service
 was unable to send a reply message.  Please consider increasing the operation timeout
 (by casting the channel/proxy to IContextChannel and setting the OperationTimeout
 property) and ensure that the service is able to connect to the client.
 
Error - 5/31/2014 5:44:36 PM | Computer Name = Blackhole | Source = WFC | ID = 201
Description = Can't unsubscribe from Windows Firewall Control Service. The service
 is not running or is not installed. This operation would deadlock because the reply
 cannot be received until the current Message completes processing. If you want
to allow out-of-order message processing, specify ConcurrencyMode of Reentrant or
 Multiple on CallbackBehaviorAttribute.
 
 
< End of report >
 


Lew/+Silat
Oregon

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 09 September 2014 - 09:23 AM

Hi silat,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • No obvious bot that I'm seeing in that log.

    You ran ComboFix. What did it find?

    Please get me a different log:

    Scan with FRST in normal mode

    Please download Farbar's Recovery Scan Tool to your desktop:

    FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)
    (To use correct version for your system.....Which system am I using?)
    • Run FRST

    • FRSTicon.jpg
    • Don´t change the checkboxes just click on Scan.
    • Logfiles are created on your desktop.
    • Post the FRST.txt
    • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#4 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 12:08 PM

I do not  believe Comcast when they say I have a bot. But I thought I would be sure by asking you to verify. Do you want me to run ComboFix again?

