Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Son's laptop slow, browser hangs, D/Ls sporadic or fail.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 11th, 2014, 7:06 pm

I got as far as backing up the Registry and creating fixlist.txt, but apparently I no longer have a Frst64.exe. I believe I uninstalled Frostwire when I uninstalled bittorrent.

PLEASE DISREGARD, I GOT CONFUSED THERE FOR A MINUTE. :(
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am
Advertisement
Register to Remove

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 11th, 2014, 10:57 pm

Other than confusing FRST with FROST at first, there were no problems executing programs or obtaining the logs. I am a little confused as to why so much came up on Mozilla Firefox, which I rarely use. My default browser is Chrome and I never use IE intentionally. Also I saw one of the searches was for Iobit, I used to have there advanced system care installed, are they bad?

Thanks, Ed

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by owner at 2014-09-11 22:34:49 Run:1
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1} [2014-09-05]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493} [2014-09-05]
C:\Users\owner\.frostwire5
C:\Users\owner\FrostWire
C:\Users\owner\AppData\Roaming\uTorrent
C:\Users\owner\AppData\Roaming\BitTorrent
AlternateDataStreams: C:\Users\owner\Documents\addresses.eml:OECustomProperty
*****************

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1} => Moved successfully.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493} => Moved successfully.
C:\Users\owner\.frostwire5 => Moved successfully.
C:\Users\owner\FrostWire => Moved successfully.
C:\Users\owner\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\owner\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\owner\Documents\addresses.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 11th, 2014, 10:59 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 22:37 on 11/09/2014 by owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}\chrome\skin\classic\images\babylon.png --a---- 1220 bytes [20:05 30/08/2014] [18:46 16/09/2009] F6899F1996E9B930E87042905CCD23BC
C:\Users\owner\Music\Bob Marley & The Wailers\Survival [Bonus Track]\04 Babylon System.mp3 --a---- 5524409 bytes [17:35 30/08/2014] [21:45 29/07/2012] 6A5517F399435B0699270D92EA256370
C:\Users\owner\Music\Downloads\Jean-Luc Ponty\Imaginary Voyage\The Gardens Of Babylon.mp3 --a---- 9836672 bytes [17:39 30/08/2014] [18:02 14/12/2008] 2421909AFE68BB1B3A14FE6C4ECD682E
C:\Users\owner\Music\iTunes\iTunes Media\Music\Cracker\The Golden Age\07 Dixie Babylon.m4a --a---- 15243181 bytes [17:50 30/08/2014] [23:33 25/12/2012] 63E1CFD98421DC43E6964C3EF6F7696C
C:\Users\owner\Music\My Music\Cracker\The Golden Age\07 Dixie Babylon.wma --a---- 6925973 bytes [20:10 30/08/2014] [19:09 25/12/2010] 345F6D11AE9E209DCA2DCC4086DDE935
C:\Users\owner\Music\My Music\Downloads\Jean-Luc Ponty\Imaginary Voyage\The Gardens Of Babylon.mp3 --a---- 9836672 bytes [20:11 30/08/2014] [18:02 14/12/2008] 2421909AFE68BB1B3A14FE6C4ECD682E
C:\Users\owner\Music\My Music\Johnny Clegg & Savuka\Heat, Dust and Dreams\09 Foreign Nights (Working Dog in Babylon).wma --a---- 4230853 bytes [20:15 30/08/2014] [19:19 25/12/2010] 01BA2C72DFC3E201FDFEB790A7745B5B

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1500748_1496227_US.xml.vir --a---- 188 bytes [15:27 30/08/2014] [19:41 23/05/2013] 21FC0D0C80C7C796B8CDEF0C7F99D3F3
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml.vir --a---- 10909 bytes [20:04 30/08/2014] [03:27 07/04/2011] 1B3B574AA349758343D3C80787B9739E
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\chrome\conduitengine.jar.vir --a---- 729935 bytes [20:05 30/08/2014] [19:30 13/03/2011] 4A2D55615F60C3A00E03ECFD39224EC5
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js.vir --a---- 16435 bytes [20:05 30/08/2014] [19:30 13/03/2011] FA0D9E1396C227B8697E41996A95912B
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt.vir --a---- 166 bytes [20:05 30/08/2014] [19:30 13/03/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.idl.vir --a---- 152 bytes [20:05 30/08/2014] [19:30 13/03/2011] 33D4D4337895FCA507DF937B5980D41A
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.js.vir --a---- 2389 bytes [20:05 30/08/2014] [19:30 13/03/2011] 6A2C72DF1348F39C0CE44E1B8C10F5CE
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.xpt.vir --a---- 140 bytes [20:05 30/08/2014] [19:30 13/03/2011] DFFE26916941DE0A33E503FD38008290
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.gif.vir --a---- 173 bytes [20:05 30/08/2014] [19:30 13/03/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.ico.vir --a---- 1406 bytes [20:05 30/08/2014] [19:30 13/03/2011] A23164BA794BE61799C67423F56C9163
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.PNG.vir --a---- 255 bytes [20:05 30/08/2014] [19:30 13/03/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.src.vir --a---- 328 bytes [20:05 30/08/2014] [19:30 13/03/2011] 43317CC423A502C077AD68F838249117
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.xml.vir --a---- 913 bytes [20:05 30/08/2014] [19:30 13/03/2011] 4E45A93B99F44F41EADFB167FB85FB02
C:\Users\owner\AppData\LocalLow\Siber Systems\RoboForm\UserData\(Conduit).rfb --a---- 231 bytes [17:23 30/08/2014] [18:35 20/05/2012] F18D7BB7EB1FC140F6D01D8ACDA8A9C7
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@apps.conduit[2].txt --a---- 344 bytes [20:05 30/08/2014] [01:28 05/04/2011] 6D6898417F138E3328B3291BEDAE4EAE
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@search.conduit[1].txt --a---- 272 bytes [20:05 30/08/2014] [01:28 05/04/2011] CB3D583D16E44A7CAB69220660626C58
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\specialed@search.conduit[1].txt --a---- 272 bytes [20:05 30/08/2014] [03:27 07/04/2011] 2D0F58941C2FB048F17FA68541A57280
C:\Users\owner\Documents\My RoboForm Data\Default Profile\(Conduit).rfb --a---- 231 bytes [17:23 30/08/2014] [18:35 20/05/2012] F18D7BB7EB1FC140F6D01D8ACDA8A9C7

Searching for "*datamngr*"
C:\Users\owner\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [15:42 08/09/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*searchab*"
C:\Users\owner\Favorites\BBQ\New database BBQ Team Names searchable,verified.URL --a---- 128 bytes [20:07 30/08/2014] [20:13 05/01/2011] FEE6D6423A987C913253478D67E180F0

Searching for "*frostwire*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5\frostwire.props --a---- 934 bytes [18:18 02/09/2014] [18:21 02/09/2014] 38E6386ECD080A96B5CA55237DE3671B
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe --a---- 24084000 bytes [18:18 02/09/2014] [18:19 02/09/2014] C85DBEDE673A0F3700141932A66619FA
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\Users\owner\NTUSER.DAT.iobit --a---- 10317824 bytes [15:21 30/08/2014] [18:18 25/07/2014] 3187D54024B1596ED9E0A87D30FAF676
C:\Users\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 12627968 bytes [15:24 30/08/2014] [18:18 25/07/2014] 4F36037CF99291C732B5571903FDC5A8
C:\Users\owner\Favorites\IObit Freeware.url --a---- 136 bytes [15:28 30/08/2014] [19:43 23/05/2013] 023A41F6A34847F5F85AD1EB7B76E18F

Searching for "*Iminent*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
C:\Users\owner\Music\Amazon MP3\David Bowie\The Rise and Fall of Ziggy Stardust and the Spiders from Mars (40th Anniversary Edition) [Remastered] (Remastered)\04 - Starman(1).mp3 --a---- 7862471 bytes [17:26 30/08/2014] [17:03 26/07/2012] 3986966697E75A9FA649AB3362A02C69

Searching for "*torrent*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Arthur.[2011].[English].DvDrip.torrent --a---- 14421 bytes [20:04 30/08/2014] [18:40 08/04/2011] B799066FD2297FFF6C4DC3CE629FDD93
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Comedy - Stand-Up - Louis CK (One Night Stand).trg.avi.torrent --a---- 30918 bytes [20:04 30/08/2014] [22:59 02/04/2011] 1D6982E04615F122CFB09AFFE5DAD0A9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Eureka Season 4.0 Complete.torrent --a---- 141977 bytes [20:04 30/08/2014] [13:19 31/03/2011] AACCD76F4CE72682197FB45FB34EE9F2
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Brown 2009 DVDRip.avi.torrent --a---- 28655 bytes [20:04 30/08/2014] [01:07 06/04/2011] F65498D57D834A6D2D7CA227CC9E972D
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter and the Deathly Hallows (2010).torrent --a---- 14796 bytes [20:04 30/08/2014] [01:56 01/04/2011] 29503564829EFF2C35F49D8F1F33BF2B
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter And The Deathly Hallows Part I (DVDRip] 2010 [ENGL)-FUSiON.torrent --a---- 8613 bytes [20:04 30/08/2014] [21:01 06/04/2011] 04B9FEC3A630EFF3AC3DC427AC3D01D4
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter and the Deathly Hallows Part1 2010 BRRip XviD AC3-SANTi.torrent --a---- 12156 bytes [20:04 30/08/2014] [01:53 01/04/2011] EBFFC15876608CA3FEE2358D6FBC458F
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry.Potter.And.The.Deathly.Hallows.Part.1.2010.BRRip.XviD.AC3-KiNGS.torrent --a---- 20468 bytes [20:04 30/08/2014] [18:48 07/04/2011] A3E06A0A18B05DA18FA05032B8B937D7
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\HBO.Presents.Louis.CK.Shameless.HDTV.XviD-Kyr.torrent --a---- 16589 bytes [20:04 30/08/2014] [00:17 03/04/2011] 882CBE1749D4FA5CDA4CA930890DE7B7
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Justified - Season 1.torrent --a---- 25122 bytes [20:04 30/08/2014] [02:36 02/04/2011] A5959B06CD941CA56E40BFC3233CA8D8
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Louis.CK-Chewed.Up(2008)DvdScr[MiNdSkiN]1337x.torrent --a---- 14553 bytes [20:04 30/08/2014] [00:01 03/04/2011] F5D4790C763E54451AC78406371520D4
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Robot Chicken - Season 1.torrent --a---- 22272 bytes [20:04 30/08/2014] [21:20 06/04/2011] A51552B7575D5864B7E3A7D8E855D91A
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory Season 3 [Complete Season] -Cyberpiraten-.torrent --a---- 22449 bytes [20:04 30/08/2014] [23:06 03/04/2011] FFDA3699C5F6C4FD46CFB41AC76A6A82
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory Season 4 Episodes 1 - 11.torrent --a---- 20795 bytes [20:04 30/08/2014] [03:25 31/03/2011] 7232264DAC560C85699216211381342D
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory.torrent --a---- 20417 bytes [20:04 30/08/2014] [23:43 02/04/2011] 229471FA0A35F02645198592FA421DC9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The King's Speech[2010]DVDRip-MXMG.torrent --a---- 14896 bytes [20:04 30/08/2014] [17:02 30/03/2011] F301AA92A0116131099936B0172F4A9C
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The.Big.Bang.Theory.Season.1.torrent --a---- 16903 bytes [20:04 30/08/2014] [15:09 02/04/2011] 9B35CD99B6A6C2CA1C2AC4E38CADFC2C
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Thor (2011) DvDRiP Eng-IMAGiNE.torrent --a---- 32877 bytes [20:04 30/08/2014] [21:14 01/04/2011] 62DE48A2EE7BD5CCB6A993A4C7DA8BDA
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\True Blood Season 3 2010 by vladtepes3176.torrent --a---- 35057 bytes [20:04 30/08/2014] [17:48 30/03/2011] 3EAACEACB46904FD87F06889981B5982
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\True Grit 2010 SCR XViD - IMAGiNE [NO-RAR] - [ www.torrentday.com ].torrent --a---- 112883 bytes [20:04 30/08/2014] [02:49 07/04/2011] 1454F2485964CB45DF06412745AF45AB
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Your.Highness.2011.DVDScr.XviD-DEViSE.torrent --a---- 16924 bytes [20:04 30/08/2014] [18:41 08/04/2011] DBA5E4B4AA456E1323720911623843A9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\[ www.Torrenting.com ] - Source Code 2011 TS XViD - IMAGiNE.torrent --a---- 114236 bytes [20:04 30/08/2014] [03:49 07/04/2011] DB8569F157756ECBC76DD0E30E94E2DB
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_torrentfreak.com_0.localstorage --a---- 40960 bytes [15:24 30/08/2014] [21:57 02/05/2014] BF4CBC1135984F02DF65205422960A59
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_torrentfreak.com_0.localstorage --a---- 40960 bytes [15:24 30/08/2014] [21:21 08/05/2014] ED6FA564A119DA42C05E3A86A9620B16
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.torrentfunk.com_0.localstorage --a---- 70656 bytes [15:24 30/08/2014] [18:06 30/07/2014] ECFBED1970069E3B47F8023D90CC24A3
C:\Users\owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\J3DG36PS\bundles.bittorrent[1].xml --a---- 984 bytes [19:15 31/08/2014] [20:42 05/09/2014] 913A4ECAFD4F6DC3DF7E1E058F1E9C9F
C:\Users\owner\Documents\CoffeeCup Software\Graphics\Icons\Torrent File Type 2.png --a---- 13625 bytes [17:18 30/08/2014] [13:50 14/03/2007] 4E0852D0298B2E6B8EB027D106B7207F
C:\Users\owner\Documents\My eBooks\Beyond Band Of Brothers (385)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:22 30/08/2014] [13:42 23/06/2014] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\Al Stewart\~uTorrentPartFile_E7E250E9.dat --a---- 7382538 bytes [17:25 30/08/2014] [21:37 23/11/2013] DB5DCA7DAA9DEFD2C20932FD5784F874
C:\Users\owner\Music\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:36 30/08/2014] [21:46 30/12/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\h33t - Torrents by [schon55].url --a---- 263 bytes [17:38 30/08/2014] [20:59 26/11/2013] F0A78BAA7509EBD85DA3BF2BF10E9F0E
C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\Scans\Torrent_downloaded_from_Demonoid.com.txt --a---- 47 bytes [17:38 30/08/2014] [20:57 26/11/2013] C347D69B388ABBABAF2F894C4200465C
C:\Users\owner\Music\Glenn Gould\bernstein symphony edition disc 6-10\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:41 30/08/2014] [04:13 27/11/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\Glenn Gould\bernstein_symphony_edition\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:42 30/08/2014] [00:42 27/11/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\Glenn Gould\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:42 30/08/2014] [19:55 18/01/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\Handel Concerti grossi Op6 - Berliner Philharmoniker, Karajan\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [17:43 30/08/2014] [13:20 22/01/2012] C347D69B388ABBABAF2F894C4200465C
C:\Users\owner\Music\iTunes\iTunes Music\Star Wars; The Old Republic; Fatal Alliance (Unabridged)_\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [18:07 30/08/2014] [21:27 21/01/2012] C347D69B388ABBABAF2F894C4200465C
C:\Users\owner\Music\Leonard Cohen\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [18:21 30/08/2014] [15:51 04/05/2013] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Music\LITTLE FEAT - Lowell years (9+2=11cd)\~BitTorrentPartFile_2A4BEDFB.dat --a---- 829744 bytes [18:23 30/08/2014] [22:50 08/12/2011] C830157A95873C0CF36967A470EAE280
C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com]\WWW.ToRReNTaZoS.CoM,Tu Chat Mas Divertido y Los Enlaces Bittorrent Mas Actuales!.url --a---- 164 bytes [18:30 30/08/2014] [23:36 10/11/2012] 06D480AE40BE0F3D1C3E78FA41EDE8F0
C:\Users\owner\Music\Ry Cooder-1970-1992\Ry Cooder. - Crossroads(FLAC)(oan)\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [18:46 30/08/2014] [02:27 11/12/2012] C347D69B388ABBABAF2F894C4200465C
C:\Users\owner\Music\Stevie Wonder - Greatest Hits CDRip [Bubanee]\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [18:48 30/08/2014] [18:46 20/10/2013] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\Users\owner\Videos\The Tracker\The Tracker.torrent --a---- 20307 bytes [19:35 30/08/2014] [14:18 28/10/2012] D1822561D6628EDAF7AEE309E23C3F5B
C:\Users\owner\Videos\The Tracker\The Tracker.torrent.torrent --a---- 404 bytes [19:35 30/08/2014] [16:38 04/04/2013] CB4AA3A3B51C388D275EAB8AF99E9406

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UNFR8DPB\media.mtvnservices.com\video\modules\ads_reporting\ads_reporting.swf\GaMtvSharedObject.sol --a---- 234 bytes [20:05 30/08/2014] [22:46 05/02/2011] 7418B2BEAF9E2AE266F478DDB8336DF5

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Conduit d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\ConduitEngine d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com d------ [15:23 08/09/2014]

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*frostwire*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5 d------ [04:00 01/09/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire d------ [04:00 01/09/2014]
C:\FRST\Quarantine\C\Users\owner\.frostwire5\image_cache\static.frostwire.com d------ [18:18 02/09/2014]

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Local\Ilivid Player d------ [15:23 08/09/2014]

Searching for "*IObit*"
C:\Users\owner\AppData\Local\Temp\iobit-db-license-tmp d------ [15:27 30/08/2014]
C:\Users\owner\AppData\LocalLow\IObit d------ [15:27 30/08/2014]

Searching for "*Iminent*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*torrent*"
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent d------ [20:04 30/08/2014]
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\uTorrent d------ [19:13 31/08/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrent Data d------ [18:17 02/09/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents d------ [18:18 02/09/2014]
C:\Users\owner\AppData\Local\VirtualStore\WINDOWS\SysWOW64\BITS\Torrent d------ [15:27 30/08/2014]
C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UNFR8DPB\www.youtorrent.com d------ [20:05 30/08/2014]
C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtorrent.com d------ [20:05 30/08/2014]
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] d------ [17:37 30/08/2014]
C:\Users\owner\Music\Gregorian - O Fortuna 2010.www.loKoTorrents.com d------ [17:42 30/08/2014]
C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com] d------ [18:30 30/08/2014]
C:\Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com d------ [18:42 30/08/2014]
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] d------ [18:51 30/08/2014]
C:\Users\owner\Music\Amazon MP3\Procol Harum - Secrets Of The Hive (The Best Of) [2007] - Rock.www.lokotorrents.com d------ [17:30 30/08/2014]

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "frostwire"
[HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\FrostWire 5.lnk"="-1|14|418|14|418|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File\DefaultIcon]
@="C:\Program Files (x86)\FrostWire 5\FrostWire.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File\shell\edit\command]
@=""C:\Program Files (x86)\FrostWire 5\FrostWire.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File\shell\open\command]
@=""C:\Program Files (x86)\FrostWire 5\FrostWire.exe" "%1""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9EFFA03-DF88-47A1-986F-90345215EC48}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9EFFA03-DF88-47A1-986F-90345215EC48}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9EFFA03-DF88-47A1-986F-90345215EC48}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\FrostWire 5\FrostWire.exe|Name=FrostWire|"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\FrostWire 5.lnk"="-1|14|418|14|418|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "OpenCandy"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "smartbar"
No data found.