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Lewlew (administrator) on BLACKHOLE on 09-09-2014 10:47:30
Running from C:\Users\Lewlew\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
() C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\Everything\Everything.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(NeoSoft Tools) C:\Program Files (x86)\Common Files\Chameleon Manager\monitor.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(NeoSoft Tools) C:\Program Files (x86)\Common Files\Chameleon Manager\proc64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\FlashNote\Flashnote.exe
(AJC Software) C:\Program Files (x86)\AJC Software\AJC Active Backup\AJCActiveBackup.exe
(Bopsoft) C:\Program Files\Listary\Listary.exe
(ASBware, LLC) C:\Program Files (x86)\textBEAST3pro\textBEASTpro.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClock.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\MountNotify.exe
() C:\Program Files\Listary\ListaryService.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\ClockApi64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files\Listary\ListaryHelper64.exe
() C:\Program Files (x86)\ac'tivAid\AutoHotkey\AutoHotkey.exe
(XRayz Software) C:\Program Files\ClipCache\clipc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Blue Ridge Networks) C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(VueSoft) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
(Johannes Wallroth) C:\Program Files (x86)\Sharp World Clock\Sharp World Clock.exe
(Conceptworld Corporation) C:\Program Files (x86)\Conceptworld\NoteZilla\NoteZilla.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\MSTORDB.EXE
(WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(John Williams / XRayz Software) C:\Program Files (x86)\LinkStash\lnkstash.exe
(ZabKat) C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM-x32\...\Run: [textBEASTpro] => C:\Program Files (x86)\textBEAST3pro\textBEASTpro.exe [2372656 2012-01-19] (ASBware, LLC)
HKLM-x32\...\Run: [StorageCraft Mount Notifier] => C:\Program Files (x86)\StorageCraft\ShadowProtect\MountNotify.exe [17128 2014-08-14] (StorageCraft Technology Corporation)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM-x32\...\Run: [AppGuardGUI] => C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [2988256 2014-08-11] (Blue Ridge Networks)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [Chameleon System Monitor] => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [8027816 2014-08-12] (NeoSoft Tools)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3385192 2014-08-21] (Mister Group)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-06-19] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [Flashnote] => c:\program files (x86)\flashnote\flashnote.exe [4779008 2013-11-24] ()
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\Run: [AJC Active Backup 2] => C:\Program Files (x86)\AJC Software\AJC Active Backup\AJCActiveBackup.exe [3410128 2014-07-07] (AJC Software)
HKU\S-1-5-21-268722735-3582909054-3627616657-1000\...\MountPoints2: {088acb4b-de46-11e1-9eaf-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.ultimatebootcd.com/
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Listary.lnk
ShortcutTarget: Listary.lnk -> C:\Program Files\Listary\Listary.exe (Bopsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE - Shortcut.lnk
ShortcutTarget: OUTLOOK.EXE - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk
ShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk
ShortcutTarget: ac'tivAid.lnk -> C:\Program Files (x86)\ac'tivAid\Portable_ac'tivAid.exe ()
Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk
ShortcutTarget: ClipCache Pro.lnk -> C:\Program Files\ClipCache\clipc.exe (XRayz Software)
Startup: C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDE39C88F6C72CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {9989A0E8-1378-431D-BE0A-87946CFC6EC9} URL = http://duckduckgo.com/?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files (x86)\Linkman\LinkmanCom.dll (Outertech)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lewlew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Fastest Search - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\fastestsearch@mingyi.org [2014-08-29]
FF Extension: Form History Control - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\formhistory@yahoo.com [2014-08-20]
FF Extension: Xmarks - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\foxmarks@kei.com [2014-08-08]
FF Extension: Pocket - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\isreaditlater@ideashower.com [2014-08-09]
FF Extension: Sidebar Bookmarks Search Plus - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\sidebarBookmarksSearch@alice [2014-08-09]
FF Extension: Tab Groups Helper - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\tabgroupshelper@kevinallasso.org [2014-08-15]
FF Extension: FEBE - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-08-16]
FF Extension: Nightly Tester Tools - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2014-08-21]
FF Extension: Converter - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6} [2014-08-10]
FF Extension: DownloadHelper - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: TextMarker Go - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7} [2014-09-02]
FF Extension: Page Zoom Button - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2014-08-09]
FF Extension: Addons Manager Hilite - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\addonsmgrhilte@cfl.xpi [2014-08-10]
FF Extension: checkCompatibility - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\check-compatibility@dactyl.googlecode.com.xpi [2014-08-08]
FF Extension: Classic Theme Restorer - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-08-08]
FF Extension: Clear Console - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\clearConsole@penzil.com.xpi [2014-08-12]
FF Extension: Close All Tabs (Reloaded) - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\closealltabs@michael.grafl.xpi [2014-09-02]
FF Extension: Copy Urls Expert - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-08-09]
FF Extension: Copy Link URL - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\copylinkurl@bluelightdev.com.xpi [2014-08-09]
FF Extension: Copy Plain Text 2 - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\copyplaintext@teo.pl.xpi [2014-09-02]
FF Extension: Drag Ur Link - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\DragUrLink@mozilla.org.xpi [2014-08-09]
FF Extension: EdgeWise - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\edgewise@software.donnapaul.net.xpi [2014-09-08]
FF Extension: Extension List Dumper - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-08-09]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\fbp@fbpurity.com.xpi [2014-08-28]
FF Extension: FindBar Tweak - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\fbt@quicksaver.xpi [2014-08-10]
FF Extension: Tube Enhancer Plus - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-08-09]
FF Extension: Go Parent Folder - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\goParentFolder@alice.xpi [2014-08-09]
FF Extension: Multiple Checkbox Checker - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid0-BhB0u1jjAYBkCecSVdoY1yjuo6o@jetpack.xpi [2014-08-17]
FF Extension: What about:.. - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid0-IPSuVKD0J7yL1cIBwQAdoHTCWmY@jetpack.xpi [2014-08-09]
FF Extension: YouTube Center - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-08-08]
FF Extension: WikiWand: Wikipedia Modernized - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid1-D7momAzRw417Ag@jetpack.xpi [2014-08-23]
FF Extension: Tab Grenade - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid1-gzlHTgBCb5hzkA@jetpack.xpi [2014-08-09]
FF Extension: I don't care about cookies - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2014-09-02]
FF Extension: Youtube Subscriptions Grid - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi [2014-08-11]
FF Extension: New Tab Tools - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\newtabtools@darktrojan.net.xpi [2014-08-31]
FF Extension: Prevent Tab Overflow - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\noverflow@sdrocking.com.xpi [2014-08-09]
FF Extension: Open In Chrome - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\openinchrome@griffeltavla.wordpress.com.xpi [2014-08-09]
FF Extension: PageZipper - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\pagezipper@printwhatyoulike.com.xpi [2014-08-09]
FF Extension: Profilist - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\Profilist@jetpack.xpi [2014-08-09]
FF Extension: Restartless Restart - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\restartless.restart@erikvold.com.xpi [2014-08-08]
FF Extension: S3.Google Translator - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\s3google@translator.xpi [2014-08-09]
FF Extension: Menu Wizard - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\s3menu@wizard.xpi [2014-08-08]
FF Extension: ScrapBook X - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\scrapbookx@addons.mozilla.org.xpi [2014-08-17]
FF Extension: Show Parent Folder - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\showParentFolder@alice.xpi [2014-08-09]
FF Extension: Tab Group Bar - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\TabGroupBar@krzysztof.dawidowicz.uj.edu.pl.xpi [2014-08-15]
FF Extension: YesScript - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\yesscript@userstyles.org.xpi [2014-09-03]
FF Extension: All-in-One Sidebar - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-08-08]
FF Extension: Session Manager - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-08]
FF Extension: Stay-Open Menu - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{3541c267-2580-4144-854e-2e05c8670121}.xpi [2014-08-08]
FF Extension: Textarea Cache - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi [2014-08-09]
FF Extension: NoScript - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-19]
FF Extension: Session Exporter - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{943b5589-7808-4a70-acdc-7b6ee21e7cce}.xpi [2014-08-08]
FF Extension: Plugins Toggler - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{996bb709-9ff1-4b3e-a865-b5820fd84345}.xpi [2014-08-21]
FF Extension: LinkmanFox - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{A81031F3-6CEE-4A19-809F-4E26C1D9C1D1}.xpi [2014-09-09]
FF Extension: RightToClick - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-08-12]
FF Extension: Tab Mix Plus - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-08-08]
FF Extension: DownThemAll! - C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-08-04]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-03-03]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HomePage: Default -> 490CA033F0FD3EF4BD7F11E45496F8D3BB8E7F6B0CFE108813122213B28DFB63
CHR StartupUrls: Default -> "https://www.google.com/?gws_rd=ssl"
CHR DefaultSearchKeyword: Default -> C050F3AAC67AA10CACA28BA88AC18A2E97E73253534912D6DCC66A048FF740BC
CHR DefaultSearchURL: Default -> chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html#2
CHR Profile: C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-06]
CHR Extension: (Tab-Snap) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjloplcjllkammemhenacfjcccockde [2014-07-13]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-22]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2014-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-22]
CHR Extension: (DuckieTV - 'Browser Action' mode) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfkaloficjmdjbgmckaddgfcghgidei [2014-09-04]
CHR Extension: (Go Extensions) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdlogpoaigpjcfjfllhjdaniobkjnkmg [2014-08-14]
CHR Extension: (Tab Scissors) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdochbecpfdpjobpgnacnbepkgcfhoek [2014-05-22]
CHR Extension: (Share Extensions) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2014-05-22]
CHR Extension: (Incognito-Filter) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2014-05-22]
CHR Extension: (Google Search) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-22]
CHR Extension: (Restart your browser) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfmhdgpigoebiiccopgpbjacndhldoo [2014-05-22]