Searching for "Tarma"
No data found.

Searching for "torrent"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"="09/03/2014 11:50 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE"="09/03/2014 11:50 AM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0]
@="{0.0.0.00000000}.{885c9d22-307d-43ce-9e04-ad9729561afc}|\Device\HarddiskVolume2\Users\owner\Downloads\uTorrent.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0]
@="{0.0.0.00000000}.{52ca822b-c7dd-4012-b4e6-6ac8e4fd50ab}|\Device\HarddiskVolume2\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0]
@="{0.0.0.00000000}.{52ca822b-c7dd-4012-b4e6-6ac8e4fd50ab}|\Device\HarddiskVolume2\Users\owner\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FJZDD28nR).exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\µTorrent.lnk"="-1|1762|106|1762|106|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"
[HKEY_CURRENT_USER\Software\uTorrentPlus]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File]
@="Torrent File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File\shell\edit]
@="Edit Torrent File"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"="09/03/2014 11:50 AM"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks]
"C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE"="09/03/2014 11:50 AM"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0]
@="{0.0.0.00000000}.{885c9d22-307d-43ce-9e04-ad9729561afc}|\Device\HarddiskVolume2\Users\owner\Downloads\uTorrent.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0]
@="{0.0.0.00000000}.{52ca822b-c7dd-4012-b4e6-6ac8e4fd50ab}|\Device\HarddiskVolume2\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0]
@="{0.0.0.00000000}.{52ca822b-c7dd-4012-b4e6-6ac8e4fd50ab}|\Device\HarddiskVolume2\Users\owner\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FJZDD28nR).exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\µTorrent.lnk"="-1|1762|106|1762|106|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\uTorrentPlus]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"="µTorrent"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 14th, 2014, 11:25 pm

Hi SpecialEd19

I apologize for the long delay. I would like to change directions due to the Operating System you are using.


Step 1.
ZOAK - Scanner
First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:
  • Make sure the "Scan All Users" button is also selected.
    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"


Step 2.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


What I need back from you:
Post each separately.
  1. Contents of zoek-results.log
  2. Contents of OTL.txt
  3. Contents of Extras.txt
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 12:28 pm

I had some problems running ZOEK. I disabled Kaspersky last night when I d/l ZOEK and this morning when I right-clicked on the Kaspersky icon in my tray the "disable protection" was greyed out so I ran ZOEK as instructed. During the run I started getting messages from Kaspersky so I killed the Kaspersky process via Task Manager. It seemed to stall for a long time then I got a bunch of error messages of files/programs unable to run and the system rebooted itself. When it came back up there was no reference to ZOEK but I inadvertanly discovered two files on my C drive, which I will post below. Also, my Thunderbird email profile was gone and when I opened it, it acted like it was the first time and I needed install my email addresses. I will not run the OTL program until hearing from you.

Thanks,

Ed


Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by owner on Mon 09/15/2014 at 9:28:29.91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\owner\Downloads\zoek (1).exe [Scan all users] [Checkboxes used]

===== Runcheck 9:32:19.73 =====

--- Create Environment Variables 9:32:21.04
--- Create System Restore Point 9:32:28.56
--- Checking Input 9:32:49.47
--- AU AppData Check 9:32:55.75
--- Remove From Windows Installer 9:32:58.19
--- IE Startpage Check 9:34:03.19
--- Program Files DB Check 9:34:47.04
--- C:\Users\Default\AppData\Roaming DB Check 9:35:44.42
--- C:\Users\Default User\AppData\Roaming DB Check 9:35:44.42
--- C:\Users\owner\AppData\Roaming DB Check 9:35:44.42
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 9:35:44.42
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 9:35:44.42
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 9:35:44.42
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 9:35:44.42
--- C:\Users\owner DB Check 9:38:13.28
--- C:\PROGRA~3 DB Check 9:38:35.94
--- C:\Users\Default\AppData\Local DB Check 9:38:37.51
--- C:\Users\Default User\AppData\Local DB Check 9:38:37.51
--- C:\Users\owner\AppData\Local DB Check 9:38:37.51
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 9:38:37.51
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 9:38:37.51
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 9:38:37.51
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 9:38:37.51
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:40:02.05
--- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 9:40:10.31
--- Tasks DB Check 9:40:15.17
--- Downloads DB Check 9:40:18.43
--- C:\Users\owner\AppData\LocalLow DB Check 9:40:22.76
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 9:40:22.76
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 9:40:22.76
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 9:40:22.76
--- Tasks2 DB Check 9:41:03.70
--- Documents DB Check 9:41:25.68
--- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default DB Check 9:41:30.58
--- C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\dzkzfprx.default DB Check 9:41:30.58
--- C:\Users\Public\Desktop DB Check 9:41:35.30
--- C:\Users\owner\Desktop DB Check 9:41:38.46
--- Services DB Check 9:41:46.60
--- FF prefs.js DB Check 9:42:04.59
--- Del by CLSID 9:43:23.55
--- Delete Services 9:43:59.32
--- Firefox Fix 9:44:05.34
--- Delete files\folders 9:44:11.77
--- Create Backups 9:44:12.12
--- Firefox Extensions 9:44:34.69
--- Firefox Plugins 9:44:35.31
--- Create Backups 9:48:59.51
--- Chrome Look 9:49:00.51
--- Create Backups 9:50:06.35
--- Chrome Fix 9:50:07.05
--- IEdefaults 9:50:07.25
--- Del from Uninstall List 9:50:59.99
--- msconfig check 9:54:16.20
--- Deleting Registry Keys 9:54:19.64
--- Empty IE Cache 9:54:19.71
--- Empty FF Cache 9:54:27.07
--- Empty CHR Cache 9:54:29.77
--- Empty Flash Cache 9:54:31.65
--- Empty Java Cache 9:54:35.70
--- C:\zoek_backups Content 9:54:36.26
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 12:30 pm

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by owner on Mon 09/15/2014 at 9:28:29.91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\owner\Downloads\zoek (1).exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

9/15/2014 9:32:47 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7E552C10-B56C-43B7-8197-6BC8AB7954E0} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default

user.js not found
---- Lines spigot removed from prefs.js ----
user_pref("startpage.ntsearch_url", "https://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=888596&p={searchTerms}");
---- FireFox user.js and prefs.js backups ----

prefs_20140915_0944_.backup

ProfilePath: C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\dzkzfprx.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140915_0944_.backup

==== Deleting Files \ Folders ======================

C:\Users\owner\.android deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\owner\AppData\Local\cache deleted
C:\Users\owner\AppData\Local\CrashRpt deleted
C:\Users\owner\AppData\LocalLow\ADSRemoval deleted
C:\Users\owner\AppData\LocalLow\Yahoo! deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\staged deleted
C:\Users\owner\GoToAssist_phone__317_en.exe deleted
"C:\Users\owner\AppData\Roaming\Amazon" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [08/31/2014 02:55 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [08/31/2014 12:36 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Better Gmail 2 - %ProfilePath%\extensions\bettergmail2@ginatrapani.org
- Better YouTube - %ProfilePath%\extensions\betteryoutube@ginatrapani.org
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- Fire Encrypter - %ProfilePath%\extensions\fireencrypter@jungsonn.com
- Text Formatting Toolbar - %ProfilePath%\extensions\format.bar@codefisher.org
- People Search and Public Record Toolbar - %ProfilePath%\extensions\peoplesearch@skipease.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Undetermined - %ProfilePath%\extensions\temp
- Text Complete - %ProfilePath%\extensions\textcomplete@cfavatar.com
- WorldClocks - %ProfilePath%\extensions\worldclocks@jrincon.pe
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Facebook PhotoZoom - %ProfilePath%\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
- Advanced Dork: - %ProfilePath%\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}
- Start Page - %ProfilePath%\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
- Gmail Notifier - %ProfilePath%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
- Map - %ProfilePath%\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
- Clippings - %ProfilePath%\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
- Hyperwords - %ProfilePath%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
- mid - %ProfilePath%\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}
- Temporary Inbox - %ProfilePath%\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
- ActiveInbox for Gmail and Google Apps - %ProfilePath%\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
- Fasterfox - %ProfilePath%\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
- Adobe DLM powered by getPlusR - %ProfilePath%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
- FoxClocks - %ProfilePath%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
- Clipmarks - %ProfilePath%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- Back to Top - %ProfilePath%\extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
- ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi
- BBCodeXtra - %ProfilePath%\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
- Dictionary Tooltip - %ProfilePath%\extensions\{C6128004-4838-4708-9A97-BB172D17767D}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Thumbnail Zoom - %ProfilePath%\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi

ProfilePath: C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\dzkzfprx.default
- Enigmail - %ProfilePath%\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi
- Old-style version 2 smilies - %ProfilePath%\extensions\tb2-smilies@epfl.ch.xpi
- Image Zoom - %ProfilePath%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
- CompactHeader - %ProfilePath%\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director


==== Deleted Firefox Extensions ======================

C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e} deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[11/11/2013 07:28 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[11/11/2013 07:28 PM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[08/31/2014 12:36 PM]

Google Voice Search Hotword (Beta) - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Learn States and Capitals - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdblkfkcegbngjbibiefbjbeofmbgonk
Photo Zoom for Facebook - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi
Select Search - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn
AdBlock - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Dictionary (by Google) - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja
Hover Zoom - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
RoboForm - owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob

==== Chromium Fix ======================

C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage deleted successfully
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.musicsonglyrics.com_0.localstorage deleted successfully
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{758B870D-DF78-4A6A-9955-DEDDCACF94DC} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\owner\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\owner\AppData\Local\Mozilla\Firefox\Profiles\7lmcx0be.default\Cache emptied successfully
C:\Users\owner\AppData\Local\Mozilla\Firefox\Profiles\t4vn3hew.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 15th, 2014, 10:55 pm

Hi SpecialEd19,

Go ahead and run OTL. OTL is a first run as a scan only tool. I will get back to you about the Zoek results.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 11:21 pm

OTL logfile created on: 9/15/2014 11:01:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.30% Memory free
15.78 Gb Paging File | 13.68 Gb Available in Paging File | 86.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 491.82 Gb Free Space | 52.80% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 250.02 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
Drive G: | 7.39 Gb Total Space | 5.36 Gb Free Space | 72.47% Space Free | Partition Type: FAT32
Drive H: | 14.90 Gb Total Space | 10.14 Gb Free Space | 68.07% Space Free | Partition Type: FAT32

Computer Name: PHOENIX-ASUS | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/15 09:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2014/09/10 16:59:21 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/09/03 07:07:02 | 000,216,576 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2014/08/31 12:36:03 | 000,111,320 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/08/27 21:28:40 | 000,116,224 | ---- | M] (Golden Frog, GmbH.) -- C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
PRC - [2014/08/06 10:40:56 | 022,627,624 | ---- | M] (Bartels Media GmbH) -- C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
PRC - [2014/08/06 05:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/07/20 21:39:26 | 001,154,112 | ---- | M] (Ruiware LLC) -- C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/05/08 07:20:58 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 19:25:28 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
PRC - [2013/09/25 15:42:10 | 000,818,888 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2013/09/17 10:49:49 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/10/26 14:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/17 19:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/14 13:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe


========== Modules (No Company Name) ==========

MOD - [2014/09/10 16:59:21 | 003,339,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/09/10 16:59:21 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/09/10 16:59:21 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/08/06 10:40:52 | 000,464,680 | ---- | M] () -- C:\Program Files (x86)\PhraseExpress\pexlang.dll
MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/28 14:27:56 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV - [2014/09/10 16:59:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/03 07:07:02 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2014/08/28 16:54:07 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/28 07:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/27 21:28:40 | 000,116,224 | ---- | M] (Golden Frog, GmbH.) [Auto | Running] -- C:\Program Files (x86)\VyprVPN\VyprVPNService.exe -- (VyprVPN)
SRV - [2014/08/06 05:34:34 | 005,052,224 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/05/21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/05/08 07:20:58 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/11 19:25:28 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (AVP)
SRV - [2013/09/25 15:42:10 | 000,818,888 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/10/05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/01 01:49:00 | 000,231,768 | ---- | M] (IDRIX) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\veracrypt.sys -- (veracrypt)
DRV:64bit: - [2014/08/31 14:54:44 | 000,628,288 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014/08/31 14:54:44 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2014/08/31 14:54:42 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2014/08/28 16:57:14 | 000,020,672 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:64bit: - [2014/08/28 14:19:29 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2014/08/27 21:28:24 | 000,044,896 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapvyprvpn.sys -- (tapvyprvpn)
DRV:64bit: - [2014/08/06 17:45:46 | 011,530,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2014/07/18 03:11:34 | 000,017,600 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV:64bit: - [2014/05/21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/11 19:25:18 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/11/11 19:25:18 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/11/11 19:25:18 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/11/11 19:25:18 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/17 10:48:30 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/09/17 10:48:30 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/09/17 10:48:30 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/19 15:31:52 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/03/19 15:31:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/03/19 15:31:51 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/12/26 13:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/10/31 12:09:56 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/13 18:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/06/02 14:39:44 | 000,084,536 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2011/06/02 14:39:44 | 000,066,616 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3209393520-565817868-2189237008-1000\..\SearchScopes,DefaultScope = {012E1000-F331-11DB-8314-0800200C9A66}
IE - HKU\S-1-5-21-3209393520-565817868-2189237008-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3209393520-565817868-2189237008-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3209393520-565817868-2189237008-1000\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/08/31 12:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014/08/31 14:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014/08/31 14:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014/08/31 14:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014/08/31 14:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014/08/31 14:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/08/31 12:36:47 | 000,000,000 | ---D | M]

[2014/08/30 16:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2011/04/10 10:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/09/15 09:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions
[2014/08/30 16:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] ("Facebook PhotoZoom") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] (Advanced Dork:) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] (Map+) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2014/08/30 16:05:58 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2014/08/30 16:05:59 | 000,000,000 | ---D | M] (mid) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}
[2014/08/30 16:06:00 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2014/08/30 16:06:02 | 000,000,000 | ---D | M] (ActiveInbox for Gmail and Google Apps) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2014/08/30 16:06:02 | 000,000,000 | ---D | M] ("Fasterfox") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2014/08/30 16:06:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2014/09/12 17:41:36 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2014/08/30 16:06:06 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2014/08/30 16:05:55 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\bettergmail2@ginatrapani.org
[2014/08/30 16:05:55 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\betteryoutube@ginatrapani.org
[2014/08/30 16:05:55 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\en-US@dictionaries.addons.mozilla.org
[2014/08/30 16:05:56 | 000,000,000 | ---D | M] ("Fire Encrypter") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\fireencrypter@jungsonn.com
[2014/08/30 16:05:56 | 000,000,000 | ---D | M] (Text Formatting Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\format.bar@codefisher.org
[2014/08/30 16:05:56 | 000,000,000 | ---D | M] ("People Search and Public Record Toolbar") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\peoplesearch@skipease.com
[2014/08/30 16:05:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\support@lastpass.com
[2014/09/15 09:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\temp
[2014/08/30 16:05:57 | 000,000,000 | ---D | M] ("Text Complete") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\textcomplete@cfavatar.com
[2014/08/30 16:05:57 | 000,000,000 | ---D | M] ("WorldClocks") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\worldclocks@jrincon.pe
[2014/09/03 10:09:31 | 000,096,207 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2014/09/12 17:41:23 | 000,091,296 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi
[2014/09/12 17:41:38 | 000,870,551 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011/03/24 15:49:01 | 000,862,494 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}.xpi
[2014/09/12 17:41:25 | 000,071,113 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
[2011/03/23 13:14:46 | 000,242,276 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}.xpi
[2014/09/12 17:41:37 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/03/30 21:39:50 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2009/07/22 15:18:43 | 000,004,440 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\searchplugins\hyperwords.xml
[2014/09/12 17:35:34 | 000,008,074 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\searchplugins\yahoo_ff.xml
[2014/09/02 13:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/28 16:52:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/08/31 14:55:02 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2014/08/31 14:55:02 | 000,000,000 | ---D | M] (Gevaarlijke websiteblokkering) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2014/08/31 14:55:02 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2014/08/31 14:55:02 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2014/08/31 14:55:03 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T4VN3HEW.DEFAULT\EXTENSIONS\{32DA2F20-827D-40AA-A3B4-2FC4A294352E}