CHR Extension: (Subscriptions Grid For YouTube™) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnjhgnfnmijfkmcddcmffeamphmmeed [2014-06-07]
CHR Extension: (Spell Bee) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfbnahffpakjbdlccohcoglcnafhgnhm [2014-09-04]
CHR Extension: (Copy All Urls) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2014-05-22]
CHR Extension: (Session Buddy) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-05-22]
CHR Extension: (Tabs Outliner) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-08-14]
CHR Extension: (Video Downloader professional) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-07-13]
CHR Extension: (SearchBar) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed [2014-05-22]
CHR Extension: (Close Tabs) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2014-05-22]
CHR Extension: (Tampermonkey BETA) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2014-05-22]
CHR Extension: (Close tabs to the left) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmjpicopfkgmjdomahfjkmhpcelklba [2014-08-12]
CHR Extension: (Selection Search) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2014-08-13]
CHR Extension: (Blockchain) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\glaohkkooicollgefkkmndjcbblominl [2014-08-04]
CHR Extension: (Dream Afar New Tab) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn [2014-08-31]
CHR Extension: (LinkStash Bookmark Manager) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhneaipkmnkoklgnkmiidfijfflbobhb [2014-09-09]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-07-21]
CHR Extension: (Yet Another Drag and Go FIX) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbfjijnippekinigficbmbmfkiihpng [2014-05-26]
CHR Extension: (Bookmarks Shortcut for Google Chrome™) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhcephcagmjfljemognihhmophkdoe [2014-05-22]
CHR Extension: (close pinned tab) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnlecdojfenkidbfdjejdmajggkegca [2014-05-26]
CHR Extension: (Fast Search for eBay) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf [2014-08-19]
CHR Extension: (The Great Suspender) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-08-14]
CHR Extension: (Zoom) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-05-22]
CHR Extension: (Reload All Tabs) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2014-05-22]
CHR Extension: (Currency Converter) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg [2014-05-22]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-05-22]
CHR Extension: (Tab Glue) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfedioikeigljhjfpghdejnogniddhna [2014-05-22]
CHR Extension: (Clickable Links) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia [2014-05-22]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2014-07-15]
CHR Extension: (Comment Save) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndmcbhmmonjkclhmeidccodfhlifmmco [2014-08-20]
CHR Extension: (Save to Pocket) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-05-22]
CHR Extension: (Extensions Update Notifier) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlldbplhbaopldicmcoogopmkonpebjm [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-07-10]
CHR Extension: (Pickpocket) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfomjjafcdfkdodojjgkhlepcofaail [2014-05-22]
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2014-05-22]
CHR Extension: (Oh My Tabs!) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pafbcbpkhdaannjjnemdlohnoaecbohb [2014-05-22]
CHR Extension: (Linkman) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchnedaeogijkjjkjigbijhbcanbdjkc [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-22]
CHR Extension: (Open External Links in New Tab) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgjfdndcgbblimbigekghdmgkjbffba [2014-07-13]
CHR Extension: (RoboForm) - C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-22]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-08-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4783632 2014-09-08] (Emsisoft GmbH)
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759072 2008-12-19] (ABBYY (BIT Software))
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [120040 2014-09-04] (Insoft LLC)
S3 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1237600 2014-08-03] ()
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 BRN_APPGUARD_SERVICE; C:\Program Files (x86)\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [783072 2014-08-11] (Blue Ridge Networks)
S3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [467968 2009-11-09] (Green Parrots Software) [File not signed]
S3 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] () [File not signed]
S3 PRMonitorService; C:\Program Files (x86)\Personal Renamer\PRService1.exe [58368 2010-11-25] (VC) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2012.SP4c\RpcAgentSrv.exe [68760 2009-06-20] (SiSoftware) [File not signed]
R3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-06-19] (Sandboxie Holdings, LLC)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3653352 2014-08-14] (StorageCraft Technology Corporation)
R2 StorageCraft ImageManager; C:\Program Files (x86)\StorageCraft\ImageManager\ImageManager.exe [1818344 2014-07-10] (StorageCraft Technology Corporation)
S3 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4409760 2014-08-14] ()
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821096 2014-08-13] (Mister Group)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [95464 2014-08-14] (StorageCraft Technology Corporation)
S3 VzService; C:\Program Files\Symantec\Workspace Virtualization\VzService.exe [160160 2014-04-23] (Symantec Corporation)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97280 2014-09-08] (BiniSoft.org) [File not signed]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
R1 BrnFileLock; c:\windows\system32\drivers\brnfilelock.sys [79648 2014-06-13] (Blue Ridge Networks)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R1 FAMv4; C:\Windows\System32\DRIVERS\FAMv4.sys [118672 2010-05-07] (VisionWorks Solutions, Inc) [File not signed]
R0 FSLX; C:\Windows\System32\drivers\fslx.sys [496032 2014-04-23] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2012.SP4c\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-06-19] (Sandboxie Holdings, LLC)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [132840 2014-08-14] (StorageCraft Technology Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-12] (Duplex Secure Ltd.)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2014-03-02] (StorageCraft Technology Corporation)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 10:47 - 2014-09-09 10:48 - 00040476 _____ () C:\Users\Lewlew\Desktop\FRST.txt
2014-09-09 10:47 - 2014-09-09 10:47 - 00000000 ____D () C:\FRST
2014-09-09 10:45 - 2014-09-09 10:45 - 02105344 _____ (Farbar) C:\Users\Lewlew\Desktop\FRST64.exe
2014-09-09 03:46 - 2014-09-09 03:46 - 00001019 _____ () C:\Users\Public\Desktop\Linkman Pro.lnk
2014-09-09 03:23 - 2014-09-09 03:56 - 00001105 _____ () C:\Windows\lnkstash.INI
2014-09-09 03:19 - 2014-09-09 04:15 - 00000000 ____D () C:\Users\Lewlew\Documents\LinkStash
2014-09-09 03:16 - 2014-09-09 03:16 - 00000974 _____ () C:\Users\Lewlew\Desktop\LinkStash.lnk
2014-09-09 03:16 - 2014-09-09 03:16 - 00000000 ____D () C:\Program Files (x86)\LinkStash
2014-09-09 01:11 - 2014-09-09 01:11 - 00001838 _____ () C:\Users\Lewlew\Desktop\Flash_Disable_ProtectedMode.bat
2014-09-08 13:06 - 2014-09-08 13:06 - 03257982 _____ () C:\Users\Lewlew\Desktop\RegWatcher.zip
2014-09-08 07:01 - 2014-09-08 07:01 - 00000056 _____ () C:\Windows\setupact.log
2014-09-08 07:01 - 2014-09-08 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 03:40 - 2014-09-08 03:40 - 00000000 ____D () C:\Users\Lewlew\Desktop\CLEANING BOTS
2014-09-07 21:31 - 2014-09-08 01:18 - 00000000 ___HD () C:\fslrdr
2014-09-07 21:30 - 2014-09-07 21:30 - 00000000 ____D () C:\Program Files\Symantec
2014-09-07 21:29 - 2014-09-07 21:29 - 00000000 ____D () C:\ProgramData\Symantec
2014-09-07 00:29 - 2014-09-07 00:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-07 00:22 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-07 00:22 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-07 00:22 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-07 00:22 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-07 00:22 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-07 00:22 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-07 00:22 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-07 00:22 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-07 00:20 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-07 00:20 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-07 00:20 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-07 00:20 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-07 00:20 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-07 00:20 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-07 00:20 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-07 00:20 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-07 00:20 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-07 00:20 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-07 00:20 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-07 00:20 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-07 00:20 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-07 00:20 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-07 00:20 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-07 00:20 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-07 00:20 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-07 00:20 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-07 00:20 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-07 00:20 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-07 00:20 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-07 00:20 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-07 00:20 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-07 00:20 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-07 00:20 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-07 00:20 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-07 00:20 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-07 00:20 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-07 00:20 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-07 00:20 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-07 00:20 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-07 00:20 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-07 00:20 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-07 00:20 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-07 00:20 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-07 00:20 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-07 00:20 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-07 00:20 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-07 00:20 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-07 00:20 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-07 00:20 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-07 00:20 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-07 00:20 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-07 00:20 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-07 00:20 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-07 00:20 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-07 00:20 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-07 00:20 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-07 00:20 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-07 00:20 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-07 00:20 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-07 00:20 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-07 00:20 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-07 00:20 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-07 00:20 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-07 00:20 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-07 00:19 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-07 00:19 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-07 00:19 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 00:19 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-07 00:19 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-07 00:19 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-07 00:19 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-07 00:18 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-07 00:18 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-07 00:18 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-07 00:18 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-07 00:18 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-07 00:18 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-07 00:18 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-07 00:18 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-07 00:18 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-07 00:18 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-06 21:40 - 2014-09-06 21:40 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Oracle
2014-09-06 21:36 - 2014-09-06 21:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 21:36 - 2014-09-06 21:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 21:36 - 2014-09-06 21:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 21:36 - 2014-09-06 21:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 21:35 - 2014-09-06 21:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-06 21:33 - 2014-09-06 21:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-06 21:14 - 2014-09-06 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-06 16:24 - 2014-09-06 16:24 - 00000400 _____ () C:\Users\Lewlew\Desktop\DSiteproducts.reg
2014-09-06 16:15 - 2014-09-06 16:15 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Insoft LLC
2014-09-06 16:03 - 2014-09-06 16:04 - 00000000 ____D () C:\Users\Lewlew\Desktop\NetworkMiner_1-6-1
2014-09-06 11:31 - 2014-09-06 11:31 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\KC Softwares
2014-09-06 11:28 - 2014-09-06 11:33 - 00000000 ____D () C:\Program Files (x86)\PlayTime PORTABLE skywire
2014-09-06 11:26 - 2014-09-06 11:26 - 00000000 ____D () C:\Program Files\MediaInfo
2014-09-06 05:38 - 2014-08-26 17:16 - 00746496 _____ () C:\Windows\SysWOW64\SyncBackSE.dll
2014-09-06 04:58 - 2014-09-06 05:00 - 69329016 _____ () C:\Users\Lewlew\Desktop\Amateur Redhead Masturbating while watching porn - xHamster_com.mp4
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ___SD () C:\Users\Lewlew\Desktop\32788R22FWJFW
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ____D () C:\Qoobox
2014-09-04 20:51 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 20:51 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 20:51 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-04 20:51 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 20:51 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 20:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-04 20:51 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-04 20:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-04 18:27 - 2014-09-04 18:39 - 00000000 ____D () C:\Users\Lewlew\Documents\PhraseExpress
2014-09-04 18:26 - 2014-09-04 18:26 - 00000000 ____D () C:\Program Files (x86)\PhraseExpress_USB
2014-09-04 14:40 - 2014-09-04 14:43 - 00000000 ____D () C:\Program Files (x86)\Breevy332 PORTABLE
2014-09-04 14:40 - 2014-09-04 14:40 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Breevy
2014-09-04 03:10 - 2014-09-04 03:10 - 00049015 _____ () C:\Users\Lewlew\Desktop\Emet.xml
2014-09-03 14:42 - 2014-09-03 14:42 - 11239424 _____ () C:\Users\Lewlew\Desktop\EMET Setup.msi
2014-09-03 11:49 - 2014-09-03 11:49 - 00001756 ____R () C:\Users\Lewlew\Desktop\FFDumpListSep03 2014.txt
2014-09-02 23:29 - 2014-09-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Blasteroids Win64
2014-09-02 22:17 - 2014-09-02 22:17 - 00001343 _____ () C:\Users\Lewlew\Desktop\epCheck.exe - Shortcut.lnk
2014-09-02 22:16 - 2014-09-02 22:17 - 00000000 ____D () C:\Program Files (x86)\epCheck_beta
2014-09-01 20:07 - 2014-09-01 20:07 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\DVDVideoSoft
2014-09-01 15:39 - 2014-09-01 15:48 - 00000000 ____D () C:\Program Files (x86)\FastStoneResizer33 PORTABLE
2014-09-01 15:24 - 2014-09-03 11:45 - 00000000 ___RD () C:\Users\Lewlew\Desktop\TheFappening2014 AppleGoof
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\Program Files\usbtreeview
2014-08-28 13:25 - 2014-08-28 13:25 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-08-28 13:04 - 2014-08-28 13:04 - 00000000 ____D () C:\Program Files\WinPcap
2014-08-26 19:37 - 2014-08-27 10:18 - 00000000 ____D () C:\ProgramData\NoVirusThanks
2014-08-26 12:54 - 2014-08-26 12:54 - 00000833 _____ () C:\Users\Lewlew\Desktop\services.msc.lnk
2014-08-25 00:45 - 2014-08-25 00:50 - 00000000 __SHD () C:\$ISR
2014-08-25 00:44 - 2014-08-25 00:44 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-08-21 14:53 - 2014-08-21 14:54 - 00000000 ____D () C:\Program Files (x86)\Winamp_Info_Tool
2014-08-21 14:47 - 2014-08-21 14:51 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Winamp Info Tool
2014-08-21 14:45 - 2014-08-21 15:02 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Winamp Backup Tool
2014-08-20 03:46 - 2014-09-09 03:32 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Everything
2014-08-20 03:46 - 2014-08-20 03:46 - 00000000 ____D () C:\Program Files\Everything
2014-08-19 22:16 - 2014-08-19 22:16 - 00001837 _____ () C:\Users\Lewlew\Desktop\AnyDesk.lnk
2014-08-19 22:16 - 2014-08-19 22:16 - 00001102 _____ () C:\Users\Lewlew\Desktop\TeamViewer 9.lnk
2014-08-19 22:14 - 2014-08-19 22:14 - 00001293 _____ () C:\Users\Lewlew\Desktop\calibre.exe - Shortcut.lnk
2014-08-19 22:14 - 2014-08-19 22:09 - 00001051 _____ () C:\Users\Lewlew\Desktop\TEBookConverter.lnk
2014-08-19 22:09 - 2014-08-19 22:09 - 00000000 ____D () C:\Users\Lewlew\Documents\TEBookConverter
2014-08-19 22:09 - 2014-08-19 22:09 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\TEBookConverter
2014-08-19 22:08 - 2014-08-19 22:09 - 00000000 ____D () C:\Program Files (x86)\TEBookConverter
2014-08-19 04:30 - 2014-09-04 03:05 - 00003188 _____ () C:\Windows\System32\Tasks\Wise Auto Shutdown Task
2014-08-17 20:20 - 2014-08-17 20:20 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Process Hacker 2
2014-08-17 20:20 - 2014-08-17 20:20 - 00000000 ____D () C:\Program Files (x86)\processhacker-2.33-bin
2014-08-17 03:25 - 2014-08-25 16:37 - 00000000 ____D () C:\Program Files\Notation
2014-08-17 03:25 - 2014-08-17 03:25 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Notation
2014-08-17 03:25 - 2014-08-17 03:25 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\Alison_Robson
2014-08-17 02:33 - 2014-08-17 02:36 - 00000000 ____D () C:\Program Files\npp.6.6.8.bin
2014-08-17 00:48 - 2014-08-17 00:48 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\Leanterface_Inc
2014-08-17 00:46 - 2014-09-05 14:52 - 00000000 ____D () C:\OneCommanderLatest64bit
2014-08-16 12:28 - 2014-08-21 14:21 - 00000000 ____D () C:\Program Files\streamwriter
2014-08-16 04:21 - 2014-08-16 04:21 - 00000000 ____D () C:\Users\Lewlew\dwhelper
2014-08-14 15:48 - 2014-08-14 15:48 - 00004096 ___SH () C:\VSM000.IDX
2014-08-14 15:03 - 2014-08-14 15:04 - 00000000 ____D () C:\Program Files (x86)\FileLocator Pro 2042 PORTABLE
2014-08-14 11:01 - 2014-08-14 11:01 - 00132840 _____ (StorageCraft Technology Corporation) C:\Windows\system32\Drivers\sbmount.sys
2014-08-14 10:58 - 2014-08-14 10:58 - 00001780 _____ () C:\parameters.reg
2014-08-14 02:42 - 2014-09-04 20:57 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\uTorrent
2014-08-14 01:56 - 2014-08-14 01:56 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Mythicsoft
2014-08-14 01:56 - 2014-08-14 01:56 - 00000000 ____D () C:\Program Files\Mythicsoft
2014-08-12 18:51 - 2014-08-12 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATTRIBUTE CHANGER
2014-08-12 16:34 - 2014-08-12 16:35 - 00000000 ____D () C:\Program Files\PhotoDateChanger
2014-08-12 12:33 - 2014-08-12 15:58 - 00000000 ____D () C:\PPLog
2014-08-10 01:58 - 2014-08-10 01:58 - 00000482 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 10:48 - 2014-09-09 10:47 - 00040476 _____ () C:\Users\Lewlew\Desktop\FRST.txt
2014-09-09 10:48 - 2014-03-14 23:49 - 00000000 ____D () C:\ProgramData\Adguard
2014-09-09 10:47 - 2014-09-09 10:47 - 00000000 ____D () C:\FRST
2014-09-09 10:46 - 2014-08-08 19:54 - 00007342 _____ () C:\Windows\Sandboxie.ini
2014-09-09 10:45 - 2014-09-09 10:45 - 02105344 _____ (Farbar) C:\Users\Lewlew\Desktop\FRST64.exe
2014-09-09 10:04 - 2012-08-04 11:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-09 08:02 - 2014-06-19 14:10 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-09 04:15 - 2014-09-09 03:19 - 00000000 ____D () C:\Users\Lewlew\Documents\LinkStash
2014-09-09 04:15 - 2012-08-04 13:01 - 00000000 ___RD () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\INTARDNET
2014-09-09 04:13 - 2014-07-13 06:13 - 00511649 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 03:56 - 2014-09-09 03:23 - 00001105 _____ () C:\Windows\lnkstash.INI
2014-09-09 03:46 - 2014-09-09 03:46 - 00001019 _____ () C:\Users\Public\Desktop\Linkman Pro.lnk
2014-09-09 03:46 - 2014-06-18 14:51 - 00000000 ____D () C:\Program Files (x86)\Linkman
2014-09-09 03:32 - 2014-08-20 03:46 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Everything
2014-09-09 03:16 - 2014-09-09 03:16 - 00000974 _____ () C:\Users\Lewlew\Desktop\LinkStash.lnk
2014-09-09 03:16 - 2014-09-09 03:16 - 00000000 ____D () C:\Program Files (x86)\LinkStash
2014-09-09 01:11 - 2014-09-09 01:11 - 00001838 _____ () C:\Users\Lewlew\Desktop\Flash_Disable_ProtectedMode.bat
2014-09-09 00:09 - 2012-08-04 15:59 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAIL
2014-09-09 00:05 - 2014-03-01 09:50 - 00000000 ____D () C:\Program Files (x86)\POP Peeper
2014-09-08 13:06 - 2014-09-08 13:06 - 03257982 _____ () C:\Users\Lewlew\Desktop\RegWatcher.zip
2014-09-08 12:54 - 2012-08-04 16:36 - 00000000 ____D () C:\Program Files\Windows Firewall Control
2014-09-08 10:47 - 2012-05-11 23:46 - 00000000 ____D () C:\Program Files (x86)\sWeather
2014-09-08 10:43 - 2014-04-08 14:53 - 00000000 ____D () C:\Program Files (x86)\ac'tivAid
2014-09-08 10:43 - 2012-08-04 11:26 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Flashnote
2014-09-08 07:09 - 2009-07-13 21:45 - 00013584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 07:09 - 2009-07-13 21:45 - 00013584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 07:06 - 2009-07-13 22:13 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 07:03 - 2014-03-14 23:49 - 00000000 ____D () C:\Program Files (x86)\Adguard
2014-09-08 07:01 - 2014-09-08 07:01 - 00000056 _____ () C:\Windows\setupact.log
2014-09-08 07:01 - 2014-09-08 07:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 07:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 03:40 - 2014-09-08 03:40 - 00000000 ____D () C:\Users\Lewlew\Desktop\CLEANING BOTS
2014-09-08 01:18 - 2014-09-07 21:31 - 00000000 ___HD () C:\fslrdr
2014-09-07 22:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-07 22:10 - 2009-07-13 21:45 - 00442616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 22:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-07 21:30 - 2014-09-07 21:30 - 00000000 ____D () C:\Program Files\Symantec
2014-09-07 21:29 - 2014-09-07 21:29 - 00000000 ____D () C:\ProgramData\Symantec
2014-09-07 00:41 - 2012-08-04 08:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-07 00:29 - 2014-09-07 00:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-07 00:29 - 2012-08-11 14:53 - 00000000 ____D () C:\ProgramData\Skype
2014-09-06 21:40 - 2014-09-06 21:40 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Oracle
2014-09-06 21:36 - 2014-03-04 00:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 21:35 - 2014-09-06 21:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-06 21:35 - 2014-09-06 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-06 21:35 - 2014-09-06 21:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-06 21:35 - 2014-09-06 21:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-06 21:35 - 2014-09-06 21:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-06 21:33 - 2014-09-06 21:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-06 21:33 - 2014-03-22 04:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-06 21:33 - 2014-03-22 04:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-06 21:33 - 2014-03-22 04:13 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-06 21:28 - 2014-09-06 21:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-06 21:27 - 2014-03-03 14:36 - 00000000 ____D () C:\Users\Lewlew\Desktop\Desktop TEMP