========== Chrome ==========

CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Slides = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Google Docs = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\
CHR - Extension: Google Drive = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: YouTube = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Learn States and Capitals = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdblkfkcegbngjbibiefbjbeofmbgonk\1.0.1_0\
CHR - Extension: Google Search = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1408.5.2_0\
CHR - Extension: Select Search = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\1.5.20_0\
CHR - Extension: Google Sheets = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: AdBlock = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\4.0.2_0\
CHR - Extension: Google Wallet = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Hover Zoom = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.4_0\
CHR - Extension: Gmail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Anti-Banner = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_1\
CHR - Extension: RoboForm = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.9.2_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3209393520-565817868-2189237008-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3209393520-565817868-2189237008-1000..\Run: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe (Ruiware LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk = C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20185106-24BF-49B3-9078-6EF5B190DF33}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACAF2E1-FC7F-4F91-A78B-33CCB448CD0E}: DhcpNameServer = 4.2.2.1 207.172.11.73 204.117.214.10
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/15 17:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/09/15 17:53:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/09/15 17:53:34 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Notepad++
[2014/09/15 17:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/09/15 11:21:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/15 09:43:21 | 000,000,000 | ---D | C] -- C:\zoek
[2014/09/15 09:27:20 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/09/11 22:34:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\FRST-OlderVersion
[2014/09/11 22:33:31 | 002,105,856 | ---- | C] (Farbar) -- C:\Users\owner\Desktop\FRST64.exe
[2014/09/11 16:30:16 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/09/11 16:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/09/11 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/09/11 09:41:24 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\EmieUserList
[2014/09/11 09:41:24 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\EmieSiteList
[2014/09/11 07:41:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/11 07:31:14 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 07:31:14 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 07:31:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 07:31:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 07:31:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 07:31:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 07:31:12 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 07:31:12 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 07:31:12 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 07:31:12 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 07:31:12 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 07:31:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 07:31:12 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 07:31:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 07:31:12 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 07:31:12 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 07:31:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 07:31:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 07:31:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 07:31:11 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 07:31:11 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 07:31:11 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 07:31:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 07:31:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 07:31:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 07:31:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 07:31:10 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 07:31:10 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 07:31:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 07:31:10 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 07:31:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 07:31:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 07:31:09 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 07:31:08 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 07:31:08 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 07:26:16 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 07:26:16 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 16:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/09/10 07:24:36 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 07:24:36 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 07:16:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 07:15:42 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/10 07:15:39 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/10 07:15:39 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/08 12:23:05 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/08 12:12:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/08 11:22:04 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/08 11:21:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/07 23:27:30 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\owner\Desktop\JRT.exe
[2014/09/07 13:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEA Crossword Helper 2.11
[2014/09/07 13:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Crossword Man
[2014/09/07 13:16:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crossword Man
[2014/09/06 11:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2014/09/05 16:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
[2014/09/05 16:12:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2014/09/05 13:17:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\QuickScan
[2014/09/04 10:51:17 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/03 14:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014/09/03 14:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/09/03 14:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2014/09/03 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\WinPatrol
[2014/09/03 11:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2014/09/03 11:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ruiware
[2014/09/03 01:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Golden Frog, GmbH
[2014/09/03 01:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VyprVPN
[2014/09/02 13:33:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/09/02 13:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/02 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/02 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/09/01 22:49:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Gpg4win Documentation
[2014/09/01 22:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
[2014/09/01 22:49:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\gnupg
[2014/09/01 22:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
[2014/09/01 22:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2014/09/01 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Solveig Multimedia
[2014/09/01 16:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia
[2014/09/01 16:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Solveig Multimedia
[2014/09/01 16:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solveig Multimedia
[2014/09/01 01:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/09/01 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\VeraCrypt
[2014/09/01 01:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2014/09/01 01:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
[2014/09/01 01:49:00 | 000,231,768 | ---- | C] (IDRIX) -- C:\Windows\SysNative\drivers\veracrypt.sys
[2014/09/01 01:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\VeraCrypt
[2014/09/01 00:54:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Stardock
[2014/09/01 00:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2014/09/01 00:54:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Stardock
[2014/09/01 00:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2014/09/01 00:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2014/09/01 00:01:05 | 000,230,840 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014/08/31 23:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
[2014/08/31 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum
[2014/08/31 23:38:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\SoftGrid Client
[2014/08/31 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SoftGrid Client
[2014/08/31 19:34:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\vlc
[2014/08/31 16:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Safe
[2014/08/31 15:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/08/31 14:25:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\PhraseExpress
[2014/08/31 14:24:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PhraseExpress
[2014/08/31 14:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress
[2014/08/31 14:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PhraseExpress
[2014/08/31 14:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhraseExpress
[2014/08/31 14:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
[2014/08/31 14:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sonos
[2014/08/31 14:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonos,_Inc
[2014/08/31 13:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
[2014/08/31 13:58:55 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2014/08/31 13:58:42 | 000,066,616 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2014/08/31 13:58:41 | 000,084,536 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2014/08/31 13:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014/08/31 13:58:31 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2014/08/31 13:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2014/08/31 13:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/08/31 13:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/08/31 13:58:18 | 000,628,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/08/31 13:58:18 | 000,092,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/08/31 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Efficient Software
[2014/08/31 13:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EfficientPIM
[2014/08/31 13:14:04 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\EfficientPIM
[2014/08/31 13:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EfficientPIM
[2014/08/31 12:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2014/08/31 12:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2014/08/31 12:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2014/08/30 16:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/08/30 16:07:40 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\New Briefcase
[2014/08/30 16:07:37 | 000,561,207 | ---- | C] (Sysinternals) -- C:\Users\owner\Desktop\procexp.exe
[2014/08/30 16:07:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\WeatherBug
[2014/08/30 16:06:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2014/08/30 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Softland
[2014/08/30 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\skypePM
[2014/08/30 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Skype
[2014/08/30 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Roxio
[2014/08/30 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Mozilla
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Motive
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2014/08/30 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014/08/30 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Macrovision
[2014/08/30 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Intuit
[2014/08/30 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Intel
[2014/08/30 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\HP
[2014/08/30 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Dell
[2014/08/30 16:04:57 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\CyberLink
[2014/08/30 16:04:56 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ASCOMP Software
[2014/08/30 16:04:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Yahoo!
[2014/08/30 16:02:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\SupportSoft
[2014/08/30 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Mozilla Firefox
[2014/08/30 16:01:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\MigWiz
[2014/08/30 16:00:31 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Identities
[2014/08/30 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\owner\WINDOWS
[2014/08/30 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\owner\vw
[2014/08/30 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\owner\System
[2014/08/30 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\owner\PrivacIE
[2014/08/30 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Incomplete
[2014/08/30 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\owner\IETldCache
[2014/08/30 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Gigabeat Original Firmware Backup
[2014/08/30 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\owner\.freemind
[2014/08/30 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\owner\.360Share
[2014/08/30 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My PSP8 Files
[2014/08/30 13:23:52 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\wordpat
[2014/08/30 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\WD_Quick_View_Setup_for_Windows
[2014/08/30 13:23:50 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\TurboTax
[2014/08/30 13:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\THE_THICK_OF_IT
[2014/08/30 13:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Sound Effects
[2014/08/30 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Solveig Multimedia
[2014/08/30 13:23:37 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Recipes
[2014/08/30 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\ProjectMeditation
[2014/08/30 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\PhraseExpress
[2014/08/30 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Safes
[2014/08/30 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My RoboForm Data
[2014/08/30 13:22:38 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Kindle Content
[2014/08/30 13:22:26 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My eBooks
[2014/08/30 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Digital Editions
[2014/08/30 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Albums
[2014/08/30 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Mixpad Projects
[2014/08/30 13:22:23 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Kindle DRM Removal
[2014/08/30 13:22:23 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Kindle BL2
[2014/08/30 13:22:23 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Kindle BL
[2014/08/30 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\iTunes
[2014/08/30 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Freemake
[2014/08/30 13:18:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Family Speeches
[2014/08/30 13:18:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\ExcelAristoInteractiveSolver
[2014/08/30 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\EnigmaSim
[2014/08/30 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\EfficientPIM Backup
[2014/08/30 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\EfficientPIM AutoBackup
[2014/08/30 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Efficient Organizer Backup
[2014/08/30 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Efficient Organizer AutoBackup
[2014/08/30 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Edraw Mind Map
[2014/08/30 13:18:31 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\DeDRM_v5.1_WinApp
[2014/08/30 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\CoffeeCup Software
[2014/08/30 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\codebooktool
[2014/08/30 13:17:46 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\CAM Development
[2014/08/30 13:17:45 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Bigasoft Video Downloader Pro
[2014/08/30 13:17:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Audible
[2014/08/30 13:17:35 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\AnyDVDHD
[2014/08/30 13:17:34 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Any Video Editor
[2014/08/30 13:16:51 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Any Video Converter Ultimate
[2014/08/30 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Any Video Converter
[2014/08/30 13:15:53 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Amazon MP3
[2014/08/30 13:15:52 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Alpha Realms
[2014/08/30 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\WinZip
[2014/08/30 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Windows Live
[2014/08/30 11:27:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\WinAVI
[2014/08/30 11:27:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Western Digital
[2014/08/30 11:27:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\WeatherBug
[2014/08/30 11:27:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Thunderbird
[2014/08/30 11:27:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temporary Projects
[2014/08/30 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Stardock_Corporation
[2014/08/30 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Spotify
[2014/08/30 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Sonos,_Inc
[2014/08/30 11:25:36 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\SoftThinks
[2014/08/30 11:25:33 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Skype
[2014/08/30 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\RapidSolution
[2014/08/30 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Radium Technologies
[2014/08/30 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\PowerDVD DX
[2014/08/30 11:24:48 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\ms-drivers
[2014/08/30 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\PasswordSafe
[2014/08/30 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Mozilla
[2014/08/30 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft Help
[2014/08/30 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft Games
[2014/08/30 11:24:27 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\icsxml
[2014/08/30 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\MetaGeek,_LLC
[2014/08/30 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Macromedia
[2014/08/30 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\IsolatedStorage
[2014/08/30 11:24:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\HP
[2014/08/30 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Golden_Frog,_GmbH
[2014/08/30 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Golden Frog, GmbH
[2014/08/30 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\GNU
[2014/08/30 11:23:53 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\ElevatedDiagnostics
[2014/08/30 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Downloaded Installations
[2014/08/30 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Diagnostics
[2014/08/30 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Deployment
[2014/08/30 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Dell Edoc Viewer
[2014/08/30 11:23:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\DeDRMPrefs
[2014/08/30 11:23:50 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Citrix
[2014/08/30 11:23:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Best Buy pc app
[2014/08/30 11:23:48 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apps
[2014/08/30 11:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple Computer
[2014/08/30 11:23:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\AOL
[2014/08/30 11:23:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Amazon Music
[2014/08/30 11:22:56 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Amazon
[2014/08/30 11:22:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Akamai
[2014/08/30 11:22:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Aimersoft
[2014/08/30 11:21:01 | 000,017,920 | R--- | C] (Microsoft Corporation) -- C:\Users\owner\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
[2014/08/30 11:21:01 | 000,000,000 | R--D | C] -- C:\Users\owner\SkyDrive
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\Tracing
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\temp
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\My Backup Files
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\.kde
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\.idlerc
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\.dvdcss
[2014/08/30 11:21:01 | 000,000,000 | ---D | C] -- C:\Users\owner\.clipbak
[2014/08/30 03:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/08/28 18:04:20 | 000,041,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\USB3Ver.dll
[2014/08/28 17:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2014/08/28 17:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2014/08/28 17:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2014/08/28 17:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2014/08/28 17:39:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2014/08/28 17:39:27 | 009,888,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsUStoricon.dll
[2014/08/28 17:39:27 | 000,422,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2014/08/28 17:39:27 | 000,252,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2014/08/28 17:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/08/28 17:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2014/08/28 17:28:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/08/28 17:28:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/08/28 17:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/08/28 17:27:50 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/08/28 17:24:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Apple Computer
[2014/08/28 17:22:08 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/08/28 17:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/08/28 17:03:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/08/28 17:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/08/28 17:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2014/08/28 17:03:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\TP
[2014/08/28 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/28 17:00:06 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/08/28 17:00:06 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/08/28 17:00:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/08/28 17:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/28 17:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/28 17:00:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Canneverbe Limited
[2014/08/28 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2014/08/28 16:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/08/28 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/08/28 16:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/08/28 16:59:40 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Apple
[2014/08/28 16:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/08/28 16:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/08/28 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/08/28 16:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/08/28 16:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/08/28 16:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/08/28 16:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2014/08/28 16:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[2014/08/28 16:57:14 | 000,020,672 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/08/28 16:57:13 | 000,118,048 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe
[2014/08/28 16:57:13 | 000,017,600 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys
[2014/08/28 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\GlarySoft
[2014/08/28 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DiskDefrag
[2014/08/28 16:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 5
[2014/08/28 16:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/08/28 16:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/08/28 16:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/08/28 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Programs
[2014/08/28 16:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/28 16:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/28 16:55:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/08/28 16:54:56 | 000,319,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/08/28 16:54:52 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/08/28 16:54:52 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/08/28 16:54:52 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/08/28 16:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/08/28 16:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/08/28 16:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/28 16:54:23 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/28 16:54:20 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/28 16:54:20 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/28 16:54:20 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/28 16:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/28 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/08/28 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/08/28 16:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/08/28 16:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/08/28 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Macromedia
[2014/08/28 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Adobe
[2014/08/28 16:53:47 | 000,699,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/28 16:53:47 | 000,071,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/28 16:53:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/08/28 16:53:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/08/28 16:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/08/28 16:53:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Google
[2014/08/28 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/08/28 16:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/08/28 16:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/08/28 16:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/28 16:32:09 | 007,163,744 | R--- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/08/28 16:32:09 | 000,123,744 | R--- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/08/28 16:32:08 | 000,433,504 | R--- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/08/28 16:32:08 | 000,141,152 | R--- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/08/28 16:32:08 | 000,074,592 | R--- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/08/28 16:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/08/28 16:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/08/28 16:30:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/08/28 16:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/08/28 16:05:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/08/28 16:05:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/08/28 16:05:06 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/08/28 16:05:05 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2014/08/28 16:05:04 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/08/28 16:05:04 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/08/28 16:05:02 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/08/28 16:04:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2014/08/28 15:50:55 | 000,000,000 | -HSD | C] -- C:\Users\owner\IntelGraphicsProfiles
[2014/08/28 15:44:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/08/28 15:44:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/08/28 15:41:39 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/08/28 15:41:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/08/28 15:41:38 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/08/28 15:41:37 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/08/28 15:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/08/28 15:24:33 | 000,064,000 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2014/08/28 15:24:33 | 000,060,416 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2014/08/28 15:24:33 | 000,000,000 | ---D | C] -- C:\Intel
[2014/08/28 15:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/08/28 15:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/08/28 15:23:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2014/08/28 15:23:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2014/08/28 15:23:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2014/08/28 15:23:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2014/08/28 15:18:04 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2014/08/28 15:18:04 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2014/08/28 15:18:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/28 15:18:00 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2014/08/28 15:18:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/28 15:18:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2014/08/28 15:17:59 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2014/08/28 15:17:59 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2014/08/28 15:17:59 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2014/08/28 15:17:59 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/28 15:17:59 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2014/08/28 15:17:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/28 15:17:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2014/08/28 15:17:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/28 15:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2014/08/28 15:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2014/08/28 15:17:59 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/28 15:17:59 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2014/08/28 15:17:58 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2014/08/28 15:17:58 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2014/08/28 15:17:58 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2014/08/28 15:17:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2014/08/28 15:17:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2014/08/28 15:17:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2014/08/28 15:17:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2014/08/28 15:17:58 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2014/08/28 15:14:57 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/28 15:14:57 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/28 15:14:56 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/28 15:14:56 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/28 15:14:55 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/28 15:14:55 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/28 15:14:39 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/28 15:14:39 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/28 15:14:00 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/08/28 15:13:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2014/08/28 15:13:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2014/08/28 15:13:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2014/08/28 15:13:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2014/08/28 15:13:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2014/08/28 15:13:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2014/08/28 15:13:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2014/08/28 15:13:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2014/08/28 15:13:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2014/08/28 15:13:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2014/08/28 15:13:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2014/08/28 15:13:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2014/08/28 15:13:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2014/08/28 15:13:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2014/08/28 15:13:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2014/08/28 15:13:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2014/08/28 15:13:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2014/08/28 15:13:16 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2014/08/28 15:13:16 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2014/08/28 15:13:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2014/08/28 15:13:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2014/08/28 15:13:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2014/08/28 15:13:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2014/08/28 15:13:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2014/08/28 15:13:16 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2014/08/28 15:13:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2014/08/28 15:13:15 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 11:24 pm