2014-09-06 21:22 - 2014-03-04 00:35 - 00000000 ____D () C:\Program Files (x86)\JavaRa
2014-09-06 21:14 - 2014-03-29 03:58 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 21:13 - 2014-03-29 03:58 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 21:05 - 2014-03-27 14:14 - 00000000 ____D () C:\Program Files\Registry Workshop
2014-09-06 16:24 - 2014-09-06 16:24 - 00000400 _____ () C:\Users\Lewlew\Desktop\DSiteproducts.reg
2014-09-06 16:15 - 2014-09-06 16:15 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Insoft LLC
2014-09-06 16:04 - 2014-09-06 16:03 - 00000000 ____D () C:\Users\Lewlew\Desktop\NetworkMiner_1-6-1
2014-09-06 15:59 - 2012-08-05 12:49 - 00000000 ____D () C:\Program Files (x86)\WSCC Portable
2014-09-06 11:33 - 2014-09-06 11:28 - 00000000 ____D () C:\Program Files (x86)\PlayTime PORTABLE skywire
2014-09-06 11:31 - 2014-09-06 11:31 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\KC Softwares
2014-09-06 11:31 - 2013-11-23 14:00 - 00000000 ____D () C:\Program Files (x86)\videoinspector PORTABLE
2014-09-06 11:26 - 2014-09-06 11:26 - 00000000 ____D () C:\Program Files\MediaInfo
2014-09-06 05:38 - 2014-03-09 13:53 - 00001157 _____ () C:\Users\Lewlew\Desktop\SyncBackSE.lnk
2014-09-06 05:35 - 2014-03-23 17:19 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\CrashDumps
2014-09-06 05:00 - 2014-09-06 04:58 - 69329016 _____ () C:\Users\Lewlew\Desktop\Amateur Redhead Masturbating while watching porn - xHamster_com.mp4
2014-09-05 19:09 - 2012-08-04 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORD TEXT
2014-09-05 14:52 - 2014-08-17 00:46 - 00000000 ____D () C:\OneCommanderLatest64bit
2014-09-05 14:32 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 14:26 - 2012-08-04 08:23 - 00000000 ____D () C:\Users\Lewlew
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ___SD () C:\Users\Lewlew\Desktop\32788R22FWJFW
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ____D () C:\Windows\erdnt
2014-09-05 00:09 - 2014-09-05 00:09 - 00000000 ____D () C:\Qoobox
2014-09-04 21:29 - 2014-06-15 22:31 - 00000000 ____D () C:\ProgramData\Freemake
2014-09-04 21:29 - 2014-06-15 22:30 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-09-04 20:57 - 2014-08-14 02:42 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\uTorrent
2014-09-04 18:39 - 2014-09-04 18:27 - 00000000 ____D () C:\Users\Lewlew\Documents\PhraseExpress
2014-09-04 18:38 - 2012-08-08 14:55 - 00000000 ____D () C:\Users\Public\Documents\PhraseExpress
2014-09-04 18:27 - 2012-08-08 14:55 - 00000000 ____D () C:\Program Files (x86)\PhraseExpress
2014-09-04 18:26 - 2014-09-04 18:26 - 00000000 ____D () C:\Program Files (x86)\PhraseExpress_USB
2014-09-04 14:43 - 2014-09-04 14:40 - 00000000 ____D () C:\Program Files (x86)\Breevy332 PORTABLE
2014-09-04 14:40 - 2014-09-04 14:40 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Breevy
2014-09-04 03:10 - 2014-09-04 03:10 - 00049015 _____ () C:\Users\Lewlew\Desktop\Emet.xml
2014-09-04 03:05 - 2014-08-19 04:30 - 00003188 _____ () C:\Windows\System32\Tasks\Wise Auto Shutdown Task
2014-09-04 03:05 - 2012-08-05 11:24 - 00003720 _____ () C:\Windows\System32\Tasks\OBP8_T003_BackupJob_OUTLOOK ONLY
2014-09-04 03:05 - 2012-08-05 11:22 - 00003748 _____ () C:\Windows\System32\Tasks\OBP8_T002_BackupJob_OutBack Plus SETTINGS ONLY
2014-09-04 03:05 - 2012-08-05 11:21 - 00003738 _____ () C:\Windows\System32\Tasks\OBP8_T001_BackupJob_BrowsersDocumentsPlus
2014-09-03 14:42 - 2014-09-03 14:42 - 11239424 _____ () C:\Users\Lewlew\Desktop\EMET Setup.msi
2014-09-03 11:49 - 2014-09-03 11:49 - 00001756 ____R () C:\Users\Lewlew\Desktop\FFDumpListSep03 2014.txt
2014-09-03 11:45 - 2014-09-01 15:24 - 00000000 ___RD () C:\Users\Lewlew\Desktop\TheFappening2014 AppleGoof
2014-09-02 23:30 - 2014-09-02 23:29 - 00000000 ____D () C:\Program Files (x86)\Blasteroids Win64
2014-09-02 22:17 - 2014-09-02 22:17 - 00001343 _____ () C:\Users\Lewlew\Desktop\epCheck.exe - Shortcut.lnk
2014-09-02 22:17 - 2014-09-02 22:16 - 00000000 ____D () C:\Program Files (x86)\epCheck_beta
2014-09-01 21:09 - 2014-03-04 00:44 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-01 21:09 - 2014-03-04 00:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 20:54 - 2014-03-07 06:29 - 00000000 ____D () C:\Program Files (x86)\Beyond Compare 3
2014-09-01 20:07 - 2014-09-01 20:07 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\DVDVideoSoft
2014-09-01 15:48 - 2014-09-01 15:39 - 00000000 ____D () C:\Program Files (x86)\FastStoneResizer33 PORTABLE
2014-09-01 03:13 - 2012-08-04 16:33 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Winamp
2014-08-31 14:48 - 2014-03-03 01:24 - 00001303 _____ () C:\Windows\MultiTimer.ini
2014-08-30 11:36 - 2014-03-01 07:35 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\RoboForm
2014-08-29 23:04 - 2014-07-17 00:51 - 00000000 ____D () C:\Program Files (x86)\MaxthonPortable
2014-08-29 18:43 - 2014-08-29 18:43 - 00000000 ____D () C:\Program Files\usbtreeview
2014-08-29 12:19 - 2014-08-08 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 13:25 - 2014-08-28 13:25 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-08-28 13:05 - 2014-06-15 22:31 - 00000000 ____D () C:\Users\Lewlew\Documents\Freemake
2014-08-28 13:04 - 2014-08-28 13:04 - 00000000 ____D () C:\Program Files\WinPcap
2014-08-27 10:22 - 2012-08-04 15:59 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SECURITY
2014-08-27 10:18 - 2014-08-26 19:37 - 00000000 ____D () C:\ProgramData\NoVirusThanks
2014-08-27 03:46 - 2014-03-06 15:19 - 00000000 ____D () C:\Program Files (x86)\CCleaner Portable
2014-08-26 17:16 - 2014-09-06 05:38 - 00746496 _____ () C:\Windows\SysWOW64\SyncBackSE.dll
2014-08-26 12:54 - 2014-08-26 12:54 - 00000833 _____ () C:\Users\Lewlew\Desktop\services.msc.lnk
2014-08-26 10:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Registration
2014-08-25 16:37 - 2014-08-17 03:25 - 00000000 ____D () C:\Program Files\Notation
2014-08-25 16:37 - 2012-08-04 13:23 - 00000000 ___RD () C:\Users\Lewlew\Desktop\STARTMEUP TEMP
2014-08-25 01:12 - 2012-08-04 12:20 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BACKUP
2014-08-25 00:50 - 2014-08-25 00:45 - 00000000 __SHD () C:\$ISR
2014-08-25 00:44 - 2014-08-25 00:44 - 00000000 ____D () C:\Program Files (x86)\Raxco
2014-08-23 23:58 - 2014-08-04 14:51 - 00001052 _____ () C:\ProgramData\EXERadar.LIC
2014-08-23 14:18 - 2014-05-09 10:43 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-08-22 19:07 - 2014-09-07 00:19 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-09-07 00:19 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-09-07 00:19 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 15:29 - 2014-03-06 02:05 - 00000000 ____D () C:\Program Files (x86)\PowerArchiver
2014-08-21 15:02 - 2014-08-21 14:45 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Winamp Backup Tool
2014-08-21 14:57 - 2012-08-04 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BACKUP
2014-08-21 14:54 - 2014-08-21 14:53 - 00000000 ____D () C:\Program Files (x86)\Winamp_Info_Tool
2014-08-21 14:51 - 2014-08-21 14:47 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Winamp Info Tool
2014-08-21 14:45 - 2012-08-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Winamp Backup Tool
2014-08-21 14:21 - 2014-08-16 12:28 - 00000000 ____D () C:\Program Files\streamwriter
2014-08-20 17:06 - 2012-08-04 13:15 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FILES & FOLDERS
2014-08-20 03:46 - 2014-08-20 03:46 - 00000000 ____D () C:\Program Files\Everything
2014-08-20 03:45 - 2014-03-03 18:51 - 00000000 ____D () C:\Program Files (x86)\Everything-1.3.3.658b.x64 PORTABLE
2014-08-19 22:16 - 2014-08-19 22:16 - 00001837 _____ () C:\Users\Lewlew\Desktop\AnyDesk.lnk
2014-08-19 22:16 - 2014-08-19 22:16 - 00001102 _____ () C:\Users\Lewlew\Desktop\TeamViewer 9.lnk
2014-08-19 22:15 - 2012-08-05 12:56 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WORD TEXT
2014-08-19 22:14 - 2014-08-19 22:14 - 00001293 _____ () C:\Users\Lewlew\Desktop\calibre.exe - Shortcut.lnk
2014-08-19 22:14 - 2014-03-08 14:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-08-19 22:12 - 2014-03-08 14:54 - 00000000 ____D () C:\Users\Lewlew\Documents\Calibre Library
2014-08-19 22:09 - 2014-08-19 22:14 - 00001051 _____ () C:\Users\Lewlew\Desktop\TEBookConverter.lnk
2014-08-19 22:09 - 2014-08-19 22:09 - 00000000 ____D () C:\Users\Lewlew\Documents\TEBookConverter
2014-08-19 22:09 - 2014-08-19 22:09 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\TEBookConverter
2014-08-19 22:09 - 2014-08-19 22:08 - 00000000 ____D () C:\Program Files (x86)\TEBookConverter
2014-08-17 20:20 - 2014-08-17 20:20 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Process Hacker 2
2014-08-17 20:20 - 2014-08-17 20:20 - 00000000 ____D () C:\Program Files (x86)\processhacker-2.33-bin
2014-08-17 13:31 - 2014-05-03 22:33 - 00000000 ____D () C:\Users\Lewlew\Documents\OneNote Notebooks
2014-08-17 03:25 - 2014-08-17 03:25 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Notation
2014-08-17 03:25 - 2014-08-17 03:25 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\Alison_Robson
2014-08-17 02:36 - 2014-08-17 02:33 - 00000000 ____D () C:\Program Files\npp.6.6.8.bin
2014-08-17 00:48 - 2014-08-17 00:48 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\Leanterface_Inc
2014-08-16 23:37 - 2014-03-01 09:08 - 00000000 ____D () C:\Program Files (x86)\AJC Software
2014-08-16 23:34 - 2014-03-02 17:59 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\AJC Software
2014-08-16 23:28 - 2014-03-02 17:44 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-08-16 23:28 - 2014-03-01 09:10 - 00000000 ____D () C:\ProgramData\AJC Software
2014-08-16 20:07 - 2012-08-11 11:27 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-16 19:32 - 2012-08-09 23:51 - 00001674 _____ () C:\Users\Lewlew\Desktop\Aces High.lnk
2014-08-16 05:11 - 2014-03-03 15:45 - 00000000 ____D () C:\Users\Lewlew\AppData\Local\TextManipulationUtility
2014-08-16 05:10 - 2014-03-03 15:45 - 00000000 ____D () C:\Program Files (x86)\TextManipulation-DonationCoder
2014-08-16 04:21 - 2014-08-16 04:21 - 00000000 ____D () C:\Users\Lewlew\dwhelper
2014-08-15 10:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-15 02:24 - 2014-08-09 19:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-15 00:10 - 2014-05-20 12:28 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\ImgBurn
2014-08-14 20:36 - 2014-03-09 15:36 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-14 15:49 - 2012-08-07 18:13 - 00000000 ____D () C:\Program Files\TrueLaunchBar
2014-08-14 15:48 - 2014-08-14 15:48 - 00004096 ___SH () C:\VSM000.IDX
2014-08-14 15:04 - 2014-08-14 15:03 - 00000000 ____D () C:\Program Files (x86)\FileLocator Pro 2042 PORTABLE
2014-08-14 11:04 - 2012-08-04 20:32 - 00000000 ____D () C:\Program Files (x86)\Chameleon Window Manager
2014-08-14 11:01 - 2014-08-14 11:01 - 00132840 _____ (StorageCraft Technology Corporation) C:\Windows\system32\Drivers\sbmount.sys
2014-08-14 10:58 - 2014-08-14 10:58 - 00001780 _____ () C:\parameters.reg
2014-08-14 10:58 - 2012-08-04 08:35 - 00000000 ____D () C:\Program Files (x86)\StorageCraft
2014-08-14 10:57 - 2014-03-14 23:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-14 10:54 - 2014-04-10 18:20 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\StorageCraft
2014-08-14 02:46 - 2012-08-04 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILES & FOLDERS
2014-08-14 01:56 - 2014-08-14 01:56 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Mythicsoft
2014-08-14 01:56 - 2014-08-14 01:56 - 00000000 ____D () C:\Program Files\Mythicsoft
2014-08-12 22:46 - 2012-08-05 12:59 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds&Sods
2014-08-12 18:53 - 2014-08-12 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATTRIBUTE CHANGER
2014-08-12 16:35 - 2014-08-12 16:34 - 00000000 ____D () C:\Program Files\PhotoDateChanger
2014-08-12 16:31 - 2014-03-08 18:17 - 00000000 ____D () C:\Users\Lewlew\AppData\Roaming\vlc
2014-08-12 15:58 - 2014-08-12 12:33 - 00000000 ____D () C:\PPLog
2014-08-12 12:01 - 2014-08-04 00:51 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-08-10 13:31 - 2014-08-08 11:25 - 00001500 _____ () C:\Users\Lewlew\Desktop\FF DumplistAug8 2014.txt
2014-08-10 01:58 - 2014-08-10 01:58 - 00000482 __RSH () C:\ProgramData\ntuser.pol
2014-08-10 01:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2014-03-04 02:39] - [2011-02-24 23:19] - 2388992 ____A (Microsoft Corporation) E030FE165210F87F517B0E4EDBFED30D

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:29

==================== End Of Log ============================


Lew/+Silat
Oregon

#5 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 12:09 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Lewlew at 2014-09-09 10:49:04
Running from C:\Users\Lewlew\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@icon sushi 1.21 (HKLM-x32\...\@icon sushi_is1) (Version:  - towofu's SOFT)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32891 - BitTorrent Inc.)
1st Clock Pro 5.0 (Full) (HKLM-x32\...\1st Clock_is1) (Version: 5.0 - Green Parrots Software)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 11.0.110.121 Professional Edition Final (Activated) Full (HKLM-x32\...\ABBYY FineReader 11.0.110.121 Professional Edition Final (Activated) Full) (Version: (Activated) Full - S.P.D.)
ABBYY Screenshot Reader (HKLM-x32\...\{F9000000-0015-0000-0000-074957833700}) (Version: 9.010.226.5988 - ABBYY)
Aces High (remove only) (HKLM-x32\...\Aces High) (Version: Version 2.32 Patch 2 - Hitech Creations, Inc.)
ac'tivAid (HKLM-x32\...\ac'tivAid) (Version: 1.3.1 - Heise Zeitschriften Verlag GmbH & Co. KG)
Ad Muncher v4.93.33707 (HKLM-x32\...\Ad Muncher) (Version:  - )
Adguard (HKLM-x32\...\{3da5479b-f99f-42ad-bbe0-aea1530ab9ac}) (Version: 5.10.1084.5545 - Insoft LLC)
Adguard (x32 Version: 5.10.1159.5967 - Insoft LLC) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agent Ransack x64 (HKLM\...\{D7DDA334-FF1D-4A04-B056-22AB301026C8}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Aiseesoft Total Video Converter Platinum 7.1.28 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 7.1.28 - Aiseesoft Studio)
AJC Active Backup v2.1.0.4 (HKLM-x32\...\AJC Active Backup_is1) (Version: 2.1.0.4 - AJC Software)
AJC Revision Archive v2.0.8.12 (HKLM-x32\...\AJC Revision Archive_is1) (Version:  - AJC Software)
AJS Open File Manager (HKLM\...\AJS Open File Manager) (Version:  - AJSystems.com Inc.)
Alcohol 120% (HKLM-x32\...\Alcohol 120%) (Version:  - Alcohol Soft Development Team)
ALShow 2.01 (HKLM-x32\...\ALShow_is1) (Version: v2.01 - ESTsoft Corp.)
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4.28.1 - ESTsoft Corp.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 1.1.1 - philandro Software GmbH)
ASUS Xonar D1 Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Auction Sentry (HKLM-x32\...\{730AF0A6-E338-4B79-B926-95B8B41256A5}) (Version: 4.1.15 - Auction Sentry)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2005941486.48.56.6294762 - Audible, Inc.)
AutoHotkey 1.0.47.06 (HKLM-x32\...\AutoHotkey) (Version: 1.0.47.06 - Chris Mallett)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - PopCap Games)
Blue Ridge Networks AppGuard (HKLM-x32\...\{B18537F1-B130-4C4B-A606-01128D45907E}) (Version: 4.1.45.1 - Blue Ridge Networks)
BurnAware Professional 6.9.4 (HKLM-x32\...\BurnAware Professional_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Chameleon Startup Manager version 4.0.0.872 (HKLM-x32\...\{96C45BE0-C1AA-41B3-B161-F331DBC29B84-startup}}_is1) (Version: 4.0.0.872 - NeoSoft Tools)
Chameleon Task Manager version 4.0.0.744 (HKLM-x32\...\{96C45BE0-C1AA-41B3-B161-F331DBC29B84-task}}_is1) (Version: 4.0.0.744 - NeoSoft Tools)
Chameleon Window Manager version 2.2.0.402 (HKLM-x32\...\{96C45BE0-C1AA-41B3-B161-F331DBC29B84-window}}_is1) (Version: 2.2.0.402 - NeoSoft Tools)
ChrisPC DNS Switch 1.20 (HKLM-x32\...\{ECE17478-56C5-4280-AB67-AC2C2CAFA30F}_is1) (Version:  - Chris P.C. srl)
ClipCache Pro 3.5.3 (HKLM\...\ClipCache_is1) (Version:  - XRayz Software)
CloseAll (HKLM-x32\...\CloseAll) (Version: 2.0 - NTWind Software)
Daum PotPlayer 1.6.47995 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )
Dupli Find 6.16 (HKLM-x32\...\Dupli Find_is1) (Version:  - RL Vision)
DVDFab 9.1.5.9 (24/07/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
FastStone Capture 7.9 (HKLM-x32\...\FastStone Capture) (Version: 7.9 - FastStone Soft)
Flashnote 4.5 (HKLM-x32\...\Flashnote) (Version: 4.5 - Tiushkov Nikolay)
Forté Agent (HKLM-x32\...\{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}) (Version: 7.20.1218 - Forté Internet Software, Inc.)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.56.5183 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GTText (HKLM-x32\...\{C8187D08-DC8E-4382-9AEB-00F311C119F9}) (Version: 1.4.5 - SoftOCR)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstantRecovery (HKLM-x32\...\{54ADC836-5F99-43DD-9B7D-C7B90DE883CC}) (Version: 2.1.0.306 - Raxco Software, Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jumbo Timer 2.3 (HKLM-x32\...\Jumbo Timer_is1) (Version:  - Johannes Wallroth)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.2.0.1 - Karen Kenworthy)
Linkman Pro (HKLM-x32\...\Linkman) (Version: 8.93 - Outertech)
LinkStash 3.5.1 (HKLM-x32\...\LinkStash_is1) (Version:  - John Williams / XRayz Software)
Listary version 4.20 (HKLM\...\Listary_is1) (Version: 4.20 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
MailWasherPro (HKLM-x32\...\{4622F96A-780B-48B8-8304-1CD8A40043E8}) (Version: 7.3.0 - Firetrust)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 4.0.63 (HKLM-x32\...\ManyCam) (Version: 4.0.63 - Visicom Media Inc.)
MediaInfo 0.7.70 (HKLM\...\MediaInfo) (Version: 0.7.70 - MediaArea.net)
MediaPlayerLite 0.5.1.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.1.0 - MediaPlayerLite)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Moffsoft Calculator 2 (HKLM-x32\...\MoffCalc2_is1) (Version: 2.1.1 - Moffsoft)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC)
Notation (HKLM\...\{DE19E597-E2E9-4F3B-B70B-3E7B7D4CD60A}_is1) (Version: 1.1.5273.33386 - Alison Robson) <==== ATTENTION
NoteZilla 7.0 (HKLM-x32\...\NoteZilla_is1) (Version:  - Conceptworld Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
OutBack Plus 8.0 (HKLM-x32\...\OBP8_is1) (Version: 8.0 - AJSystems.com Inc.)
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
Personal Renamer (HKLM-x32\...\{D29BA5EE-70F9-475E-9B32-A1091716E271}) (Version: 3.0 - Balisteor)
PFConfig 1.0.296 (HKLM-x32\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFConfig Support Tool 1.0.26 (HKLM-x32\...\PFConfig Support Tool) (Version: 1.0.26 - Portforward.com)
PFRouterScreenshotGrabber 1.0.100 (HKLM-x32\...\PFRouterScreenshotGrabber) (Version: 1.0.100 - Portforward.com)
PhotoDateChanger 1.03 (HKLM\...\Photo Date Changer_is1) (Version:  - publicspace.net)
PhraseExpress v8.0.154 (HKLM-x32\...\PhraseExpress_is1) (Version: 8.0.154 - Bartels Media)
POP Peeper (HKLM-x32\...\POP Peeper) (Version:  - Esumsoft)
PowerArchiver 2013 (HKLM-x32\...\PowerArchiver 2013 14.02.05) (Version: 14.02.05 - ConeXware, Inc.)
PowerArchiver 2013 (x32 Version: 14.02.05 - ConeXware, Inc.) Hidden
PySort (HKLM-x32\...\PySort0.5b) (Version: 0.5b - )
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Registry Workshop (HKLM\...\Registry Workshop) (Version:  - )
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Sandboxie 4.13.1 (64-bit) (HKLM\...\Sandboxie) (Version: 4.13.1 - Sandboxie Holdings, LLC)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Screenpresso (HKCU\...\Screenpresso) (Version: 1.5.0.0 - Learnpulse)
Shareaza 2.6.0.0 (HKLM\...\Shareaza_is1) (Version: 2.6.0.0 - Shareaza Development Team)
Sharp World Clock 6.32 (HKLM-x32\...\Sharp World Clock_is1) (Version:  - Johannes Wallroth)
SiSoftware Sandra Business 2012.SP4c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.53.2012.6 - SiSoftware)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{1FB78CB6-F4EA-474F-8B0B-100EFACF3558}) (Version: 11.4.0 - TechSmith Corporation)
Stardock Central (HKCU\...\Stardock Central) (Version:  - Stardock Corporation)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.13 - Stardock Software, Inc.)
StorageCraft ImageManager (HKLM-x32\...\{252e1599-df2c-407f-8cf9-29119e5d7d21}) (Version: 6.5.4 - StorageCraft Technology Corporation)
StorageCraft ImageManager (Version: 6.5.4 - StorageCraft Technology Corporation) Hidden
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 5.2.0.36537 - StorageCraft Technology Corporation (STC))
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
Symantec Workspace Virtualization Agent (HKLM\...\{82D3CBDF-E1E4-4BBF-8FDE-370D2582DED5}) (Version: 7.5.749 - Symantec)
SyncBackSE (HKLM-x32\...\SyncBackSE_is1) (Version: 6.5.48.0 - 2BrightSparks)
System Explorer 5.9.3 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TEBookConverter version 1.5 (HKLM-x32\...\{D4DB8BAA-EB6B-443D-AD5F-BE80D90ED6F4}_is1) (Version: 1.5 - ozok)
textBEAST Pro Clipboard Manager 3.6 (HKLM-x32\...\textBEAST Pro Clipboard Manager_is1) (Version:  - )
Time Zone Master - Relative Data, Inc. (HKCU\...\Time Zone Master) (Version:  - )
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
TreeSize Professional V5.5.5 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.5.5 - JAM Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 6.6.5 beta - Tordex)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VueMinder Ultimate (HKLM-x32\...\{BFF81F05-5E78-492C-8C80-3D474ED0031A}) (Version: 11.2.3410 - VueSoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Backup Tool (HKLM-x32\...\Winamp Backup Tool) (Version: 2.0.0.1610  - Christoph Grether)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.1.2.0 - BiniSoft.org)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wise Auto Shutdown 1.41 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.41 - WiseCleaner.com, Inc.)
Wise Plugin Manager 1.01 (HKLM-x32\...\Wise Plugin Manager_is1) (Version: 1.01 - WiseCleaner.com, Inc.)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
xplorer² Ultimate 64 bit (HKLM\...\xplorer2p64_u) (Version: 2.5.0.2 - Zabkat)
YoWindow (HKLM-x32\...\yowindow) (Version: 3 - RepkaSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-268722735-3582909054-3627616657-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lewlew\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-268722735-3582909054-3627616657-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lewlew\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-268722735-3582909054-3627616657-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lewlew\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-268722735-3582909054-3627616657-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lewlew\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-268722735-3582909054-3627616657-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lewlew\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-09-2014 21:53:24 OTL Restore Point - 9/5/2014 2:53:24 PM
07-09-2014 04:28:52 Installed Java 7 Update 67
07-09-2014 04:32:31 Installed Java 7 Update 67 (64-bit)
07-09-2014 04:34:07 Removed Java 7 Update 67
07-09-2014 04:35:35 Installed Java 7 Update 67
07-09-2014 07:21:02 Windows Update
08-09-2014 04:30:17 Installed Symantec Workspace Virtualization Agent