[2014/08/28 15:13:05 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/08/28 15:13:04 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/08/28 15:13:04 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/08/28 15:13:04 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/08/28 15:13:04 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/08/28 15:13:04 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/08/28 15:13:04 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/08/28 15:13:04 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/08/28 15:13:04 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/08/28 15:13:04 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/08/28 15:13:03 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/08/28 15:13:03 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/08/28 15:13:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/08/28 15:13:03 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/08/28 15:13:03 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/08/28 15:13:03 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/08/28 15:13:03 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/08/28 15:13:01 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/08/28 15:13:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/08/28 15:12:59 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/08/28 15:12:59 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/08/28 15:12:53 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2014/08/28 15:12:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2014/08/28 15:12:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2014/08/28 15:12:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2014/08/28 15:12:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/08/28 15:12:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2014/08/28 15:12:35 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2014/08/28 15:12:35 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2014/08/28 15:12:34 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2014/08/28 15:12:34 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2014/08/28 15:12:34 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2014/08/28 15:12:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2014/08/28 15:12:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2014/08/28 15:12:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2014/08/28 15:12:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2014/08/28 15:12:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2014/08/28 15:12:34 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2014/08/28 15:12:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2014/08/28 15:12:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2014/08/28 15:12:32 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/08/28 15:12:32 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/08/28 15:12:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/08/28 15:12:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2014/08/28 15:12:21 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/28 15:12:21 | 001,942,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/28 15:12:21 | 001,806,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/28 15:12:21 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/28 15:12:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/28 15:12:21 | 000,112,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/28 15:12:19 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/08/28 15:12:19 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/08/28 15:12:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2014/08/28 15:12:17 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2014/08/28 15:12:17 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2014/08/28 15:12:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/08/28 15:12:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/08/28 15:12:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/08/28 15:12:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/08/28 15:12:09 | 000,191,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/08/28 15:12:09 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/08/28 15:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/08/28 15:12:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/08/28 15:12:07 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2014/08/28 15:12:07 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2014/08/28 15:12:06 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2014/08/28 15:12:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2014/08/28 15:12:06 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/08/28 15:12:06 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/08/28 15:12:04 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2014/08/28 15:12:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2014/08/28 15:12:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2014/08/28 15:12:02 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/08/28 15:12:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2014/08/28 15:12:01 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/08/28 15:12:01 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/08/28 15:12:00 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/08/28 15:12:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/08/28 15:11:59 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/08/28 15:11:59 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/08/28 15:11:59 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/08/28 15:05:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2014/08/28 15:05:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2014/08/28 15:05:55 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2014/08/28 15:05:55 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2014/08/28 15:05:55 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2014/08/28 15:05:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2014/08/28 15:05:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2014/08/28 15:05:55 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2014/08/28 15:05:51 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/08/28 15:05:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2014/08/28 15:05:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2014/08/28 15:05:42 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/28 15:05:34 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2014/08/28 15:05:32 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/28 14:51:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Adobe
[2014/08/28 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\WindowsPowerShell
[2014/08/28 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsPowerShell
[2014/08/28 14:45:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\dsc
[2014/08/28 14:45:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Configuration
[2014/08/28 14:43:08 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/08/28 14:43:08 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/08/28 14:43:08 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/08/28 14:43:08 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/08/28 14:43:08 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2014/08/28 14:43:08 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2014/08/28 14:43:08 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2014/08/28 14:40:26 | 005,553,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/28 14:40:26 | 003,974,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/28 14:40:26 | 003,918,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/28 14:40:26 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/08/28 14:40:26 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/08/28 14:40:26 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/08/28 14:40:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/08/28 14:40:26 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/08/28 14:40:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/08/28 14:40:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014/08/28 14:40:26 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/08/28 14:40:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/08/28 14:40:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/08/28 14:40:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/08/28 14:40:26 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/08/28 14:40:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/08/28 14:40:26 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/08/28 14:40:26 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/08/28 14:40:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/08/28 14:40:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/08/28 14:40:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/08/28 14:40:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014/08/28 14:40:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/08/28 14:40:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/08/28 14:40:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/08/28 14:40:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/08/28 14:40:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/08/28 14:40:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/08/28 14:40:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014/08/28 14:40:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2014/08/28 14:39:39 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/08/28 14:39:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/08/28 14:39:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/08/28 14:39:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/08/28 14:39:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/08/28 14:39:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/08/28 14:39:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/08/28 14:39:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/08/28 14:39:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/08/28 14:39:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/08/28 14:35:58 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/08/28 14:35:58 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/08/28 14:35:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/08/28 14:35:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/08/28 14:35:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/08/28 14:35:15 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/08/28 14:35:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/08/28 14:35:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/08/28 14:34:58 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/08/28 14:34:58 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/08/28 14:34:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/08/28 14:33:44 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/08/28 14:33:06 | 000,832,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/08/28 14:33:06 | 000,657,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/08/28 14:33:06 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/08/28 14:33:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/08/28 14:32:15 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2014/08/28 14:32:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2014/08/28 14:31:57 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/08/28 14:31:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/08/28 14:31:40 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/08/28 14:31:21 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/08/28 14:31:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/08/28 14:31:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2014/08/28 14:31:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2014/08/28 14:31:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/08/28 14:31:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2014/08/28 14:31:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/08/28 14:31:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2014/08/28 14:31:05 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2014/08/28 14:31:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/08/28 14:30:11 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/08/28 14:30:11 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/08/28 14:29:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/08/28 14:29:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014/08/28 14:29:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2014/08/28 14:29:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2014/08/28 14:29:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2014/08/28 14:29:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2014/08/28 14:29:31 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/08/28 14:29:31 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/08/28 14:28:17 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/08/28 14:28:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/08/28 14:26:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2014/08/28 14:26:24 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2014/08/28 14:26:07 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2014/08/28 14:26:07 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2014/08/28 14:26:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2014/08/28 14:26:07 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2014/08/28 14:25:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2014/08/28 14:22:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2014/08/28 14:22:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2014/08/28 14:22:12 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2014/08/28 14:22:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2014/08/28 14:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2014/08/28 14:21:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2014/08/28 14:21:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2014/08/28 14:21:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2014/08/28 14:21:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2014/08/28 14:20:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/08/28 14:20:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2014/08/28 14:20:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2014/08/28 14:19:29 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2014/08/28 14:19:18 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2014/08/28 14:19:06 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2014/08/28 14:19:06 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2014/08/28 14:18:54 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/08/28 14:18:54 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/08/28 14:18:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/08/28 14:18:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/08/28 14:18:18 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2014/08/28 14:18:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2014/08/28 14:17:59 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2014/08/28 14:17:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2014/08/28 14:17:59 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2014/08/28 14:17:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2014/08/28 14:17:48 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/08/28 14:17:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2014/08/28 14:17:28 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2014/08/28 14:17:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2014/08/28 14:17:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2014/08/28 14:17:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2014/08/28 14:17:28 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2014/08/28 14:17:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2014/08/28 14:17:28 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2014/08/28 14:17:28 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2014/08/28 14:17:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2014/08/28 14:17:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2014/08/28 14:17:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2014/08/28 14:16:40 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2014/08/28 14:16:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2014/08/28 14:16:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2014/08/28 14:16:31 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2014/08/28 14:16:13 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2014/08/28 14:16:13 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2014/08/28 14:16:13 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2014/08/28 14:16:13 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2014/08/28 14:16:02 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2014/08/28 14:16:02 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2014/08/28 14:16:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2014/08/28 14:16:02 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2014/08/28 14:16:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2014/08/28 14:16:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2014/08/28 14:06:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/08/28 14:06:16 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/08/28 14:06:16 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/08/28 14:06:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/08/28 14:06:16 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/08/28 14:06:16 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/08/28 14:06:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/08/28 14:06:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/08/28 14:06:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/08/28 14:06:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/08/28 14:06:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/08/28 14:06:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/08/28 14:06:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/08/28 14:06:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/08/28 14:06:15 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/08/28 14:06:15 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/08/28 14:04:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2014/08/28 14:04:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2014/08/28 14:04:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2014/08/28 14:04:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2014/08/28 14:04:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2014/08/28 14:04:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2014/08/28 14:04:21 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2014/08/28 14:04:21 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2014/08/28 14:04:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2014/08/28 14:04:20 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2014/08/28 14:04:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2014/08/28 14:04:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2014/08/28 14:04:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2014/08/28 14:04:15 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2014/08/28 14:04:15 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2014/08/28 14:04:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2014/08/28 14:04:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2014/08/28 14:04:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2014/08/28 14:04:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2014/08/28 14:04:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2014/08/28 14:04:14 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2014/08/28 14:04:14 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2014/08/28 14:04:14 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2014/08/28 14:04:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2014/08/28 14:04:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2014/08/28 14:04:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2014/08/28 14:04:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2014/08/28 14:04:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2014/08/28 14:04:14 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2014/08/28 14:04:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2014/08/28 14:04:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/08/28 14:04:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2014/08/28 14:04:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014/08/28 14:04:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2014/08/28 14:04:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2014/08/28 14:04:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
[2014/08/28 14:04:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
[2014/08/28 14:04:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2014/08/28 14:04:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2014/08/28 14:04:13 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2014/08/28 14:04:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2014/08/28 14:04:13 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2014/08/28 14:04:13 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2014/08/28 14:04:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014/08/28 14:04:13 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2014/08/28 14:04:13 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/08/28 14:04:12 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2014/08/28 14:04:12 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014/08/28 14:04:12 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/08/28 14:04:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2014/08/28 14:04:12 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2014/08/28 14:04:12 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DscCore.dll
[2014/08/28 14:04:12 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DscCoreConfProv.dll
[2014/08/28 14:04:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2014/08/28 14:04:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2014/08/28 14:04:12 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014/08/28 14:04:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2014/08/28 14:04:12 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimofcodec.dll
[2014/08/28 14:04:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/08/28 14:04:12 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2014/08/28 14:04:12 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimofcodec.dll
[2014/08/28 14:04:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mibincodec.dll
[2014/08/28 14:04:12 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mibincodec.dll
[2014/08/28 14:04:11 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2014/08/28 14:04:10 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2014/08/28 14:04:10 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2014/08/28 14:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/08/28 13:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/08/28 13:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/08/28 13:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/08/28 13:57:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/08/28 13:55:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/28 13:55:06 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/28 13:55:06 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/28 13:55:06 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/28 13:55:06 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/28 13:55:06 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/28 13:55:06 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/28 13:55:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/28 13:55:06 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/28 13:55:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/28 13:55:06 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/28 13:55:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/28 13:55:06 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/28 13:55:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/28 13:55:06 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/28 13:55:06 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/28 13:55:06 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/28 13:55:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/28 13:55:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/28 13:55:06 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/28 13:55:06 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/28 13:55:06 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/28 13:55:06 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/28 13:55:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/28 13:55:06 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/28 13:55:06 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/28 13:55:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/28 13:55:06 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/28 13:55:06 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/28 13:55:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/28 13:55:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/28 13:55:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/28 13:55:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/28 13:55:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/28 13:55:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/28 13:55:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/28 13:55:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/28 13:55:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/28 13:55:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/28 13:55:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/28 13:55:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/28 13:55:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/28 13:55:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/28 13:55:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/28 13:55:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/28 13:49:00 | 001,737,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/08/28 13:49:00 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/08/28 13:49:00 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/08/28 13:49:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/08/28 13:47:49 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2014/08/28 13:47:49 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2014/08/28 13:47:18 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2014/08/28 13:47:18 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2014/08/28 13:46:45 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2014/08/28 13:41:52 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/28 13:41:52 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/28 13:41:52 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/28 13:41:46 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/28 13:41:46 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/28 13:41:46 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/28 13:41:46 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/28 13:41:46 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/28 13:41:46 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/28 13:41:37 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/28 13:41:37 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/28 13:41:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/28 13:41:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/28 13:36:19 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/08/28 13:36:19 | 000,000,000 | R--D | C] -- C:\Users\owner\Searches
[2014/08/28 13:36:19 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/08/28 13:36:19 | 000,000,000 | -H-D | C] -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/08/28 13:36:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Identities
[2014/08/28 13:36:09 | 000,000,000 | R--D | C] -- C:\Users\owner\Contacts
[2014/08/28 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VirtualStore
[2014/08/28 13:35:47 | 000,000,000 | --SD | C] -- C:\Users\owner\AppData\Roaming\Microsoft
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Videos
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Saved Games
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Pictures
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Music
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Links
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Favorites
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Downloads
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Documents
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\Desktop
[2014/08/28 13:35:47 | 000,000,000 | R--D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\Temporary Internet Files
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Templates
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Start Menu
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\SendTo
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Recent
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\PrintHood
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\NetHood
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Videos
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Pictures
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Documents\My Music
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\My Documents
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Local Settings
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\History
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Cookies
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\Application Data
[2014/08/28 13:35:47 | 000,000,000 | -HSD | C] -- C:\Users\owner\AppData\Local\Application Data
[2014/08/28 13:35:47 | 000,000,000 | -H-D | C] -- C:\Users\owner\AppData
[2014/08/28 13:35:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Temp
[2014/08/28 13:35:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Microsoft
[2014/08/28 13:35:47 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Media Center Programs
[2014/08/28 13:35:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/08/28 13:35:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/08/27 21:28:24 | 000,044,896 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tapvyprvpn.sys