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-07-21 12:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A6A0D8F-5AA8-4F90-92C7-F3FD7D3F37D8} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE ShadowProtect Incrementals D to E => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)
Task: {3C31DF9A-60CE-43F5-A20F-1C03854388DA} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE ShadowProtect Full Images D to E => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)
Task: {4273CD76-D4C7-4AC3-B078-A00FA62DCD42} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Lewlew => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2014-03-06] (H.D.S. Hungary)
Task: {457DA8D4-67A8-42F2-B493-2ED7B2696D1E} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {45AADDAF-6103-4996-B18C-95A42D83602A} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE OutBackPlus => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)
Task: {539F0999-A18F-49EB-9D3F-C3CE66C83499} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE Downloads1 D to E => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)
Task: {74AB1569-B8CD-4222-BBCA-F82F96DA3190} - System32\Tasks\OBP8_T001_BackupJob_BrowsersDocumentsPlus => c:\program files (x86)\obp8\obp8.exe [2013-07-09] (AJSystems.com Inc.)
Task: {75F814F0-2181-4C79-9385-4597C8A41100} - System32\Tasks\Wise Auto Shutdown Task => c:\program files (x86)\wise\wise auto shutdown\wiseautoshutdown.exe [2014-07-16] (WiseCleaner.COM)
Task: {82454A2D-D71B-4DA7-BA4A-345D565B381A} - System32\Tasks\OBP8_T002_BackupJob_OutBack Plus SETTINGS ONLY => c:\program files (x86)\obp8\obp8.exe [2013-07-09] (AJSystems.com Inc.)
Task: {A2FC3166-2EC3-48BC-A6EB-151027614C1A} - System32\Tasks\{6B24A444-A82A-4F51-AF18-64D7580D6BEB} => Firefox.exe http://www.skype.com...LastError=12029
Task: {A7288528-52D5-4344-B2F4-5A108FB9933F} - System32\Tasks\OBP8_T003_BackupJob_OUTLOOK ONLY => c:\program files (x86)\obp8\obp8.exe [2013-07-09] (AJSystems.com Inc.)
Task: {B0604829-FB39-4DF0-88FA-65A7C478B2CF} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE Whats Left of D to E => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)
Task: {E4EA20D2-FA96-4379-9500-079D6C4292E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {F7D4A0CE-BDF4-4A3F-B669-EFC24175069D} - System32\Tasks\2BrightSparks\SyncBack\Blackhole-Lewlew\SyncBackSE Documents C => c:\program files (x86)\2brightsparks\syncbackse\syncbackse.exe [2014-08-29] (2BrightSparks Pte Ltd)

==================== Loaded Modules (whitelisted) =============

2010-11-08 14:04 - 2010-11-08 14:04 - 00036352 _____ () C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
2014-05-03 23:10 - 2014-05-03 23:10 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 21:44 - 2010-07-14 21:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-01-06 17:22 - 2014-01-06 17:22 - 02379776 _____ () C:\Program Files (x86)\PowerArchiver\PASHLEXT64.DLL
2014-08-20 03:46 - 2014-08-05 18:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2012-08-04 16:54 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-08-04 16:54 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-11-24 10:44 - 2013-11-24 10:44 - 04779008 _____ () C:\Program Files (x86)\FlashNote\Flashnote.exe
2014-04-06 00:28 - 2014-04-03 15:27 - 00256752 _____ () C:\Program Files\Listary\ListaryService.exe
2014-03-03 19:29 - 2014-04-03 15:27 - 00087280 _____ () C:\Program Files\Listary\ListaryHelper64.exe
2013-12-06 00:56 - 2013-12-06 00:56 - 00245248 _____ () C:\Program Files (x86)\ac'tivAid\AutoHotkey\AutoHotkey.exe
2014-03-13 19:25 - 2014-03-13 19:25 - 01230568 _____ () C:\Program Files (x86)\Adguard\ProtocolFilters.DLL
2014-03-13 19:25 - 2014-03-13 19:25 - 00104168 _____ () C:\Program Files (x86)\Adguard\nfapi.DLL
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-03-03 15:07 - 2013-05-20 22:32 - 00581480 ____N () C:\Program Files (x86)\WordWeb\wwextdb.dll
2011-10-31 09:14 - 2011-10-31 09:14 - 00559244 _____ () C:\Program Files (x86)\FlashNote\sqlite3.dll
2014-03-02 17:39 - 2009-10-22 13:00 - 00480768 _____ () C:\Program Files (x86)\AJC Software\AJC Active Backup\NetSupport.dll
2014-03-03 19:29 - 2014-01-27 19:20 - 00147968 _____ () C:\Program Files\Listary\CrashRpt1402.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2014-03-02 18:45 - 2013-02-07 12:45 - 00030208 _____ () C:\Program Files (x86)\Microsoft Office\Office12\KeepOutlookRunning.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-06-19 14:10 - 2014-09-08 07:03 - 00751680 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-05-01 16:33 - 2014-05-01 16:33 - 01018368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\protobuf-net\cd3e8abc649e23c3bca02836a0512cbb\protobuf-net.ni.dll
2012-08-06 00:53 - 2005-03-05 18:32 - 00037376 _____ () C:\program files (x86)\conceptworld\notezilla\zlib.dll
2012-08-06 00:53 - 2006-08-12 10:54 - 00349147 _____ () C:\program files (x86)\conceptworld\notezilla\sqlite3.dll
2014-08-08 19:17 - 2014-07-16 22:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-07 18:49 - 2013-06-07 18:49 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPBridgeDLL.dll
2013-06-07 18:49 - 2013-06-07 18:49 - 04642816 _____ () C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
2011-04-26 17:37 - 2011-04-26 17:37 - 00061952 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTBridge.dll
2011-04-26 17:37 - 2011-04-26 17:37 - 00272384 _____ () C:\Program Files (x86)\Firetrust\MailWasher\FTClientNode.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5095D8B1
AlternateDataStreams: C:\ProgramData\TEMP:A8971B32
AlternateDataStreams: C:\ProgramData\TEMP:E2874B02
AlternateDataStreams: C:\ProgramData\TEMP:ED3F622D
AlternateDataStreams: C:\Users\Lewlew\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\Lewlew\ntuser.ini:l_encryption_d
AlternateDataStreams: C:\Users\Lewlew\ntuser.ini:l_encryption_e

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Lewlew^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 01:47:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: Blackhole)
Description: Product: InstantRecovery -- Error 1706. An installation package for the product InstantRecovery cannot be found. Try the installation again using a valid copy of the installation package 'InstantRecovery.msi'.

Error: (09/08/2014 01:30:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: Blackhole)
Description: Product: InstantRecovery -- Error 1706. An installation package for the product InstantRecovery cannot be found. Try the installation again using a valid copy of the installation package 'InstantRecovery.msi'.

Error: (09/08/2014 01:29:39 AM) (Source: MsiInstaller) (EventID: 11706) (User: Blackhole)
Description: Product: InstantRecovery -- Error 1706. An installation package for the product InstantRecovery cannot be found. Try the installation again using a valid copy of the installation package 'InstantRecovery.msi'.

Error: (09/08/2014 01:29:27 AM) (Source: MsiInstaller) (EventID: 11706) (User: Blackhole)
Description: Product: InstantRecovery -- Error 1706. An installation package for the product InstantRecovery cannot be found. Try the installation again using a valid copy of the installation package 'InstantRecovery.msi'.

Error: (09/08/2014 01:19:11 AM) (Source: ISRService) (EventID: 0) (User: )
Description: ISRService error: 1063StartServiceCtrlDispatcher failed.

Error: (09/07/2014 04:48:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 12.0.6691.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20c0

Start Time: 01cfcaf633a78cff

Termination Time: 16

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

Report Id: 83f8eb3c-36e9-11e4-ba01-001fbc00e28f

Error: (09/07/2014 00:41:26 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (09/05/2014 02:28:38 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007041d).

Error: (09/05/2014 02:28:38 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007041d.

Error: (09/05/2014 02:28:23 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007041d).


System errors:
=============
Error: (09/08/2014 07:02:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%2

Error: (09/07/2014 10:10:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%2

Error: (09/07/2014 00:56:58 AM) (Source: LsaSrv) (EventID: 6033) (User: NT AUTHORITY)
Description: An anonymous session connected from BLACKHOLE has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
 The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
 This message will be logged at most once a day.