========== Files - Modified Within 30 Days ==========

[2014/09/15 22:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/15 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/15 20:16:06 | 000,782,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/15 20:16:06 | 000,662,338 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/15 20:16:06 | 000,121,916 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/15 18:43:46 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 18:43:46 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 18:37:17 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/09/15 18:36:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/15 18:36:13 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2014/09/15 18:36:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/15 18:36:00 | 2060,771,327 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 18:35:08 | 015,310,848 | ---- | M] () -- C:\Users\owner\Documents\My Information.effx
[2014/09/15 17:53:38 | 000,001,053 | ---- | M] () -- C:\Users\owner\Desktop\Notepad++.ln[2014/09/15 11:23:12 | 000,002,110 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/09/12 15:18:25 | 000,016,579 | ---- | M] () -- C:\Users\owner\Documents\addresses.eml
[2014/09/11 22:34:25 | 002,105,856 | ---- | M] (Farbar) -- C:\Users\owner\Desktop\FRST64.exe
[2014/09/11 22:30:49 | 000,165,376 | ---- | M] () -- C:\Users\owner\Desktop\SystemLook_x64.exe
[2014/09/11 16:31:00 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PHONEIX-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/09/11 16:25:19 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/09/11 16:14:42 | 004,057,608 | ---- | M] () -- C:\Users\owner\Desktop\tweaking.com_registry_backup_setup.exe
[2014/09/10 14:07:13 | 001,268,217 | ---- | M] () -- C:\Users\owner\Documents\LinuxMint_17.0.pdf
[2014/09/07 23:27:47 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\owner\Desktop\JRT.exe
[2014/09/07 23:04:49 | 001,370,467 | ---- | M] () -- C:\Users\owner\Desktop\AdwCleaner.exe
[2014/09/07 21:41:50 | 000,025,088 | ---- | M] () -- C:\Users\owner\Desktop\codecheck.exe
[2014/09/07 16:25:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/07 13:16:25 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\TEA 2.11.lnk
[2014/09/06 11:45:16 | 000,097,803 | ---- | M] () -- C:\ProgramData\1410018152.bdinstall.bin
[2014/09/06 11:42:32 | 000,037,823 | ---- | M] () -- C:\ProgramData\1410018147.bdinstall.bin
[2014/09/05 15:49:45 | 000,001,029 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
[2014/09/05 13:27:05 | 000,244,789 | ---- | M] () -- C:\ProgramData\1409937465.bdinstall.bin
[2014/09/04 22:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 22:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/04 19:24:11 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Kleopatra.lnk
[2014/09/04 14:51:38 | 000,012,248 | ---- | M] () -- C:\Users\owner\Documents\pwsafe.psafe3
[2014/09/03 14:38:05 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/09/03 10:17:41 | 000,276,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/03 01:37:06 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\VyprVPN.lnk
[2014/09/03 00:50:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/01 16:47:38 | 000,001,296 | ---- | M] () -- C:\Users\owner\Desktop\SolveigMM Video Splitter Home Edition.lnk
[2014/09/01 15:26:25 | 2147,483,648 | ---- | M] () -- C:\Users\owner\Documents\DistantDeeps
[2014/09/01 01:49:02 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\VeraCrypt.lnk
[2014/09/01 01:49:00 | 000,231,768 | ---- | M] (IDRIX) -- C:\Windows\SysNative\drivers\veracrypt.sys
[2014/09/01 00:54:25 | 000,002,026 | ---- | M] () -- C:\Users\owner\Desktop\Customize Fences.lnk
[2014/09/01 00:01:05 | 000,230,840 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2014/08/31 16:29:40 | 000,001,030 | ---- | M] () -- C:\Users\owner\Desktop\Password Safe.lnk
[2014/08/31 14:54:44 | 000,628,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/08/31 14:54:44 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys
[2014/08/31 14:54:43 | 000,092,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/08/31 14:54:42 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014/08/31 14:09:00 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Sonos.lnk
[2014/08/31 13:55:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/08/31 13:14:05 | 000,000,983 | ---- | M] () -- C:\Users\owner\Desktop\EfficientPIM.lnk
[2014/08/31 12:03:55 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/08/30 16:29:36 | 000,007,604 | ---- | M] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/08/30 03:01:22 | 000,798,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/28 18:04:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2014/08/28 17:00:12 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/28 17:00:02 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/08/28 16:59:54 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/08/28 16:58:45 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/08/28 16:58:15 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/28 16:57:17 | 000,001,104 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/08/28 16:57:17 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/08/28 16:57:14 | 000,020,672 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/08/28 16:56:41 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/28 16:55:55 | 000,001,169 | ---- | M] () -- C:\Users\owner\Desktop\Auslogics DiskDefrag.lnk
[2014/08/28 16:54:50 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/08/28 16:54:47 | 000,319,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/08/28 16:54:47 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/08/28 16:54:46 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/08/28 16:54:15 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/28 16:54:14 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/28 16:54:14 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/28 16:54:13 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/28 16:54:06 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/28 16:54:06 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/28 16:52:47 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/28 16:33:28 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/08/28 16:33:28 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/08/28 16:31:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/08/28 16:17:29 | 000,000,144 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/08/28 15:50:51 | 000,000,451 | ---- | M] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/08/28 14:40:26 | 005,553,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/08/28 14:40:26 | 003,974,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/08/28 14:40:26 | 003,918,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/08/28 14:40:26 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/08/28 14:40:26 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/08/28 14:40:26 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/08/28 14:40:26 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/08/28 14:40:26 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/08/28 14:40:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/08/28 14:40:26 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014/08/28 14:40:26 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/08/28 14:40:26 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/08/28 14:40:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/08/28 14:40:26 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/08/28 14:40:26 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/08/28 14:40:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/08/28 14:40:26 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/08/28 14:40:26 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/08/28 14:40:26 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/08/28 14:40:26 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/08/28 14:40:26 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/08/28 14:40:26 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014/08/28 14:40:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/08/28 14:40:26 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/08/28 14:40:26 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/08/28 14:40:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/08/28 14:40:26 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/08/28 14:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/08/28 14:40:26 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014/08/28 14:40:26 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2014/08/28 14:39:39 | 001,163,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/08/28 14:39:39 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/08/28 14:39:39 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/08/28 14:39:39 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/08/28 14:39:39 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/08/28 14:39:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/08/28 14:39:39 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/08/28 14:39:39 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/08/28 14:39:39 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/08/28 14:39:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/08/28 14:35:58 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/08/28 14:35:58 | 000,007,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/08/28 14:35:15 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/08/28 14:35:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/08/28 14:35:15 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/08/28 14:35:15 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/08/28 14:35:15 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/08/28 14:35:15 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/08/28 14:34:58 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/08/28 14:34:58 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/08/28 14:34:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/08/28 14:33:44 | 001,474,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/08/28 14:33:06 | 000,832,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/08/28 14:33:06 | 000,657,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/08/28 14:33:06 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/08/28 14:33:06 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/08/28 14:32:15 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2014/08/28 14:32:15 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2014/08/28 14:32:15 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/08/28 14:31:57 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/08/28 14:31:40 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/08/28 14:31:40 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/08/28 14:31:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/08/28 14:31:21 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/08/28 14:31:21 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2014/08/28 14:31:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2014/08/28 14:31:21 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/08/28 14:31:21 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2014/08/28 14:31:21 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/08/28 14:31:21 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2014/08/28 14:31:05 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2014/08/28 14:31:05 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/08/28 14:30:11 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/08/28 14:30:11 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/08/28 14:29:52 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/08/28 14:29:52 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014/08/28 14:29:52 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2014/08/28 14:29:52 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2014/08/28 14:29:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2014/08/28 14:29:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2014/08/28 14:29:52 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2014/08/28 14:29:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2014/08/28 14:29:31 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/08/28 14:29:31 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/08/28 14:28:17 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/08/28 14:28:17 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/08/28 14:26:24 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2014/08/28 14:26:24 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2014/08/28 14:26:07 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2014/08/28 14:26:07 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2014/08/28 14:26:07 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2014/08/28 14:26:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2014/08/28 14:25:09 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2014/08/28 14:22:25 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2014/08/28 14:22:25 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2014/08/28 14:22:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2014/08/28 14:22:12 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2014/08/28 14:21:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2014/08/28 14:21:22 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2014/08/28 14:21:22 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2014/08/28 14:21:08 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2014/08/28 14:21:08 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2014/08/28 14:20:47 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/08/28 14:20:47 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2014/08/28 14:20:47 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2014/08/28 14:19:29 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2014/08/28 14:19:18 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2014/08/28 14:19:06 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2014/08/28 14:19:06 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2014/08/28 14:18:54 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/08/28 14:18:54 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/08/28 14:18:44 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/08/28 14:18:44 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/08/28 14:18:18 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2014/08/28 14:18:18 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2014/08/28 14:17:59 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2014/08/28 14:17:59 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2014/08/28 14:17:59 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2014/08/28 14:17:59 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2014/08/28 14:17:48 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/08/28 14:17:48 | 000,331,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2014/08/28 14:17:28 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2014/08/28 14:17:28 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2014/08/28 14:17:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2014/08/28 14:17:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2014/08/28 14:17:28 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2014/08/28 14:17:28 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2014/08/28 14:17:28 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2014/08/28 14:17:28 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2014/08/28 14:17:28 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2014/08/28 14:17:07 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2014/08/28 14:17:07 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2014/08/28 14:16:40 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2014/08/28 14:16:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2014/08/28 14:16:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2014/08/28 14:16:31 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2014/08/28 14:16:13 | 001,395,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2014/08/28 14:16:13 | 001,359,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2014/08/28 14:16:13 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2014/08/28 14:16:13 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2014/08/28 14:16:02 | 001,118,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2014/08/28 14:16:02 | 000,961,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2014/08/28 14:16:02 | 000,850,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2014/08/28 14:16:02 | 000,642,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2014/08/28 14:16:02 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2014/08/28 14:16:02 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2014/08/28 13:55:10 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/08/28 13:55:06 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/08/28 13:55:06 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/28 13:55:06 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/08/28 13:55:06 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/08/28 13:55:06 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/08/28 13:55:06 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/28 13:55:06 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/08/28 13:55:06 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/08/28 13:55:06 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/08/28 13:55:06 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/08/28 13:55:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/08/28 13:55:06 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/08/28 13:55:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/08/28 13:55:06 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/08/28 13:55:06 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/08/28 13:55:06 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/08/28 13:55:06 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/08/28 13:55:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/08/28 13:55:06 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/08/28 13:55:06 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/08/28 13:55:06 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/08/28 13:55:06 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/08/28 13:55:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/28 13:55:06 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/08/28 13:55:06 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/08/28 13:55:06 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/08/28 13:55:06 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/28 13:55:06 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/08/28 13:55:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/08/28 13:55:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/08/28 13:55:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/08/28 13:55:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/08/28 13:55:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/08/28 13:55:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/08/28 13:55:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/08/28 13:55:06 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/08/28 13:55:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/08/28 13:55:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/08/28 13:55:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/08/28 13:55:06 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/08/28 13:55:06 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/08/28 13:55:06 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/28 13:55:06 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/28 13:55:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/08/28 13:55:06 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/08/28 13:55:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/08/27 21:28:24 | 000,044,896 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tapvyprvpn.sys
[2014/08/22 22:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/18 20:58:37 | 003,725,144 | ---- | M] () -- C:\Users\owner\Documents\Symbiot pm 7-14-13.mp3
[2014/08/18 18:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/18 18:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/18 18:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/18 18:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/18 18:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/18 18:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/18 18:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/18 18:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/18 18:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/18 18:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/18 17:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/18 17:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/18 17:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/18 17:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 17:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/18 17:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/18 17:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/18 17:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/18 17:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/18 17:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/18 17:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/18 17:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/18 17:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/18 17:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/18 17:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/18 17:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/18 17:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/18 17:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 17:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/18 17:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/18 17:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/18 17:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/18 16:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/18 16:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/17 21:06:28 | 000,118,048 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\BootDefrag.exe

========== Files Created - No Company Name ==========
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 11:25 pm