Error: (09/07/2014 00:41:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/07/2014 00:41:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/05/2014 02:29:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/05/2014 02:29:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/05/2014 02:29:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/05/2014 02:29:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/05/2014 02:29:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 47%
Total physical RAM: 6135.18 MB
Available physical RAM: 3251.21 MB
Total Pagefile: 12268.54 MB
Available Pagefile: 8133.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.17 GB) (Free:471.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Secondary) (Fixed) (Total:931.51 GB) (Free:253.7 GB) NTFS
Drive e: (Tertiary ) (Fixed) (Total:931.51 GB) (Free:250.94 GB) NTFS
Drive j: () (Removable) (Total:14.89 GB) (Free:10.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B73E643F)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 5365273D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 38722AFD)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 14.9 GB) (Disk ID: 0288D511)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================


Lew/+Silat
Oregon

#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 09 September 2014 - 02:12 PM

No.  No need to rerun combofix at this time.  I would just like to know what it removed.  Please look for a file called ComboFix.txt.  (You may need to look in a folder called QooBox.)  Please post the contents of that file.

 

Then:

 

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.



In your next reply, post the following log files:

  • ComboFix.txt
  • Junkware Removal Tool log
  • AdwCleaner log

 

 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 05:59 PM

Sorry but the ComboFix report is long gone.

But I do remember it found my Kensington trackball drivers and deleted them:) I reinstalled.

JRT uninstalled some Firefox addons I have used for years.

Not sure what Adw took:)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Lewlew on Tue 09/09/2014 at 15:59:45.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\manager_task_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\manager_task_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\manager_task_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\manager_task_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Users\Lewlew\AppData\Roaming\mozilla\firefox\profiles\qnjdqehn.default\extensions\DragUrLink@mozilla.org.xpi [Tracur]
Successfully deleted the following from C:\Users\Lewlew\AppData\Roaming\mozilla\firefox\profiles\qnjdqehn.default\prefs.js

user_pref("extensions.fastestsearch.ask4name", true);
user_pref("extensions.fastestsearch.searchbg", false);
user_pref("extensions.fastestsearch.searchnewtab", true);
Emptied folder: C:\Users\Lewlew\AppData\Roaming\mozilla\firefox\profiles\qnjdqehn.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/09/2014 at 16:37:18.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Lew/+Silat
Oregon

#8 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 06:00 PM

# AdwCleaner v3.309 - Report created 09/09/2014 at 14:09:23
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lewlew - BLACKHOLE
# Running from : C:\Users\Lewlew\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Browser
Folder Found : C:\Program Files (x86)\GamesBar
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files\Notation
Folder Found : C:\Users\Lewlew\AppData\Local\PackageAware
Folder Found : C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\isreaditlater@ideashower.com
Folder Found : C:\Users\Lewlew\AppData\Roaming\Notation

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\prefs.js ]


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Found [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh

*************************

AdwCleaner[R0].txt - [2789 octets] - [09/09/2014 14:09:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2849 octets] ##########
 


Lew/+Silat
Oregon

#9 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 06:00 PM

# AdwCleaner v3.309 - Report created 09/09/2014 at 14:25:06
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lewlew - BLACKHOLE
# Running from : C:\Users\Lewlew\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Browser
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[x] Not Deleted : C:\Program Files\Notation
Folder Deleted : C:\Users\Lewlew\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Lewlew\AppData\Roaming\Notation MY NOTE: A notetaking app.

[x] Not Deleted : C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\Extensions\isreaditlater@ideashower.com  MY NOTE:This is "Pocket" a reputable addon for FF.

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\robotaskbaricon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Lewlew\AppData\Roaming\Mozilla\Firefox\Profiles\qnjdqehn.default\prefs.js ]


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Lewlew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh

*************************

AdwCleaner[R0].txt - [2937 octets] - [09/09/2014 14:09:23]
AdwCleaner[S0].txt - [2870 octets] - [09/09/2014 14:25:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2930 octets] ##########
 


Lew/+Silat
Oregon

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 09 September 2014 - 07:07 PM

It looks like JRT removed Tracur.  Info about it can be found here:  http://www.microsoft...32/Tracur#tab=1

 

This may be the bot that comcast saw.

 

Looks like AdwCleaner removed sweetpacks.  It is adware and can redirect searches. http://www.bleepingc...etpacks-toolbar

It also removed Greentree which is also adware and a search redirector. http://www.avgthreat...info/greentree/

and it removed the ask toolbar... which redirects and is considered adware.

 

The notation folder found is new to me.  I have no idea what it was seeing there.

 

Let's run one more scan... and it takes quite awhile to run:

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove


#11 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 09 September 2014 - 10:10 PM

Notation is a note taking app. http://getnotation.com/

 

Well I can vouch for everything that ESET found.

ESET:

C:\Program Files (x86)\hfs\hfs.exe    a variant of Win32/Server-Web.HFS.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\astlog.exe    Win32/PSWTool.AsteriskLogger.104 potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\awatch.exe    a variant of Win32/AdapterWatch.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\bulletspassview.exe    a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\chromepass.exe    Win32/PSWTool.ChromePass.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\dialupass.exe    a variant of Win32/PSWTool.Dialupass.F potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\iepv.exe    Win32/PSWTool.IEPassView.NAE potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\lsasecretsdump.exe    Win32/PSWTool.LsaSecretsDump.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\lsasecretsview.exe    Win32/PSWTool.LsasView potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\mailpv.exe    Win32/PSWTool.MailPassView.E potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\mspass.exe    Win32/MPass.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\netpass.exe    a variant of Win32/NetPass.AA potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\operapassview.exe    Win32/PSWTool.OperaPassView potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\outlookaddressbookview.exe    a variant of Win32/OutlookAddressBookView.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\passwordfox.exe    Win32/PSWTool.PassFox.D potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\passwordscan.exe    a variant of Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\produkey.exe    a variant of Win32/PSWTool.ProductKey potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\pstpassword.exe    Win32/PSWTool.PstPassword.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\rdpv.exe    Win32/PSWTool.RDPassView.NAA potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\routerpassview.exe    a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\skypelogview.exe    a variant of Win32/SkypeLogView.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\smsniff.exe    a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\sniffpass.exe    a variant of Win32/Sniffer.SniffPass.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\vncpassview.exe    Win32/PSWTool.VNCPassView.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\webbrowserpassview.exe    Win32/PSWTool.WebBrowserPassView.B potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\wirelesskeyview.exe    a variant of Win32/WirelessKeyView.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\wirelessnetview.exe    probably a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application
C:\Program Files (x86)\NirLauncher\NirSoft\x64\wirelesskeyview.exe    a variant of Win64/WirelessKeyView.B potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\anup.exe    Win32/PSWTool.LsaDump.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\astlog.exe    Win32/PSWTool.AsteriskLogger.104 potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\awatch.exe    a variant of Win32/AdapterWatch.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\ChromePass.exe    Win32/PSWTool.ChromePass.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\Dialupass.exe    a variant of Win32/PSWTool.Dialupass.F potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\iepv.exe    Win32/PSWTool.IEPassView.NAE potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\mailpv.exe    a variant of Win32/PSWTool.MailPassView.E potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\mspass.exe    Win32/MPass.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\OperaPassView.exe    Win32/PSWTool.OperaPassView potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\PasswordFox.exe    Win32/PSWTool.PassFox.D potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\PasswordScan.exe    a variant of Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\pspv.exe    Win32/PassView.163 potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\PstPassword.exe    Win32/PSWTool.PstPassword.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\rdpv.exe    Win32/PSWTool.RDPassView.NAA potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\RouterPassView.exe    a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\SkypeLogView.exe    a variant of Win32/SkypeLogView.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\strun.exe    Win32/StartupRun.AB potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\VNCPassView.exe    a variant of Win32/PSWTool.VNCPassView.A potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\WebBrowserPassView.exe    a variant of Win32/PSWTool.WebBrowserPassView.B potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\WirelessKeyView.exe    a variant of Win64/WirelessKeyView.B potentially unsafe application
C:\Program Files (x86)\WSCC Portable\NirSoft Utilities\WirelessNetView.exe    probably a variant of Win32/PSWTool.WirelessNetView.A potentially unsafe application
C:\Users\Lewlew\Desktop\Desktop TEMP\MINING BITCOINS ETC\litecoin-0.8.6.2-win32-setup.exe    a variant of Win32/BitCoinMiner.BJ potentially unsafe application

 


Lew/+Silat
Oregon

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 10 September 2014 - 12:24 AM

What I meant was is I don't know what problem was thought to be detected with notation.

Nothing found by ESET is actual malware - at least if you purposefully installed it yourself. They are just risky programs... and very concerning if you didn't install them yourself.

How are things running?
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 10 September 2014 - 12:40 AM

Those "risky" programs are not risky in any way:) They are very famous. You should look into them. System Internals now part of Microsoft. http://technet.micro...s/bb545021.aspx

 

Is there any cleanup other than the obvious that I need to do?

 

Weirdly enough my machine is running just the same as it was before all this. It is running great:)

 

But I have not received my daily letter from Comcast saying I have multiple bots. So as long as Comcast is happy, then we can all be happy. SNARK

 

Many years ago I attended the school here so I know what you guys and gals put up with.

So thanks so much for your time and help. It is very much appreciated.

 

Thanks again.


Lew/+Silat
Oregon

#14 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,357 posts

Posted 10 September 2014 - 08:52 AM

They are only "risky" in that they can be used for nefarious purposes.  Therefore the concern goes away when installed by the owner of the machine.

 

I would have hoped you might have noticed a small boost in responsiveness with the removal of Tracur, Sweetpacks, and ASK... but the good thing is we didn't make a smooth running system laggy. :thumbup:

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved.  :thumbup:
 

P.S.  What part of Oregon are you from?  With Comcast it must be the valley so I'm assuming Portland area?  I'm in Central Oregon.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#15 silat

silat

    Authentic Member

  • Authentic Member
  • PipPip
  • 48 posts

Posted 10 September 2014 - 01:59 PM

Thanks again for the time and effort you gave me. It is very much appreciated.

Mark this case, resolved:)


Lew/+Silat
Oregon

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users