[2014/09/15 18:36:13 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2014/09/15 17:53:38 | 000,001,053 | ---- | C] () -- C:\Users\owner\Desktop\Notepad++.lnk
[2014/09/13 10:49:50 | 000,557,056 | ---- | C] () -- C:\Users\owner\Desktop\Plop Boot Manger.iso
[2014/09/13 10:49:00 | 899,880,960 | ---- | C] () -- C:\Users\owner\Desktop\Tails.iso
[2014/09/11 22:30:06 | 000,165,376 | ---- | C] () -- C:\Users\owner\Desktop\SystemLook_x64.exe
[2014/09/11 16:31:00 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PHONEIX-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/09/11 16:25:19 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/09/11 16:24:13 | 004,057,608 | ---- | C] () -- C:\Users\owner\Desktop\tweaking.com_registry_backup_setup.exe
[2014/09/10 14:07:13 | 001,268,217 | ---- | C] () -- C:\Users\owner\Documents\LinuxMint_17.0.pdf
[2014/09/09 16:06:18 | 000,012,248 | ---- | C] () -- C:\Users\owner\Documents\pwsafe.psafe3
[2014/09/07 23:02:22 | 001,370,467 | ---- | C] () -- C:\Users\owner\Desktop\AdwCleaner.exe
[2014/09/07 21:41:49 | 000,025,088 | ---- | C] () -- C:\Users\owner\Desktop\codecheck.exe
[2014/09/07 13:16:25 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\TEA 2.11.lnk
[2014/09/06 11:45:16 | 000,097,803 | ---- | C] () -- C:\ProgramData\1410018152.bdinstall.bin
[2014/09/06 11:42:32 | 000,037,823 | ---- | C] () -- C:\ProgramData\1410018147.bdinstall.bin
[2014/09/05 15:49:45 | 000,001,029 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
[2014/09/05 13:27:05 | 000,244,789 | ---- | C] () -- C:\ProgramData\1409937465.bdinstall.bin
[2014/09/03 14:38:05 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/09/03 01:37:06 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\VyprVPN.lnk
[2014/09/02 13:33:52 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/01 22:49:29 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Kleopatra.lnk
[2014/09/01 16:47:38 | 000,001,296 | ---- | C] () -- C:\Users\owner\Desktop\SolveigMM Video Splitter Home Edition.lnk
[2014/09/01 15:25:46 | 2147,483,648 | ---- | C] () -- C:\Users\owner\Documents\DistantDeeps
[2014/09/01 01:49:02 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\VeraCrypt.lnk
[2014/09/01 00:54:25 | 000,002,026 | ---- | C] () -- C:\Users\owner\Desktop\Customize Fences.lnk
[2014/08/31 16:29:40 | 000,001,030 | ---- | C] () -- C:\Users\owner\Desktop\Password Safe.lnk
[2014/08/31 14:09:00 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Sonos.lnk
[2014/08/31 13:14:05 | 000,000,983 | ---- | C] () -- C:\Users\owner\Desktop\EfficientPIM.lnk
[2014/08/31 12:03:55 | 000,002,110 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/08/31 12:03:55 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014/08/31 12:03:55 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/08/30 16:07:40 | 000,001,387 | ---- | C] () -- C:\Users\owner\Desktop\WordPad.lnk
[2014/08/30 16:07:40 | 000,000,083 | -HS- | C] () -- C:\Users\owner\Documents\DESKTOP (1).INI
[2014/08/30 16:07:39 | 000,472,064 | ---- | C] ( ) -- C:\Users\owner\Desktop\RootRepeal.exe
[2014/08/30 16:07:26 | 000,002,429 | ---- | C] () -- C:\Users\owner\Desktop\Google Chrome.lnk
[2014/08/30 16:07:26 | 000,001,176 | ---- | C] () -- C:\Users\owner\Desktop\Edward.adu
[2014/08/30 16:07:26 | 000,001,079 | ---- | C] () -- C:\Users\owner\Desktop\Notepad (2).lnk
[2014/08/30 16:07:25 | 000,284,522 | ---- | C] () -- C:\Users\owner\Desktop\EarlandEddie.JPG
[2014/08/30 16:05:48 | 000,001,415 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/08/30 16:05:02 | 000,002,115 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/30 16:05:02 | 000,001,192 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2014/08/30 16:05:02 | 000,000,178 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TV Listings - Find Local TV Shows and Movie Schedules - Listings Grid TVGuide.com.URL
[2014/08/30 15:58:33 | 005,541,888 | ---- | C] () -- C:\Users\owner\s-1-5-21-2731633163-1187809266-1330281862-1006.rrr
[2014/08/30 15:58:33 | 000,066,648 | ---- | C] () -- C:\Users\owner\ex.err
[2014/08/30 15:58:01 | 000,001,106 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/30 15:58:01 | 000,000,119 | -HS- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP (1).INI
[2014/08/30 11:30:59 | 006,688,368 | ---- | C] () -- C:\Users\owner\Documents\Windowstweaksguide.pdf
[2014/08/30 11:30:59 | 000,031,026 | ---- | C] () -- C:\Users\owner\Documents\Why do Americans still dislike atheists.odt
[2014/08/30 11:30:59 | 000,017,838 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2011-ods.axx
[2014/08/30 11:30:59 | 000,016,830 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2013-xlsx.axx
[2014/08/30 11:30:59 | 000,016,318 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2012-xlsx.axx
[2014/08/30 11:30:59 | 000,007,550 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2008-xls.axx
[2014/08/30 11:30:59 | 000,006,718 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2010-xls.axx
[2014/08/30 11:30:59 | 000,006,350 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2009-xls.axx
[2014/08/30 11:30:59 | 000,005,737 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2007-xls.axx
[2014/08/30 11:30:59 | 000,004,617 | ---- | C] () -- C:\Users\owner\Documents\Xmas-2006-xls.axx
[2014/08/30 11:30:56 | 000,039,611 | ---- | C] () -- C:\Users\owner\Documents\Watch Red Hot Riding Hood on Video (Theatrical Cartoon) at BCD.flv
[2014/08/30 11:30:55 | 000,278,176 | ---- | C] () -- C:\Users\owner\Documents\W9 form.pdf
[2014/08/30 11:30:53 | 000,020,890 | ---- | C] () -- C:\Users\owner\Documents\Valentines2011.odt
[2014/08/30 11:30:53 | 000,017,090 | ---- | C] () -- C:\Users\owner\Documents\Vigenere_Table.ods
[2014/08/30 11:30:52 | 000,013,709 | ---- | C] () -- C:\Users\owner\Documents\TomMorris.odt
[2014/08/30 11:30:52 | 000,000,055 | ---- | C] () -- C:\Users\owner\Documents\U571_16.eni
[2014/08/30 11:30:51 | 000,000,228 | ---- | C] () -- C:\Users\owner\Documents\TomLehrerAddress.rtf
[2014/08/30 11:30:50 | 000,014,411 | ---- | C] () -- C:\Users\owner\Documents\TheRainyDay.odt
[2014/08/30 11:30:50 | 000,012,326 | ---- | C] () -- C:\Users\owner\Documents\The Rainy Day.odt
[2014/08/30 11:30:50 | 000,002,343 | ---- | C] () -- C:\Users\owner\Documents\TheElements.rtf
[2014/08/30 11:28:41 | 003,725,144 | ---- | C] () -- C:\Users\owner\Documents\Symbiot pm 7-14-13.mp3
[2014/08/30 11:28:41 | 002,211,421 | ---- | C] () -- C:\Users\owner\Documents\rec_2013 226_8392_0001.mp3
[2014/08/30 11:28:41 | 000,834,746 | ---- | C] () -- C:\Users\owner\Documents\qw2688.pdf
[2014/08/30 11:28:41 | 000,725,670 | ---- | C] () -- C:\Users\owner\Documents\rimfire.pdf
[2014/08/30 11:28:41 | 000,671,327 | ---- | C] () -- C:\Users\owner\Documents\TeachingRiflePositions.pdf
[2014/08/30 11:28:41 | 000,568,320 | ---- | C] () -- C:\Users\owner\Documents\SpyTheme.mp3
[2014/08/30 11:28:41 | 000,276,620 | ---- | C] () -- C:\Users\owner\Documents\ss-5.pdf
[2014/08/30 11:28:41 | 000,060,038 | ---- | C] () -- C:\Users\owner\Documents\SalmonCertificate.odt
[2014/08/30 11:28:41 | 000,029,919 | ---- | C] () -- C:\Users\owner\Documents\Sling shots.odt
[2014/08/30 11:28:41 | 000,028,673 | ---- | C] () -- C:\Users\owner\Documents\Stroke.odt
[2014/08/30 11:28:41 | 000,022,053 | ---- | C] () -- C:\Users\owner\Documents\Quotes.odt
[2014/08/30 11:28:41 | 000,017,459 | ---- | C] () -- C:\Users\owner\Documents\redboxAddresses.ics
[2014/08/30 11:28:41 | 000,016,750 | ---- | C] () -- C:\Users\owner\Documents\Supernatural Episodes List-odt.axx
[2014/08/30 11:28:41 | 000,016,407 | ---- | C] () -- C:\Users\owner\Documents\Supernatural Episodes List.odt
[2014/08/30 11:28:41 | 000,016,257 | ---- | C] () -- C:\Users\owner\Documents\Spreadshirt.odt
[2014/08/30 11:28:41 | 000,014,731 | ---- | C] () -- C:\Users\owner\Documents\reminderfox.ics
[2014/08/30 11:28:41 | 000,012,364 | ---- | C] () -- C:\Users\owner\Documents\SupplyInventory.ods
[2014/08/30 11:28:41 | 000,012,128 | ---- | C] () -- C:\Users\owner\Documents\ScripList.ods
[2014/08/30 11:28:41 | 000,011,735 | ---- | C] () -- C:\Users\owner\Documents\Rose1.ods
[2014/08/30 11:28:41 | 000,011,579 | ---- | C] () -- C:\Users\owner\Documents\Rose1_V.ods
[2014/08/30 11:28:41 | 000,005,251 | ---- | C] () -- C:\Users\owner\Documents\TaxDispute.odt
[2014/08/30 11:28:41 | 000,002,574 | ---- | C] () -- C:\Users\owner\Documents\SS_Payee_Report.pdf
[2014/08/30 11:28:41 | 000,001,326 | ---- | C] () -- C:\Users\owner\Documents\ResumeStylesheet.css
[2014/08/30 11:28:41 | 000,000,000 | ---- | C] () -- C:\Users\owner\Documents\The 2013 Government Shutdown Wedding of the Century Pt. 2 - The Colbert Report - 2013-03-10 - Video Clip Comedy Centra.flv.ds
[2014/08/30 11:28:40 | 000,521,621 | ---- | C] () -- C:\Users\owner\Documents\PaellaRecipes.fdx
[2014/08/30 11:28:40 | 000,139,452 | ---- | C] () -- C:\Users\owner\Documents\PGRInsuranceIDCard.pdf
[2014/08/30 11:28:40 | 000,073,682 | ---- | C] () -- C:\Users\owner\Documents\phrases.pxp
[2014/08/30 11:28:40 | 000,071,847 | ---- | C] () -- C:\Users\owner\Documents\phrases.pxp.bak
[2014/08/30 11:28:40 | 000,015,167 | ---- | C] () -- C:\Users\owner\Documents\PIMCalendar.csv
[2014/08/30 11:28:40 | 000,009,972 | ---- | C] () -- C:\Users\owner\Documents\Python Cheat Sheet.odt
[2014/08/30 11:28:39 | 015,310,848 | ---- | C] () -- C:\Users\owner\Documents\My Information.effx
[2014/08/30 11:28:39 | 006,561,492 | ---- | C] () -- C:\Users\owner\Documents\NinaRidesAHorse_4.mp4
[2014/08/30 11:28:39 | 002,330,624 | ---- | C] () -- C:\Users\owner\Documents\My Information.eff
[2014/08/30 11:28:39 | 001,588,454 | ---- | C] () -- C:\Users\owner\Documents\Magellan_eXploristGC_UserHandbook.pdf
[2014/08/30 11:28:39 | 000,870,128 | ---- | C] () -- C:\Users\owner\Documents\mcs.rma
[2014/08/30 11:28:39 | 000,602,112 | ---- | C] () -- C:\Users\owner\Documents\MyNotes.enf
[2014/08/30 11:28:39 | 000,410,370 | ---- | C] () -- C:\Users\owner\Documents\More Christmas pictures 021.jpg
[2014/08/30 11:28:39 | 000,191,106 | ---- | C] () -- C:\Users\owner\Documents\insult-generator1.pdf
[2014/08/30 11:28:39 | 000,085,264 | ---- | C] () -- C:\Users\owner\Documents\J_M_Hi_0001_0001.mp3
[2014/08/30 11:28:39 | 000,085,264 | ---- | C] () -- C:\Users\owner\Documents\J_M_Hi_0001.mp3
[2014/08/30 11:28:39 | 000,071,496 | ---- | C] () -- C:\Users\owner\Documents\MatthewMacdonald.xml
[2014/08/30 11:28:39 | 000,054,215 | ---- | C] () -- C:\Users\owner\Documents\MESGraduation.edx
[2014/08/30 11:28:39 | 000,051,732 | ---- | C] () -- C:\Users\owner\Documents\lesson.01
[2014/08/30 11:28:39 | 000,019,220 | ---- | C] () -- C:\Users\owner\Documents\MattCribbSheet.odt
[2014/08/30 11:28:39 | 000,016,303 | ---- | C] () -- C:\Users\owner\Documents\LaurelsCheatSheet.ods
[2014/08/30 11:28:39 | 000,014,294 | ---- | C] () -- C:\Users\owner\Documents\OfCourseI.odt
[2014/08/30 11:28:39 | 000,013,871 | ---- | C] () -- C:\Users\owner\Documents\LibraryHours.odt
[2014/08/30 11:28:39 | 000,012,246 | ---- | C] () -- C:\Users\owner\Documents\MES_Psych_Project.odt
[2014/08/30 11:28:39 | 000,011,424 | ---- | C] () -- C:\Users\owner\Documents\MedsList_3_7.odt
[2014/08/30 11:28:39 | 000,011,197 | ---- | C] () -- C:\Users\owner\Documents\MeskinArmyCipher.odt
[2014/08/30 11:28:39 | 000,011,098 | ---- | C] () -- C:\Users\owner\Documents\JEdgarHoover.odt
[2014/08/30 11:28:39 | 000,011,071 | ---- | C] () -- C:\Users\owner\Documents\JEdgarAnalysis.ods
[2014/08/30 11:28:39 | 000,010,907 | ---- | C] () -- C:\Users\owner\Documents\lost and FOUND.odt
[2014/08/30 11:28:39 | 000,005,533 | ---- | C] () -- C:\Users\owner\Documents\MilitaryHierarchy.rtf
[2014/08/30 11:28:39 | 000,003,792 | ---- | C] () -- C:\Users\owner\Documents\Laurel'sFiber.rtf
[2014/08/30 11:28:39 | 000,003,279 | ---- | C] () -- C:\Users\owner\Documents\LooneyTunes.odb
[2014/08/30 11:28:39 | 000,002,641 | ---- | C] () -- C:\Users\owner\Documents\nyc.mmf
[2014/08/30 11:28:39 | 000,002,259 | ---- | C] () -- C:\Users\owner\Documents\my public key.asc
[2014/08/30 11:28:39 | 000,001,864 | ---- | C] () -- C:\Users\owner\Documents\MoreGunSafetyRules.rtf
[2014/08/30 11:28:39 | 000,000,893 | ---- | C] () -- C:\Users\owner\Documents\Invictus.rtf
[2014/08/30 11:28:39 | 000,000,471 | ---- | C] () -- C:\Users\owner\Documents\LivingCookBookLicenseFile.lix
[2014/08/30 11:28:38 | 001,627,443 | ---- | C] () -- C:\Users\owner\Documents\HomeVoiceStudio.pdf
[2014/08/30 11:28:38 | 000,043,693 | ---- | C] () -- C:\Users\owner\Documents\GoodRecipes.odt
[2014/08/30 11:28:38 | 000,037,616 | ---- | C] () -- C:\Users\owner\Documents\Hi.mp3
[2014/08/30 11:28:38 | 000,014,986 | ---- | C] () -- C:\Users\owner\Documents\GroceryShoppingReminder.odt
[2014/08/30 11:28:38 | 000,013,888 | ---- | C] () -- C:\Users\owner\Documents\GFT_Message.odt
[2014/08/30 11:28:38 | 000,010,125 | ---- | C] () -- C:\Users\owner\Documents\Hamburger Helper.odt
[2014/08/30 11:28:38 | 000,004,834 | ---- | C] () -- C:\Users\owner\Documents\HondaPaymentsX.ods
[2014/08/30 11:28:38 | 000,001,674 | ---- | C] () -- C:\Users\owner\Documents\GeorgeObit.rtf
[2014/08/30 11:28:38 | 000,001,525 | ---- | C] () -- C:\Users\owner\Documents\HTML_CSS_Example.html
[2014/08/30 11:28:38 | 000,001,073 | ---- | C] () -- C:\Users\owner\Documents\HTMLResume.html
[2014/08/30 11:28:37 | 001,601,262 | ---- | C] () -- C:\Users\owner\Documents\Edward.zbk
[2014/08/30 11:28:37 | 001,403,743 | ---- | C] () -- C:\Users\owner\Documents\First day.jpg
[2014/08/30 11:28:37 | 000,991,494 | ---- | C] () -- C:\Users\owner\Documents\cookbook.pdf
[2014/08/30 11:28:37 | 000,702,550 | ---- | C] () -- C:\Users\owner\Documents\Dads Parents.jpg
[2014/08/30 11:28:37 | 000,503,932 | ---- | C] () -- C:\Users\owner\Documents\color 1868 mch.jpg
[2014/08/30 11:28:37 | 000,284,522 | ---- | C] () -- C:\Users\owner\Documents\EarlandEddie.JPG
[2014/08/30 11:28:37 | 000,064,974 | ---- | C] () -- C:\Users\owner\Documents\current_event_template (1).odt
[2014/08/30 11:28:37 | 000,032,171 | ---- | C] () -- C:\Users\owner\Documents\ForeverYoung.rtf
[2014/08/30 11:28:37 | 000,028,992 | ---- | C] () -- C:\Users\owner\Documents\First day2.jpg
[2014/08/30 11:28:37 | 000,028,573 | ---- | C] () -- C:\Users\owner\Documents\Claire.odt
[2014/08/30 11:28:37 | 000,027,407 | ---- | C] () -- C:\Users\owner\Documents\crbal0607102.gif
[2014/08/30 11:28:37 | 000,027,407 | ---- | C] () -- C:\Users\owner\Documents\crbal060710.gif
[2014/08/30 11:28:37 | 000,024,286 | ---- | C] () -- C:\Users\owner\Documents\Dear Dr. Laura.odt
[2014/08/30 11:28:37 | 000,022,423 | ---- | C] () -- C:\Users\owner\Documents\Difference between jam vs. jelly vs. preserves.odt
[2014/08/30 11:28:37 | 000,021,789 | ---- | C] () -- C:\Users\owner\Documents\FoodSources.fdx
[2014/08/30 11:28:37 | 000,021,243 | ---- | C] () -- C:\Users\owner\Documents\Death Thoughts.odt
[2014/08/30 11:28:37 | 000,019,967 | ---- | C] () -- C:\Users\owner\Documents\GarbonzoBeans.odt
[2014/08/30 11:28:37 | 000,019,700 | ---- | C] () -- C:\Users\owner\Documents\Econ_Honors_Current_Event_Assignment.odt
[2014/08/30 11:28:37 | 000,017,464 | ---- | C] () -- C:\Users\owner\Documents\FrequencyAnalysis.odt
[2014/08/30 11:28:37 | 000,016,938 | ---- | C] () -- C:\Users\owner\Documents\fireamrsfacts.rtf
[2014/08/30 11:28:37 | 000,012,873 | ---- | C] () -- C:\Users\owner\Documents\ElliotShiftCode.ods
[2014/08/30 11:28:37 | 000,011,831 | ---- | C] () -- C:\Users\owner\Documents\Death In Tehran.odt
[2014/08/30 11:28:37 | 000,011,432 | ---- | C] () -- C:\Users\owner\Documents\CODEBOOK3.odt
[2014/08/30 11:28:37 | 000,010,906 | ---- | C] () -- C:\Users\owner\Documents\Clouds.rtf
[2014/08/30 11:28:37 | 000,009,601 | ---- | C] () -- C:\Users\owner\Documents\Cooking Bucket List.odt
[2014/08/30 11:28:37 | 000,009,358 | ---- | C] () -- C:\Users\owner\Documents\Excelsior-docx.axx
[2014/08/30 11:28:37 | 000,009,229 | ---- | C] () -- C:\Users\owner\Documents\EnigmaCodeSheet_2.pdf
[2014/08/30 11:28:37 | 000,009,229 | ---- | C] () -- C:\Users\owner\Documents\EnigmaCodeSheet.pdf
[2014/08/30 11:28:37 | 000,008,089 | ---- | C] () -- C:\Users\owner\Documents\clipdat2.rdf
[2014/08/30 11:28:37 | 000,001,959 | ---- | C] () -- C:\Users\owner\Documents\CooperonP35.rtf
[2014/08/30 11:28:37 | 000,001,433 | ---- | C] () -- C:\Users\owner\Documents\Fidlinaround.html
[2014/08/30 11:28:37 | 000,001,134 | ---- | C] () -- C:\Users\owner\Documents\Documents - Shortcut.lnk
[2014/08/30 11:28:37 | 000,001,046 | ---- | C] () -- C:\Users\owner\Documents\Documents.lnk
[2014/08/30 11:28:37 | 000,000,622 | ---- | C] () -- C:\Users\owner\Documents\emailAttachment1-txt.axx
[2014/08/30 11:28:37 | 000,000,145 | ---- | C] () -- C:\Users\owner\Documents\Edward.adu
[2014/08/30 11:28:37 | 000,000,000 | -H-- | C] () -- C:\Users\owner\Documents\Default.rdp
[2014/08/30 11:28:36 | 000,062,206 | ---- | C] () -- C:\Users\owner\Documents\cc_20111017_001502.reg
[2014/08/30 11:28:36 | 000,035,060 | ---- | C] () -- C:\Users\owner\Documents\cc_20130328_162448.reg
[2014/08/30 11:28:36 | 000,031,082 | ---- | C] () -- C:\Users\owner\Documents\Calvin.gif
[2014/08/30 11:28:36 | 000,013,908 | ---- | C] () -- C:\Users\owner\Documents\Chores Checklist.odt
[2014/08/30 11:28:36 | 000,013,208 | ---- | C] () -- C:\Users\owner\Documents\cc_20110421_084916.reg
[2014/08/30 11:28:36 | 000,013,188 | ---- | C] () -- C:\Users\owner\Documents\ChristmasBirthdayThankyous2011.odt
[2014/08/30 11:28:36 | 000,012,992 | ---- | C] () -- C:\Users\owner\Documents\cc_20120209_013912.reg
[2014/08/30 11:28:36 | 000,009,450 | ---- | C] () -- C:\Users\owner\Documents\cc_20111103_232649.reg
[2014/08/30 11:28:36 | 000,003,692 | ---- | C] () -- C:\Users\owner\Documents\cc_20120414_123258.reg
[2014/08/30 11:28:35 | 024,578,056 | ---- | C] () -- C:\Users\owner\Documents\bb_pac20.pdf
[2014/08/30 11:28:35 | 001,920,908 | ---- | C] () -- C:\Users\owner\Documents\Bread Baker's Bible Traditional Bread Recipes From Around the World.pdf
[2014/08/30 11:28:35 | 000,226,479 | ---- | C] () -- C:\Users\owner\Documents\bookmarks.html
[2014/08/30 11:28:35 | 000,153,600 | ---- | C] () -- C:\Users\owner\Documents\Backup of Reloading.xlk
[2014/08/30 11:28:35 | 000,149,497 | ---- | C] () -- C:\Users\owner\Documents\Amazon.pdf
[2014/08/30 11:28:35 | 000,076,313 | ---- | C] () -- C:\Users\owner\Documents\bookmarks_2_2_13.html
[2014/08/30 11:28:35 | 000,067,156 | ---- | C] () -- C:\Users\owner\Documents\Alpha2.rpb
[2014/08/30 11:28:35 | 000,065,536 | ---- | C] () -- C:\Users\owner\Documents\Anniversary2007.hcr
[2014/08/30 11:28:35 | 000,020,127 | ---- | C] () -- C:\Users\owner\Documents\BakedZiti.odt
[2014/08/30 11:28:35 | 000,017,949 | ---- | C] () -- C:\Users\owner\Documents\AlphabetFrequency.ods
[2014/08/30 11:28:35 | 000,013,279 | ---- | C] () -- C:\Users\owner\Documents\Animaniacs Episodes.odt
[2014/08/30 11:28:35 | 000,011,448 | ---- | C] () -- C:\Users\owner\Documents\Basic Chili.odt
[2014/08/30 11:28:35 | 000,000,937 | ---- | C] () -- C:\Users\owner\Documents\BBQBakedBeansDoubled.rtf
[2014/08/30 11:28:34 | 000,602,901 | ---- | C] () -- C:\Users\owner\Documents\AddicktedToBBQ.pdf
[2014/08/30 11:28:34 | 000,082,016 | ---- | C] () -- C:\Users\owner\Documents\ACA_ReadingList.pdf
[2014/08/30 11:28:34 | 000,067,059 | ---- | C] () -- C:\Users\owner\Documents\01_sitting_in_stillness.pdf
[2014/08/30 11:28:34 | 000,041,970 | ---- | C] () -- C:\Users\owner\Documents\2ndAmmendment.odt
[2014/08/30 11:28:34 | 000,016,579 | ---- | C] () -- C:\Users\owner\Documents\addresses.eml
[2014/08/30 11:28:34 | 000,004,770 | ---- | C] () -- C:\Users\owner\Documents\address1.csv
[2014/08/30 11:28:34 | 000,002,259 | ---- | C] () -- C:\Users\owner\Documents\0x745D82C6.asc
[2014/08/30 11:28:34 | 000,000,484 | ---- | C] () -- C:\Users\owner\Documents\1911UpgradeParts.rtf
[2014/08/30 11:27:19 | 000,002,237 | ---- | C] () -- C:\Users\owner\Desktop\Kindle.lnk
[2014/08/30 11:27:19 | 000,000,297 | ---- | C] () -- C:\Users\owner\Desktop\HP Printer Diagnostic Tools.url
[2014/08/30 11:27:19 | 000,000,211 | ---- | C] () -- C:\Users\owner\Desktop\My Book Live Duo Public Share.url
[2014/08/30 11:27:19 | 000,000,206 | ---- | C] () -- C:\Users\owner\Desktop\My Book Live Duo Learning Center.url
[2014/08/30 11:27:19 | 000,000,203 | ---- | C] () -- C:\Users\owner\Desktop\My Book Live Duo Dashboard.url
[2014/08/30 11:27:19 | 000,000,136 | ---- | C] () -- C:\Users\owner\Desktop\Chess Titans.lnk
[2014/08/30 11:22:51 | 000,060,928 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/30 11:22:51 | 000,000,037 | -HS- | C] () -- C:\Users\owner\AppData\Local\70149b02515b3bb20dd492.47983420
[2014/08/30 11:22:51 | 000,000,037 | -HS- | C] () -- C:\Users\owner\AppData\Local\69ff07055291669bb2b218.72821112
[2014/08/30 11:21:01 | 000,007,577 | ---- | C] () -- C:\Users\owner\clipdat2.rdf
[2014/08/30 11:21:01 | 000,000,238 | ---- | C] () -- C:\Users\owner\.swfinfo
[2014/08/30 11:21:01 | 000,000,218 | ---- | C] () -- C:\Users\owner\.recently-used.xbel
[2014/08/30 11:19:56 | 000,007,604 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2014/08/28 18:04:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2014/08/28 17:00:12 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/28 17:00:02 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/08/28 17:00:02 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2014/08/28 16:59:54 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/08/28 16:59:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/08/28 16:58:45 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/08/28 16:58:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/08/28 16:58:15 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/28 16:57:17 | 000,001,104 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/08/28 16:57:17 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[2014/08/28 16:57:17 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/08/28 16:57:15 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/08/28 16:56:09 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/08/28 16:56:09 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/08/28 16:55:55 | 000,001,169 | ---- | C] () -- C:\Users\owner\Desktop\Auslogics DiskDefrag.lnk
[2014/08/28 16:53:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/28 16:53:12 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/28 16:53:11 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/28 16:52:47 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/08/28 16:52:47 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/28 16:31:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/08/28 16:30:10 | 2060,771,327 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/28 16:17:29 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/08/28 15:50:51 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/08/28 15:23:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/08/28 14:44:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/08/28 14:32:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/08/28 14:01:02 | 000,798,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/28 13:55:06 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/08/28 13:55:06 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/08/28 13:36:21 | 000,001,413 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/08/28 13:35:47 | 000,000,290 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/08/28 13:35:47 | 000,000,272 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/08/13 13:15:44 | 000,045,384 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2014/08/11 22:30:50 | 003,916,288 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2014/08/11 22:30:10 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/08/11 22:29:36 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2014/08/11 22:29:16 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2014/08/11 22:29:16 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2014/08/11 22:29:14 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2014/08/11 22:29:14 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2014/08/11 22:29:14 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2014/08/11 22:29:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2014/08/11 22:29:12 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2014/06/12 06:49:24 | 000,240,784 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2014/05/21 00:33:38 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/05/21 00:33:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/21 00:33:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/04/08 16:50:26 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/04/08 16:50:16 | 000,632,320 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/12/16 22:19:30 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/12/16 22:15:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll
[2013/12/16 22:15:32 | 000,000,236 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2013/12/16 22:15:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\bass_tak.dll

========== ZeroAccess Check ==========

[2014/08/31 12:04:57 | 000,000,596 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\dzkzfprx.default\dzkzfprx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2014/08/31 12:04:57 | 000,000,596 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Thunderbird\Profiles\OLDdzkzfprx.default\dzkzfprx.default\dzkzfprx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:06:10 | 014,179,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:37:22 | 012,877,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/09/26 22:52:49 | 000,843,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/09/26 21:14:40 | 000,634,880 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/09/26 22:50:16 | 000,435,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 649 bytes -> C:\Users\owner\Documents\addresses.eml:OECustomProperty

< End of report >
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 15th, 2014, 11:33 pm

OTL Extras logfile created on: 9/15/2014 11:01:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 77.30% Memory free
15.78 Gb Paging File | 13.68 Gb Available in Paging File | 86.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 491.82 Gb Free Space | 52.80% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 250.02 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
Drive G: | 7.39 Gb Total Space | 5.36 Gb Free Space | 72.47% Space Free | Partition Type: FAT32
Drive H: | 14.90 Gb Total Space | 10.14 Gb Free Space | 68.07% Space Free | Partition Type: FAT32

Computer Name: PHOENIX-ASUS | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38C886F0-7580-40D5-AAD0-F3D23D59BFEB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39FD1A44-A9F1-4AE7-ADEC-51667261F50E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F781E06-F596-4B9B-824E-5884368AE6B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4944139A-A410-4224-88B8-4E76548BC627}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F67AD40-862D-40E4-9231-ABDB291E74E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{72B4B4A0-39B8-42D4-9289-07BD800AD6A0}" = lport=139 | protocol=6 | dir=in | app=system |
"{795C9ADA-240B-4781-8107-1283C1CDD709}" = rport=139 | protocol=6 | dir=out | app=system |
"{9761B0A8-6345-49BB-A49A-9C532BE615CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D2F5B99-30F3-4496-8531-C2431B5E9465}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F120007-EF6B-4615-B4EA-D870537E867C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F84C0C9-4096-4388-B5AC-1670E9C9AB22}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B1F7C2A6-5EC4-45BF-8D7B-12F93FDACFAC}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2D3ABD7-B50D-4C66-8758-EADB32C9F7AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8DC2844-0CD9-4FE7-9212-DB3B4C04E471}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB8B2E12-685B-4AC6-8E45-9714C6A7E21D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{386E9B74-0B01-461A-A5E3-F18F24B52019}" = protocol=17 | dir=in | app=c:\program files (x86)\efficientpim\efficientpim.exe |
"{3E15D6D2-6C36-4433-A20D-DB4F23D21900}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5F725C1E-A5DC-419C-8E69-031A0B937E24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E0BF77B-6FCF-4A8B-B683-00DF14511D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\efficientpim\efficientpim.exe |
"{716F0095-0132-4410-A724-1E7320A62A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{742AE763-CEB9-4631-BD17-1B0670BE1625}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{74A46053-6587-48F1-8E2E-B93421617325}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8A7E580E-30DE-4D51-8E58-FDE957C9BAD7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9EB07DDF-5F81-47AC-A187-43C57156920C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0C4CD38-C708-4668-84CB-83285A42B33B}" = protocol=17 | dir=in | app=c:\program files\bitdefender\antivirus free edition\gziface.exe |
"{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{B4232312-C9E4-4AE2-8967-2823728D5B32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{BD563BDE-E472-4068-9B48-27F909E8FD94}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{CD8B51D4-8BC4-4F9F-8D0D-248130B3B6A9}" = protocol=6 | dir=in | app=c:\program files\bitdefender\antivirus free edition\gziface.exe |
"{D3B19047-B493-45E3-8E57-5549112B4FC7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D6380B10-4C34-448A-9F02-3509522BB3AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB309ED6-E961-4E56-BF2A-EAB88AC56DB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DB96CB04-9157-4D83-9907-1E78962D28A4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{E57C8FA9-D443-464D-9E53-55D6523CBC3E}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{EAEEE763-0E8A-414E-AB47-E077E5C27035}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9EFFA03-DF88-47A1-986F-90345215EC48}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"TCP Query User{C7C40E52-145D-43DF-A703-0A92F748A3D7}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{0BF5BFB0-66D2-4861-A27D-AF5221EDE6FE}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{526B3DDC-6891-4F43-8F64-8B83DC9E4848}" = VyprVPN
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}" = AxCrypt 1.7.3156.0
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"19BB77B03643718D26B01876FD391DC93B189805" = Windows Driver Package - ASUS (ATP) Mouse (10/13/2012 1.0.0.146)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5E326DEC-2D1F-30C1-AAC0-9716A5DA7707}" = Google Chrome
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AI RoboForm" = RoboForm 7-9-9-1 (All Users)
"EfficientPIM_is1" = EfficientPIM 3.71
"Glary Utilities 5" = Glary Utilities 5.6
"GPG4Win" = Gpg4win (2.2.2)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Mozilla Thunderbird 31.1.1 (x86 en-US)" = Mozilla Thunderbird 31.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Password Safe" = Password Safe
"PhraseExpress_is1" = PhraseExpress v10.5.16
"Picasa 3" = Picasa 3
"SolveigMM Video Splitter Home Edition 4.0.1401.28" = SolveigMM Video Splitter Home Edition
"Stardock Fences 2" = Stardock Fences 2
"Steam" = Steam
"TeamViewer 9" = TeamViewer 9
"teawl211_is1" = TEA Crossword Helper 2.11
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VeraCrypt" = VeraCrypt
"VLC media player" = VLC media player
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3057
Description = The plug-in manager <MSSearch.IpsPi> cannot be initialized. Context:
Windows Application Details: (HRESULT : 0x800401f3) (0x800401f3)

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3029
Description = The plug-in in <MSSearch.IpsPi> cannot be initialized. Context: Windows
Application, SystemIndex Catalog Details: The specified object cannot be found. Specify
the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The specified object cannot be found. Specify the name
of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
specified object cannot be found. Specify the name of an existing object. (HRESULT
: 0x80040d06) (0x80040d06)

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The specified object cannot
be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


Error - 9/15/2014 11:00:13 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3057
Description = The plug-in manager <MSSearch.IpsPi> cannot be initialized. Context:
Windows Application Details: (HRESULT : 0x800401f3) (0x800401f3)

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3029
Description = The plug-in in <MSSearch.IpsPi> cannot be initialized. Context: Windows
Application, SystemIndex Catalog Details: The specified object cannot be found. Specify
the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The specified object cannot be found. Specify the name
of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
specified object cannot be found. Specify the name of an existing object. (HRESULT
: 0x80040d06) (0x80040d06)

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The specified object cannot
be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


[ System Events ]
Error - 9/15/2014 10:12:18 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218170.

Error - 9/15/2014 10:12:18 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
37 time(s).

Error - 9/15/2014 10:47:35 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218170.

Error - 9/15/2014 10:47:35 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
38 time(s).

Error - 9/15/2014 10:59:56 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218170.

Error - 9/15/2014 10:59:56 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
39 time(s).

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218170.

Error - 9/15/2014 10:59:59 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
40 time(s).

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218170.

Error - 9/15/2014 11:00:14 PM | Computer Name = Phoenix-ASUS | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
41 time(s).


< End of report >
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 17th, 2014, 11:42 pm

Hi SpecialEd19,

Zoek did exactly what it was designed to do and that is remove malware and malware corrupted items.

Please run the following:

Step 1.
Registry Backup (TCRB)

tweaking.com_registry_backup_setup.exe Should still be on your desktop.

  1. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"=-
    [HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE"=-
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
    [HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot]
    "C:\Users\owner\Desktop\µTorrent.lnk"=-
    [HKEY_CURRENT_USER\Software\uTorrentPlus]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File]
    [HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks]
    "C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE"=-
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
    [HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot]
    "C:\Users\owner\Desktop\µTorrent.lnk"=-
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\uTorrentPlus]
    [HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}"=-
    "{F9EFFA03-DF88-47A1-986F-90345215EC48}"=-
    
    :Files
    C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_torrentfreak.com_0.localstorage
    C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_torrentfreak.com_0.localstorage
    C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.torrentfunk.com_0.localstorage
    C:\Users\owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\J3DG36PS\bundles.bittorrent[1].xml
    C:\Users\owner\Documents\CoffeeCup Software\Graphics\Icons\Torrent File Type 2.png
    C:\Users\owner\Documents\My eBooks\Beyond Band Of Brothers (385)\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\Al Stewart\~uTorrentPartFile_E7E250E9.dat
    C:\Users\owner\Music\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\h33t - Torrents by [schon55].url
    C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\Scans\Torrent_downloaded_from_Demonoid.com.txt
    C:\Users\owner\Music\Glenn Gould\bernstein symphony edition disc 6-10\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\Glenn Gould\bernstein_symphony_edition\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\Glenn Gould\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\Handel Concerti grossi Op6 - Berliner Philharmoniker, Karajan\Torrent downloaded from Demonoid.com.txt
    C:\Users\owner\Music\iTunes\iTunes Music\Star Wars; The Old Republic; Fatal Alliance (Unabridged)_\Torrent downloaded from Demonoid.com.txt
    C:\Users\owner\Music\Leonard Cohen\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Music\LITTLE FEAT - Lowell years (9+2=11cd)\~BitTorrentPartFile_2A4BEDFB.dat
    C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com]\WWW.ToRReNTaZoS.CoM,Tu Chat Mas Divertido y Los Enlaces Bittorrent Mas Actuales!.url
    C:\Users\owner\Music\Ry Cooder-1970-1992\Ry Cooder. - Crossroads(FLAC)(oan)\Torrent downloaded from Demonoid.com.txt
    C:\Users\owner\Music\Stevie Wonder - Greatest Hits CDRip [Bubanee]\Torrent downloaded from Demonoid.me.txt
    C:\Users\owner\Videos\The Tracker\The Tracker.torrent
    C:\Users\owner\Videos\The Tracker\The Tracker.torrent.torrent
    C:\Users\owner\AppData\Local\Temp\iobit-db-license-tmp
    C:\Users\owner\AppData\LocalLow\IObit
    C:\Users\owner\AppData\Local\VirtualStore\WINDOWS\SysWOW64\BITS\Torrent
    C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UNFR8DPB\www.youtorrent.com
    C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtorrent.com
    C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]
    C:\Users\owner\Music\Gregorian - O Fortuna 2010.www.loKoTorrents.com
    C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com]
    C:\Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com
    C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]
    C:\Users\owner\Music\Amazon MP3\Procol Harum - Secrets Of The Hive (The Best Of) [2007] - Rock.www.lokotorrents.com
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 3.
SystemLook should still be on your Desktop.
  • Right mouse click SystemLook.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Copy and paste the content of the following codebox into the main textfield:
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *searchab*
    *frostwire*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *OpenCandy*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *Tarma*
    *torrent*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *searchab*
    *smartbar*
    *frostwire*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *OpenCandy*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *torrent*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    searchab
    frostwire
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    OpenCandy
    Searchqu
    Searchnu
    smartbar
    Tarma
    torrent
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 18th, 2014, 12:28 am

Thanks wbg, it seems to be working a bit better. Not the speeds I want or am used to but it doesn't seem to be just hanging and hanging and not connecting to a site like it used to... for now, it has been sporadic after all with a bit more off than on.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot\\C:\Users\owner\Desktop\µTorrent.lnk deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Torrent File\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe not found.
Registry value HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\BillP Studios\Detected\ActiveTasks\\C:\Users\owner\AppData\Roaming\uTorrent\VIRUSGUARD\BITTORRENTANTIVIRUS.EXE not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\DOMStorage\bundles.bittorrent.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3053eb40_0\ not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b36eb89a_0\ not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c67ead29_0\ not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\ not found.
Registry value HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot\\C:\Users\owner\Desktop\µTorrent.lnk not found.
Registry key HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\uTorrentPlus\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe not found.
Registry value HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3394F11-2305-4A41-B0B9-EDEC8A0A68AD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9EFFA03-DF88-47A1-986F-90345215EC48} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9EFFA03-DF88-47A1-986F-90345215EC48}\ not found.
========== FILES ==========
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_torrentfreak.com_0.localstorage moved successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_torrentfreak.com_0.localstorage moved successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.torrentfunk.com_0.localstorage moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\J3DG36PS\bundles.bittorrent[1].xml moved successfully.
C:\Users\owner\Documents\CoffeeCup Software\Graphics\Icons\Torrent File Type 2.png moved successfully.
C:\Users\owner\Documents\My eBooks\Beyond Band Of Brothers (385)\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\Al Stewart\~uTorrentPartFile_E7E250E9.dat moved successfully.
C:\Users\owner\Music\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\h33t - Torrents by [schon55].url moved successfully.
C:\Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\Scans\Torrent_downloaded_from_Demonoid.com.txt moved successfully.
C:\Users\owner\Music\Glenn Gould\bernstein symphony edition disc 6-10\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\Glenn Gould\bernstein_symphony_edition\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\Glenn Gould\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\Handel Concerti grossi Op6 - Berliner Philharmoniker, Karajan\Torrent downloaded from Demonoid.com.txt moved successfully.
C:\Users\owner\Music\iTunes\iTunes Music\Star Wars; The Old Republic; Fatal Alliance (Unabridged)_\Torrent downloaded from Demonoid.com.txt moved successfully.
C:\Users\owner\Music\Leonard Cohen\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Music\LITTLE FEAT - Lowell years (9+2=11cd)\~BitTorrentPartFile_2A4BEDFB.dat moved successfully.
C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com]\WWW.ToRReNTaZoS.CoM,Tu Chat Mas Divertido y Los Enlaces Bittorrent Mas Actuales!.url moved successfully.
C:\Users\owner\Music\Ry Cooder-1970-1992\Ry Cooder. - Crossroads(FLAC)(oan)\Torrent downloaded from Demonoid.com.txt moved successfully.
C:\Users\owner\Music\Stevie Wonder - Greatest Hits CDRip [Bubanee]\Torrent downloaded from Demonoid.me.txt moved successfully.
C:\Users\owner\Videos\The Tracker\The Tracker.torrent moved successfully.
C:\Users\owner\Videos\The Tracker\The Tracker.torrent.torrent moved successfully.
C:\Users\owner\AppData\Local\Temp\iobit-db-license-tmp folder moved successfully.
C:\Users\owner\AppData\LocalLow\IObit\SafeBrowse folder moved successfully.
C:\Users\owner\AppData\LocalLow\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\owner\AppData\LocalLow\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\owner\AppData\LocalLow\IObit folder moved successfully.
C:\Users\owner\AppData\Local\VirtualStore\WINDOWS\SysWOW64\BITS\Torrent folder moved successfully.
File\Folder C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UNFR8DPB\www.youtorrent.com not found.
File\Folder C:\Users\owner\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtorrent.com not found.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD4\cd 4 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD4 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD3\cd 3 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD3 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD2\cd 2 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD2 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD1\cd 1 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD1 folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection folder moved successfully.
C:\Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] folder moved successfully.
File\Folder C:\Users\owner\Music\Gregorian - O Fortuna 2010.www.loKoTorrents.com not found.
C:\Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com] folder moved successfully.
C:\Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com\CD2 folder moved successfully.
C:\Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com\CD1 folder moved successfully.
C:\Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD4\cd 4 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD4 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD3\cd 3 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD3 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD2\cd 2 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD2 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD1\cd 1 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection\CD1 folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3]\Compact Disc Club - Classic Jazz Collection folder moved successfully.
C:\Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] folder moved successfully.
C:\Users\owner\Music\Amazon MP3\Procol Harum - Secrets Of The Hive (The Best Of) [2007] - Rock.www.lokotorrents.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: owner
->Temp folder emptied: 110853317 bytes
->Temporary Internet Files folder emptied: 1006836 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130275312 bytes
->Google Chrome cache emptied: 232778035 bytes
->Flash cache emptied: 57801 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39656739 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 4780900425 bytes

Total Files Cleaned = 5,050.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09172014_235341

Files\Folders moved on Reboot...
C:\Users\owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby SpecialEd19 » September 18th, 2014, 12:30 am

SystemLook 30.07.11 by jpshortstuff
Log created at 00:01 on 18/09/2014 by owner
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\extensions\{9ef1e09b-d4b2-4a55-ac3e-1cb330546bec}\chrome\skin\classic\images\babylon.png --a---- 1220 bytes [20:05 30/08/2014] [18:46 16/09/2009] F6899F1996E9B930E87042905CCD23BC
C:\Users\owner\Music\Bob Marley & The Wailers\Survival [Bonus Track]\04 Babylon System.mp3 --a---- 5524409 bytes [17:35 30/08/2014] [21:45 29/07/2012] 6A5517F399435B0699270D92EA256370
C:\Users\owner\Music\Downloads\Jean-Luc Ponty\Imaginary Voyage\The Gardens Of Babylon.mp3 --a---- 9836672 bytes [17:39 30/08/2014] [18:02 14/12/2008] 2421909AFE68BB1B3A14FE6C4ECD682E
C:\Users\owner\Music\iTunes\iTunes Media\Music\Cracker\The Golden Age\07 Dixie Babylon.m4a --a---- 15243181 bytes [17:50 30/08/2014] [23:33 25/12/2012] 63E1CFD98421DC43E6964C3EF6F7696C
C:\Users\owner\Music\My Music\Cracker\The Golden Age\07 Dixie Babylon.wma --a---- 6925973 bytes [20:10 30/08/2014] [19:09 25/12/2010] 345F6D11AE9E209DCA2DCC4086DDE935
C:\Users\owner\Music\My Music\Downloads\Jean-Luc Ponty\Imaginary Voyage\The Gardens Of Babylon.mp3 --a---- 9836672 bytes [20:11 30/08/2014] [18:02 14/12/2008] 2421909AFE68BB1B3A14FE6C4ECD682E
C:\Users\owner\Music\My Music\Johnny Clegg & Savuka\Heat, Dust and Dreams\09 Foreign Nights (Working Dog in Babylon).wma --a---- 4230853 bytes [20:15 30/08/2014] [19:19 25/12/2010] 01BA2C72DFC3E201FDFEB790A7745B5B

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1500748_1496227_US.xml.vir --a---- 188 bytes [15:27 30/08/2014] [19:41 23/05/2013] 21FC0D0C80C7C796B8CDEF0C7F99D3F3
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml.vir --a---- 10909 bytes [20:04 30/08/2014] [03:27 07/04/2011] 1B3B574AA349758343D3C80787B9739E
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\chrome\conduitengine.jar.vir --a---- 729935 bytes [20:05 30/08/2014] [19:30 13/03/2011] 4A2D55615F60C3A00E03ECFD39224EC5
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js.vir --a---- 16435 bytes [20:05 30/08/2014] [19:30 13/03/2011] FA0D9E1396C227B8697E41996A95912B
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt.vir --a---- 166 bytes [20:05 30/08/2014] [19:30 13/03/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.idl.vir --a---- 152 bytes [20:05 30/08/2014] [19:30 13/03/2011] 33D4D4337895FCA507DF937B5980D41A
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.js.vir --a---- 2389 bytes [20:05 30/08/2014] [19:30 13/03/2011] 6A2C72DF1348F39C0CE44E1B8C10F5CE
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\components\ConduitToolbar.xpt.vir --a---- 140 bytes [20:05 30/08/2014] [19:30 13/03/2011] DFFE26916941DE0A33E503FD38008290
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.gif.vir --a---- 173 bytes [20:05 30/08/2014] [19:30 13/03/2011] 225B6898AE7D6E0CE88B3FE57BD750F2
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.ico.vir --a---- 1406 bytes [20:05 30/08/2014] [19:30 13/03/2011] A23164BA794BE61799C67423F56C9163
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.PNG.vir --a---- 255 bytes [20:05 30/08/2014] [19:30 13/03/2011] AF3A51D0B8D6F04EE33307A654560DBE
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.src.vir --a---- 328 bytes [20:05 30/08/2014] [19:30 13/03/2011] 43317CC423A502C077AD68F838249117
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com\searchplugin\conduit.xml.vir --a---- 913 bytes [20:05 30/08/2014] [19:30 13/03/2011] 4E45A93B99F44F41EADFB167FB85FB02
C:\Users\owner\AppData\LocalLow\Siber Systems\RoboForm\UserData\(Conduit).rfb --a---- 231 bytes [17:23 30/08/2014] [18:35 20/05/2012] F18D7BB7EB1FC140F6D01D8ACDA8A9C7
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@apps.conduit[2].txt --a---- 344 bytes [20:05 30/08/2014] [01:28 05/04/2011] 6D6898417F138E3328B3291BEDAE4EAE
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@search.conduit[1].txt --a---- 272 bytes [20:05 30/08/2014] [01:28 05/04/2011] CB3D583D16E44A7CAB69220660626C58
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\specialed@search.conduit[1].txt --a---- 272 bytes [20:05 30/08/2014] [03:27 07/04/2011] 2D0F58941C2FB048F17FA68541A57280
C:\Users\owner\Documents\My RoboForm Data\Default Profile\(Conduit).rfb --a---- 231 bytes [17:23 30/08/2014] [18:35 20/05/2012] F18D7BB7EB1FC140F6D01D8ACDA8A9C7

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
C:\Users\owner\Favorites\BBQ\New database BBQ Team Names searchable,verified.URL --a---- 128 bytes [20:07 30/08/2014] [20:13 05/01/2011] FEE6D6423A987C913253478D67E180F0

Searching for "*frostwire*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5\frostwire.props --a---- 934 bytes [18:18 02/09/2014] [18:21 02/09/2014] 38E6386ECD080A96B5CA55237DE3671B
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe --a---- 24084000 bytes [18:18 02/09/2014] [18:19 02/09/2014] C85DBEDE673A0F3700141932A66619FA
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\Users\owner\NTUSER.DAT.iobit --a---- 10317824 bytes [15:21 30/08/2014] [18:18 25/07/2014] 3187D54024B1596ED9E0A87D30FAF676
C:\Users\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit --a---- 12627968 bytes [15:24 30/08/2014] [18:18 25/07/2014] 4F36037CF99291C732B5571903FDC5A8
C:\Users\owner\Favorites\IObit Freeware.url --a---- 136 bytes [15:28 30/08/2014] [19:43 23/05/2013] 023A41F6A34847F5F85AD1EB7B76E18F

Searching for "*Iminent*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
C:\Users\owner\Music\Amazon MP3\David Bowie\The Rise and Fall of Ziggy Stardust and the Spiders from Mars (40th Anniversary Edition) [Remastered] (Remastered)\04 - Starman(1).mp3 --a---- 7862471 bytes [17:26 30/08/2014] [17:03 26/07/2012] 3986966697E75A9FA649AB3362A02C69

Searching for "*torrent*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Arthur.[2011].[English].DvDrip.torrent --a---- 14421 bytes [20:04 30/08/2014] [18:40 08/04/2011] B799066FD2297FFF6C4DC3CE629FDD93
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Comedy - Stand-Up - Louis CK (One Night Stand).trg.avi.torrent --a---- 30918 bytes [20:04 30/08/2014] [22:59 02/04/2011] 1D6982E04615F122CFB09AFFE5DAD0A9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Eureka Season 4.0 Complete.torrent --a---- 141977 bytes [20:04 30/08/2014] [13:19 31/03/2011] AACCD76F4CE72682197FB45FB34EE9F2
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Brown 2009 DVDRip.avi.torrent --a---- 28655 bytes [20:04 30/08/2014] [01:07 06/04/2011] F65498D57D834A6D2D7CA227CC9E972D
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter and the Deathly Hallows (2010).torrent --a---- 14796 bytes [20:04 30/08/2014] [01:56 01/04/2011] 29503564829EFF2C35F49D8F1F33BF2B
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter And The Deathly Hallows Part I (DVDRip] 2010 [ENGL)-FUSiON.torrent --a---- 8613 bytes [20:04 30/08/2014] [21:01 06/04/2011] 04B9FEC3A630EFF3AC3DC427AC3D01D4
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry Potter and the Deathly Hallows Part1 2010 BRRip XviD AC3-SANTi.torrent --a---- 12156 bytes [20:04 30/08/2014] [01:53 01/04/2011] EBFFC15876608CA3FEE2358D6FBC458F
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Harry.Potter.And.The.Deathly.Hallows.Part.1.2010.BRRip.XviD.AC3-KiNGS.torrent --a---- 20468 bytes [20:04 30/08/2014] [18:48 07/04/2011] A3E06A0A18B05DA18FA05032B8B937D7
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\HBO.Presents.Louis.CK.Shameless.HDTV.XviD-Kyr.torrent --a---- 16589 bytes [20:04 30/08/2014] [00:17 03/04/2011] 882CBE1749D4FA5CDA4CA930890DE7B7
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Justified - Season 1.torrent --a---- 25122 bytes [20:04 30/08/2014] [02:36 02/04/2011] A5959B06CD941CA56E40BFC3233CA8D8
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Louis.CK-Chewed.Up(2008)DvdScr[MiNdSkiN]1337x.torrent --a---- 14553 bytes [20:04 30/08/2014] [00:01 03/04/2011] F5D4790C763E54451AC78406371520D4
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Robot Chicken - Season 1.torrent --a---- 22272 bytes [20:04 30/08/2014] [21:20 06/04/2011] A51552B7575D5864B7E3A7D8E855D91A
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory Season 3 [Complete Season] -Cyberpiraten-.torrent --a---- 22449 bytes [20:04 30/08/2014] [23:06 03/04/2011] FFDA3699C5F6C4FD46CFB41AC76A6A82
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory Season 4 Episodes 1 - 11.torrent --a---- 20795 bytes [20:04 30/08/2014] [03:25 31/03/2011] 7232264DAC560C85699216211381342D
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The Big Bang Theory.torrent --a---- 20417 bytes [20:04 30/08/2014] [23:43 02/04/2011] 229471FA0A35F02645198592FA421DC9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The King's Speech[2010]DVDRip-MXMG.torrent --a---- 14896 bytes [20:04 30/08/2014] [17:02 30/03/2011] F301AA92A0116131099936B0172F4A9C
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\The.Big.Bang.Theory.Season.1.torrent --a---- 16903 bytes [20:04 30/08/2014] [15:09 02/04/2011] 9B35CD99B6A6C2CA1C2AC4E38CADFC2C
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Thor (2011) DvDRiP Eng-IMAGiNE.torrent --a---- 32877 bytes [20:04 30/08/2014] [21:14 01/04/2011] 62DE48A2EE7BD5CCB6A993A4C7DA8BDA
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\True Blood Season 3 2010 by vladtepes3176.torrent --a---- 35057 bytes [20:04 30/08/2014] [17:48 30/03/2011] 3EAACEACB46904FD87F06889981B5982
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\True Grit 2010 SCR XViD - IMAGiNE [NO-RAR] - [ www.torrentday.com ].torrent --a---- 112883 bytes [20:04 30/08/2014] [02:49 07/04/2011] 1454F2485964CB45DF06412745AF45AB
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\Your.Highness.2011.DVDScr.XviD-DEViSE.torrent --a---- 16924 bytes [20:04 30/08/2014] [18:41 08/04/2011] DBA5E4B4AA456E1323720911623843A9
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent\[ www.Torrenting.com ] - Source Code 2011 TS XViD - IMAGiNE.torrent --a---- 114236 bytes [20:04 30/08/2014] [03:49 07/04/2011] DB8569F157756ECBC76DD0E30E94E2DB
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents\frostwire-5.7.6.windows.coc.premium.exe.torrent --a---- 15637 bytes [18:18 02/09/2014] [18:18 02/09/2014] 563167C60D1DC0F88C48DC06FF159BE3
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_torrentfreak.com_0.localstorage --a---- 40960 bytes [15:24 30/08/2014] [21:57 02/05/2014] BF4CBC1135984F02DF65205422960A59
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_torrentfreak.com_0.localstorage --a---- 40960 bytes [15:24 30/08/2014] [21:21 08/05/2014] ED6FA564A119DA42C05E3A86A9620B16
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.torrentfunk.com_0.localstorage --a---- 70656 bytes [15:24 30/08/2014] [18:06 30/07/2014] ECFBED1970069E3B47F8023D90CC24A3
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\J3DG36PS\bundles.bittorrent[1].xml --a---- 984 bytes [19:15 31/08/2014] [20:42 05/09/2014] 913A4ECAFD4F6DC3DF7E1E058F1E9C9F
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Documents\CoffeeCup Software\Graphics\Icons\Torrent File Type 2.png --a---- 13625 bytes [17:18 30/08/2014] [13:50 14/03/2007] 4E0852D0298B2E6B8EB027D106B7207F
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Documents\My eBooks\Beyond Band Of Brothers (385)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:22 30/08/2014] [13:42 23/06/2014] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Al Stewart\~uTorrentPartFile_E7E250E9.dat --a---- 7382538 bytes [17:25 30/08/2014] [21:37 23/11/2013] DB5DCA7DAA9DEFD2C20932FD5784F874
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:36 30/08/2014] [21:46 30/12/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\h33t - Torrents by [schon55].url --a---- 263 bytes [17:38 30/08/2014] [20:59 26/11/2013] F0A78BAA7509EBD85DA3BF2BF10E9F0E
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Dave Brubeck Quartet - Time Out (50th Anniversary) CD 1 of 2 (1959) [Jazz][mp3 220-320][h33t][schon55]\Scans\Torrent_downloaded_from_Demonoid.com.txt --a---- 47 bytes [17:38 30/08/2014] [20:57 26/11/2013] C347D69B388ABBABAF2F894C4200465C
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Glenn Gould\bernstein symphony edition disc 6-10\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:41 30/08/2014] [04:13 27/11/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Glenn Gould\bernstein_symphony_edition\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:42 30/08/2014] [00:42 27/11/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Glenn Gould\Brahms - Complete Symphonies (Karajan BPO)\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [17:42 30/08/2014] [19:55 18/01/2012] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Handel Concerti grossi Op6 - Berliner Philharmoniker, Karajan\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [17:43 30/08/2014] [13:20 22/01/2012] C347D69B388ABBABAF2F894C4200465C
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\iTunes\iTunes Music\Star Wars; The Old Republic; Fatal Alliance (Unabridged)_\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [18:07 30/08/2014] [21:27 21/01/2012] C347D69B388ABBABAF2F894C4200465C
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Leonard Cohen\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [18:21 30/08/2014] [15:51 04/05/2013] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\LITTLE FEAT - Lowell years (9+2=11cd)\~BitTorrentPartFile_2A4BEDFB.dat --a---- 829744 bytes [18:23 30/08/2014] [22:50 08/12/2011] C830157A95873C0CF36967A470EAE280
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com]\WWW.ToRReNTaZoS.CoM,Tu Chat Mas Divertido y Los Enlaces Bittorrent Mas Actuales!.url --a---- 164 bytes [18:30 30/08/2014] [23:36 10/11/2012] 06D480AE40BE0F3D1C3E78FA41EDE8F0
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Ry Cooder-1970-1992\Ry Cooder. - Crossroads(FLAC)(oan)\Torrent downloaded from Demonoid.com.txt --a---- 47 bytes [18:46 30/08/2014] [02:27 11/12/2012] C347D69B388ABBABAF2F894C4200465C
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Stevie Wonder - Greatest Hits CDRip [Bubanee]\Torrent downloaded from Demonoid.me.txt --a---- 46 bytes [18:48 30/08/2014] [18:46 20/10/2013] 0BA9B8B077F34D011DBE5BF4892A3CFE
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Videos\The Tracker\The Tracker.torrent --a---- 20307 bytes [19:35 30/08/2014] [14:18 28/10/2012] D1822561D6628EDAF7AEE309E23C3F5B
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Videos\The Tracker\The Tracker.torrent.torrent --a---- 404 bytes [19:35 30/08/2014] [16:38 04/04/2013] CB4AA3A3B51C388D275EAB8AF99E9406

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\LocalLow\Conduit d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Conduit d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\ConduitEngine d------ [15:23 08/09/2014]
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t4vn3hew.default\Extensions\engine@conduit.com d------ [15:23 08/09/2014]

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*frostwire*"
C:\FRST\Quarantine\C\Users\owner\.frostwire5 d------ [04:00 01/09/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire d------ [04:00 01/09/2014]
C:\FRST\Quarantine\C\Users\owner\.frostwire5\image_cache\static.frostwire.com d------ [18:18 02/09/2014]

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Local\Ilivid Player d------ [15:23 08/09/2014]

Searching for "*IObit*"
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\Temp\iobit-db-license-tmp d------ [15:27 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\LocalLow\IObit d------ [15:27 30/08/2014]

Searching for "*Iminent*"
No folders found.

Searching for "*OpenCandy*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*torrent*"
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\BitTorrent d------ [20:04 30/08/2014]
C:\FRST\Quarantine\C\Users\owner\AppData\Roaming\uTorrent d------ [19:13 31/08/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrent Data d------ [18:17 02/09/2014]
C:\FRST\Quarantine\C\Users\owner\FrostWire\Torrents d------ [18:18 02/09/2014]
C:\Users\owner\Music\Gregorian - O Fortuna 2010.www.loKoTorrents.com d------ [17:42 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\AppData\Local\VirtualStore\WINDOWS\SysWOW64\BITS\Torrent d------ [15:27 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Compact Disc Club - The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] d------ [17:37 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Mike Oldfield - Tubular Bells (Digitally Remastered) [2009] - Instrumental [www.torrentazos.com] d------ [18:30 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Mozart - The Very Best Of Mozart [2CDs].www.lokotorrents.com d------ [18:42 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\The Classic Jazz Collection (2003)[www.lokotorrents.com][mp3] d------ [18:51 30/08/2014]
C:\_OTL\MovedFiles\09172014_235341\C_Users\owner\Music\Amazon MP3\Procol Harum - Secrets Of The Hive (The Best Of) [2007] - Rock.www.lokotorrents.com d------ [17:30 30/08/2014]

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "frostwire"
[HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\FrostWire 5.lnk"="-1|14|418|14|418|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot]
"C:\Users\owner\Desktop\FrostWire 5.lnk"="-1|14|418|14|418|0|0|0|\\.\DISPLAY1|0|0|0|chrome.exe|0|0|0"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "OpenCandy"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "Searchnu"
No data found.

Searching for "smartbar"
No data found.

Searching for "Tarma"
No data found.

Searching for "torrent"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
SpecialEd19
Regular Member
 
Posts: 51
Joined: September 3rd, 2014, 10:23 am

Re: Son's laptop slow, browser hangs, D/Ls sporadic or fail.

Unread postby wannabeageek » September 20th, 2014, 12:43 am

Hi SpecialEd19,


Please run the following:

Step 1.
Registry Backup (TCRB)

tweaking.com_registry_backup_setup.exe Should still be on your desktop.

  1. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_CURRENT_USER\Software\Stardock\Fences\InitialSnapshot]
    [-HKEY_USERS\S-1-5-21-3209393520-565817868-2189237008-1000\Software\Stardock\Fences\InitialSnapshot]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    
    :Files
    C:\Users\owner\AppData\LocalLow\Siber Systems\RoboForm\UserData\(Conduit).rfb 
    C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@apps.conduit[2].txt
    C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\specialed@search.conduit[1].txt  
    C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\specialed@search.conduit[1].txt    
    C:\Users\owner\Documents\My RoboForm Data\Default Profile\(Conduit).rfb 
    C:\Users\owner\NTUSER.DAT.iobit
    C:\Users\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.iobit
    C:\Users\owner\Favorites\IObit Freeware.url 
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 3.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!


Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 315 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware