Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop ups


  • Please log in to reply

#1
GingerPowder

GingerPowder

    New Member

  • Member
  • Pip
  • 8 posts

For a while now i have been riddled in pop ups, after scans with spybot and installing adfender as well as some manual maintenance adfender is still blocking 112 ads with chrome and 3 tabs open.  My OS is Windows 7.  Every so often windows version installer pops up, once closed, a file appears on the desktop from vuupc.  Vuupc is being very stealthy and spybot cant find it and neither can I.

 

 

Any advice to get rid of these or any better antivirus/security suits would be much appreciated.


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
:welcome:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

    • 0

    #3
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Many thanks for the reply.  This is what you asked for.

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
    Ran by Median (administrator) on MEDIAN-PC on 17-05-2014 09:20:44
    Running from C:\Users\Median\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\ProgramData\MiniApp\SN.Booster\SN.Booster.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Median\Desktop\Farbar.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2341886027-534968240-3223439117-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
    AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [4210176 2014-05-04] ()
    AppInit_DLLs-x32: c:\progra~2\gssupp~1\assist~1.dll => C:\Program Files (x86)\GS Supporter\Assistant.dll [4296192 2014-05-04] ()
     
    ==================== Internet (Whitelisted) ====================
     
    ProxyServer:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...idswT5PVQm_281w,
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=MDNF&bmod=MDNF
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    BHO: NewSaaveer - {05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} - C:\ProgramData\NewSaaveer\m7_hrE.x64.dll ()
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: saave ennEt - {827240CD-F3D5-047D-EFE9-034179DA1B23} - C:\Program Files (x86)\saave ennEt\03lGBoE3q.x64.dll ()
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: sAve uneet - {C0549C6B-D108-7E6D-584A-DD4A822080C3} - C:\Program Files (x86)\sAve uneet\Zbffa7n.x64.dll ()
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: NewSaaveer - {05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} - C:\ProgramData\NewSaaveer\m7_hrE.dll ()
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: saave ennEt - {827240CD-F3D5-047D-EFE9-034179DA1B23} - C:\Program Files (x86)\saave ennEt\03lGBoE3q.dll ()
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: sAve uneet - {C0549C6B-D108-7E6D-584A-DD4A822080C3} - C:\Program Files (x86)\sAve uneet\Zbffa7n.dll ()
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Median\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation)
     
    Chrome: 
    =======
    CHR StartupUrls: "https://www.google.co.uk/"
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
    CHR Extension: (Google Drive) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
    CHR Extension: (YouTube) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
    CHR Extension: (Google Search) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
    CHR Extension: (Google Wallet) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Gmail) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
    CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-05-07]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Services (Whitelisted) =================
     
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-10] ()
    R2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [174928 2014-05-04] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
     
    ==================== Drivers (Whitelisted) ====================
     
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R1 {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64; C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys [61112 2014-04-24] (StdLib)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-17 09:20 - 2014-05-17 09:21 - 00015523 _____ () C:\Users\Median\Desktop\FRST.txt
    2014-05-17 09:20 - 2014-05-17 09:20 - 00000000 ____D () C:\FRST
    2014-05-17 09:19 - 2014-05-17 09:20 - 02067456 _____ (Farbar) C:\Users\Median\Desktop\Farbar.exe
    2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
    2014-05-14 20:22 - 2014-04-24 12:33 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys
    2014-05-14 18:50 - 2014-05-14 18:51 - 00000320 _____ () C:\Users\Median\AppData\Roaming\aps.uninstall.scan.results
    2014-05-14 18:49 - 2014-05-14 18:49 - 01746032 _____ (AnyProtect.com) C:\Users\Median\AppData\Local\nsp95D4.tmp
    2014-05-14 18:48 - 2014-05-15 17:16 - 00000000 ____D () C:\Users\Median\AppData\Local\WeatherAlerts
    2014-05-14 18:27 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-14 18:27 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-14 18:27 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-14 18:27 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-14 18:27 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-14 18:27 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-14 18:14 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 18:14 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 18:14 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 18:14 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 18:14 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 18:14 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 18:14 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 18:14 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 18:14 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 18:14 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 18:14 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 18:14 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 18:14 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 18:14 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 18:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 18:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 18:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 18:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 18:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 18:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 18:13 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 18:13 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 18:13 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
    2014-05-11 11:21 - 2014-05-11 11:22 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
    2014-05-11 11:12 - 2014-05-11 11:13 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
    2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
    2014-05-11 10:44 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\NewSaaveer
    2014-05-11 10:36 - 2014-05-11 10:37 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
    2014-05-10 18:13 - 2014-05-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-10 18:03 - 2014-05-10 18:04 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
    2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-05-07 19:06 - 2014-05-17 09:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-07 19:06 - 2014-05-17 08:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
    2014-05-07 19:06 - 2014-05-07 19:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 19:06 - 2014-05-07 19:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
    2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-07 18:51 - 2014-05-07 18:52 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
    2014-05-06 10:06 - 2014-05-14 18:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
    2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
    2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
    2014-05-04 14:53 - 2014-05-06 18:26 - 00000000 ____D () C:\ProgramData\sAvve net
    2014-05-04 14:53 - 2014-05-06 18:25 - 00000000 ____D () C:\Program Files (x86)\sAvve net
    2014-05-04 14:52 - 2014-05-04 14:52 - 00323832 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326 (1).exe
    2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
    2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
    2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
    2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
    2014-05-04 14:44 - 2014-05-04 14:44 - 00000000 ____D () C:\ProgramData\saave ennEt
    2014-05-04 14:44 - 2014-05-04 14:44 - 00000000 ____D () C:\Program Files (x86)\saave ennEt
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\ProgramData\sAve uneet
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Program Files (x86)\sAve uneet
    2014-05-04 14:40 - 2014-05-17 09:18 - 00000438 ____H () C:\Windows\Tasks\SN.Booster-S-615019665.job
    2014-05-04 14:40 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
    2014-05-04 14:40 - 2014-05-04 14:53 - 00002684 _____ () C:\Windows\System32\Tasks\SN.Booster-S-615019665
    2014-05-04 14:40 - 2014-05-04 14:53 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-04 14:40 - 2014-05-04 14:53 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\MiniApp
    2014-05-04 14:38 - 2014-05-04 14:39 - 00323824 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326(1).exe
    2014-05-04 14:37 - 2014-05-04 14:37 - 00323824 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326.exe
    2014-04-29 21:15 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-29 21:15 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-29 21:15 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-29 21:15 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-29 21:15 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-29 21:15 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-29 21:15 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-29 21:15 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-29 21:15 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-29 21:15 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-29 21:15 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-29 21:15 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-29 21:15 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-29 21:15 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-29 21:15 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-29 21:15 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-29 21:15 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-29 21:15 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-29 21:15 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-29 21:15 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-29 21:15 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-29 21:15 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-29 21:15 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-29 21:15 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-29 21:15 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-29 21:15 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-29 21:15 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-29 21:15 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-29 21:15 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-29 21:15 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-29 21:15 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-29 21:15 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-29 21:15 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-29 21:15 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-29 21:15 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-29 21:15 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-29 21:15 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-29 21:15 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-29 21:15 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-29 21:15 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-29 21:15 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-29 21:15 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-29 21:15 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-29 21:14 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-27 12:17 - 2014-04-27 12:19 - 00000000 ____D () C:\Users\Median\Downloads\Instances
    2014-04-27 12:17 - 2014-04-27 12:18 - 00000000 ____D () C:\Users\Median\Downloads\Configs
    2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
    2014-04-27 12:14 - 2014-05-10 17:54 - 00000000 ____D () C:\Users\Median\Downloads\authlib
    2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
    2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-26 20:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-26 20:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-26 20:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-26 20:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-17 09:21 - 2014-05-17 09:20 - 00015523 _____ () C:\Users\Median\Desktop\FRST.txt
    2014-05-17 09:20 - 2014-05-17 09:20 - 00000000 ____D () C:\FRST
    2014-05-17 09:20 - 2014-05-17 09:19 - 02067456 _____ (Farbar) C:\Users\Median\Desktop\Farbar.exe
    2014-05-17 09:18 - 2014-05-07 19:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-17 09:18 - 2014-05-04 14:40 - 00000438 ____H () C:\Windows\Tasks\SN.Booster-S-615019665.job
    2014-05-17 09:18 - 2014-02-11 20:58 - 00022546 _____ () C:\Windows\setupact.log
    2014-05-17 09:18 - 2012-07-26 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-05-17 09:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-17 08:19 - 2012-07-26 17:14 - 02042678 _____ () C:\Windows\WindowsUpdate.log
    2014-05-17 08:11 - 2014-05-07 19:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-17 08:00 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-17 08:00 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-17 07:51 - 2014-02-25 14:44 - 00150956 _____ () C:\Windows\PFRO.log
    2014-05-16 19:32 - 2013-01-12 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-16 19:09 - 2013-11-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-05-16 14:06 - 2013-12-09 20:03 - 00000000 ____D () C:\Users\Median\AppData\Local\Battle.net
    2014-05-16 13:32 - 2013-01-12 18:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-16 13:32 - 2012-08-11 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-16 13:32 - 2011-12-01 22:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-16 12:46 - 2012-12-22 14:28 - 00000000 ____D () C:\Users\Median\AppData\Roaming\jEdit
    2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
    2014-05-15 17:16 - 2014-05-14 18:48 - 00000000 ____D () C:\Users\Median\AppData\Local\WeatherAlerts
    2014-05-15 16:36 - 2009-07-14 03:34 - 00000554 _____ () C:\Windows\win.ini
    2014-05-14 20:21 - 2014-05-10 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-14 20:21 - 2012-07-27 09:25 - 00000000 ____D () C:\Users\Median\AppData\Roaming\Mozilla
    2014-05-14 18:51 - 2014-05-14 18:50 - 00000320 _____ () C:\Users\Median\AppData\Roaming\aps.uninstall.scan.results
    2014-05-14 18:49 - 2014-05-14 18:49 - 01746032 _____ (AnyProtect.com) C:\Users\Median\AppData\Local\nsp95D4.tmp
    2014-05-14 18:47 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-14 18:35 - 2014-05-06 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-14 18:27 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-14 18:26 - 2011-07-18 21:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-12 17:45 - 2012-07-26 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-05-12 17:44 - 2014-01-21 19:36 - 00000000 ____D () C:\Users\Median\Downloads\MagicFarm2
    2014-05-11 13:45 - 2012-08-06 19:08 - 00000000 ___RD () C:\Users\Median\Desktop\Games
    2014-05-11 11:44 - 2012-07-26 18:16 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.minecraft
    2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
    2014-05-11 11:22 - 2014-05-11 11:21 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
    2014-05-11 11:13 - 2014-05-11 11:12 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
    2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
    2014-05-11 10:44 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\NewSaaveer
    2014-05-11 10:44 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
    2014-05-11 10:37 - 2014-05-11 10:36 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
    2014-05-10 18:04 - 2014-05-10 18:03 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
    2014-05-10 17:54 - 2014-04-27 12:14 - 00000000 ____D () C:\Users\Median\Downloads\authlib
    2014-05-10 17:54 - 2013-01-06 11:13 - 00000000 ____D () C:\Users\Median\AppData\Roaming\ftblauncher
    2014-05-09 15:55 - 2013-12-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
    2014-05-09 07:14 - 2014-05-14 18:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 07:11 - 2014-05-14 18:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-07 19:09 - 2014-03-12 21:14 - 00000000 ____D () C:\Users\Median\AppData\Local\Windows Live
    2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-05-07 19:07 - 2012-07-26 17:15 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
    2014-05-07 19:06 - 2014-05-07 19:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 19:06 - 2014-05-07 19:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
    2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-07 18:52 - 2014-05-07 18:51 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
    2014-05-07 18:41 - 2013-06-30 10:05 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.technic
    2014-05-06 18:28 - 2013-06-18 19:06 - 00000000 ____D () C:\Users\Median\AppData\Local\Unity
    2014-05-06 18:26 - 2014-05-04 14:53 - 00000000 ____D () C:\ProgramData\sAvve net
    2014-05-06 18:25 - 2014-05-04 14:53 - 00000000 ____D () C:\Program Files (x86)\sAvve net
    2014-05-06 14:16 - 2009-07-14 06:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-06 05:40 - 2014-05-14 18:27 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-06 05:17 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-06 04:25 - 2014-05-14 18:27 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-06 04:07 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-06 04:00 - 2014-05-14 18:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-06 03:10 - 2014-05-14 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
    2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
    2014-05-05 14:32 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
    2014-05-04 14:53 - 2014-05-04 14:40 - 00002684 _____ () C:\Windows\System32\Tasks\SN.Booster-S-615019665
    2014-05-04 14:53 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-04 14:53 - 2014-05-04 14:40 - 00000000 ____D () C:\Program Files (x86)\GS Supporter
    2014-05-04 14:52 - 2014-05-04 14:52 - 00323832 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326 (1).exe
    2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
    2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
    2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
    2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
    2014-05-04 14:44 - 2014-05-04 14:44 - 00000000 ____D () C:\ProgramData\saave ennEt
    2014-05-04 14:44 - 2014-05-04 14:44 - 00000000 ____D () C:\Program Files (x86)\saave ennEt
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\ProgramData\sAve uneet
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Program Files (x86)\sAve uneet
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\MiniApp
    2014-05-04 14:40 - 2012-07-26 17:53 - 00000000 ____D () C:\Users\Median\AppData\Local\Google
    2014-05-04 14:39 - 2014-05-04 14:38 - 00323824 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326(1).exe
    2014-05-04 14:37 - 2014-05-04 14:37 - 00323824 _____ (MiniApp) C:\Users\Median\Downloads\minecraftdl_16326.exe
    2014-05-02 17:06 - 2013-12-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-04-30 17:12 - 2013-12-06 20:06 - 00000000 ____D () C:\Users\Median\Desktop\bat
    2014-04-30 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-29 19:00 - 2012-07-27 13:19 - 00000000 ____D () C:\Users\Median\AppData\Local\ArmA 2 OA
    2014-04-27 12:19 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Instances
    2014-04-27 12:18 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Configs
    2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
    2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
    2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-26 20:36 - 2013-10-22 18:13 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-26 20:36 - 2013-06-28 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-24 12:33 - 2014-05-14 20:22 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys
    2014-04-22 18:11 - 2013-12-22 11:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2014-04-17 17:18 - 2014-02-27 16:56 - 00000000 ____D () C:\Users\Median\Desktop\Assignment
     
    Files to move or delete:
    ====================
    C:\Users\Median\jagex_cl_runescape_LIVE.dat
    C:\Users\Median\random.dat
    C:\Users\Public\AlexaNSISPlugin.4588.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe
    [2014-05-14 18:14] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
     
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2013-12-23 14:29
     
    ==================== End Of Log ============================
     
     
     
     
    Im stupid and couldnt figure out how to attach documents.
     
    Addition.txt
     
     
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
    Ran by Median at 2014-05-17 09:22:05
    Running from C:\Users\Median\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
     
    ==================== Installed Programs ======================
     
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    CPUID CPU-Z 1.62.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
    GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
    Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
    Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
    jEdit 5.0.0 (HKLM\...\jEdit_is1) (Version: 5.0.0 - Contributors)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
    NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
    NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    ROBLOX Player for Median (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
     
    ==================== Restore Points  =========================
     
    26-04-2014 19:35:37 Installed Java 7 Update 55
    29-04-2014 15:03:33 Windows Update
    29-04-2014 20:14:29 Windows Update
    03-05-2014 09:20:57 Windows Update
    06-05-2014 09:06:32 Windows Update
    06-05-2014 17:24:04 Removed Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
    06-05-2014 17:24:55 Removed Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
    06-05-2014 17:30:18 Removed Bonjour
    07-05-2014 17:52:20 Installed Java 7 Update 55 (64-bit)
    09-05-2014 17:49:05 Windows Update
    13-05-2014 12:08:17 Windows Update
    14-05-2014 17:24:53 Windows Update
     
    ==================== Hosts content: ==========================
     
    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: {0964ED84-A785-48F1-8E4D-DA88E8C0BBEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
    Task: {21710257-9FB8-4F72-B974-71FB119460CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3AB46737-8778-4597-924B-0173CCC02026} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: {51A757BE-6303-4D2B-81F8-289C03164E76} - System32\Tasks\SN.Booster-S-615019665 => c:\programdata\miniapp\sn.booster\SN.Booster.exe [2013-05-04] ()
    Task: {58518029-677F-4014-8CBE-2D93E2AC3407} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
    Task: {8F8C8B53-16E3-4345-92AD-95B946F262AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {A4F1DDFD-8E5F-4F98-8E3A-9C1B31766C11} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {B4B4FB18-C5AE-4C5E-BC18-A5DFB0836F75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {CEAC158D-8830-4891-A085-E37A62D25ACB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
    Task: {D7A6C6FA-5178-4665-A059-C23B19C0C3C8} - \DigitalSite No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SN.Booster-S-615019665.job => c:\programdata\miniapp\sn.booster\SN.Booster.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2012-07-26 17:39 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-05-04 14:40 - 2014-05-04 14:40 - 04210176 _____ () C:\Program Files (x86)\GS Supporter\Assistant_x64.dll
    2013-05-04 14:53 - 2013-05-04 14:53 - 00729600 _____ () c:\programdata\miniapp\sn.booster\SN.Booster.exe
    2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-04 14:40 - 2014-05-04 14:40 - 04296192 _____ () C:\Program Files (x86)\GS Supporter\Assistant.dll
    2014-05-04 14:40 - 2014-05-04 14:40 - 00174928 _____ () C:\Program Files (x86)\GS Supporter\AssistantSvc.dll
    2013-11-25 20:43 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-11-25 20:43 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-11-25 20:43 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-11-25 20:43 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-11-25 20:43 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
    2014-05-07 19:07 - 2014-04-24 01:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
    2014-02-12 17:35 - 2014-02-12 17:35 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
    2012-03-06 21:13 - 2011-11-30 05:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2012-03-06 21:29 - 2012-01-20 04:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
     
    ==================== Safe Mode (whitelisted) ===================
     
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Intel® HD Graphics
    Description: Intel® HD Graphics
    Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel Corporation
    Service: igfx
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/14/2014 06:38:07 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .
     
    Error: (05/06/2014 06:42:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 29.0.0.5224 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 350
     
    Start Time: 01cf695110779160
     
    Termination Time: 66
     
    Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
     
    Report Id: b32f1ac5-d545-11e3-8c57-8c89a5c73c5f
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10000
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10000
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10031
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10031
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/03/2014 00:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9033
     
    Error: (05/03/2014 00:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9033
     
     
    System errors:
    =============
    Error: (05/17/2014 09:21:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
    %%1069
     
    Error: (05/17/2014 09:21:01 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
    %%1330
     
    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
     
    Error: (05/17/2014 07:55:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
    %%1069
     
    Error: (05/17/2014 07:55:13 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
    %%1330
     
    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
     
    Error: (05/16/2014 00:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
    %%1069
     
    Error: (05/16/2014 00:47:30 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
    %%1330
     
    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
     
    Error: (05/16/2014 00:45:40 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80004005
     
    Error: (05/16/2014 00:44:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
    %%1053
     
    Error: (05/16/2014 00:44:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
     
    Error: (05/16/2014 10:16:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
    %%1069
     
     
    Microsoft Office Sessions:
    =========================
    Error: (05/14/2014 06:38:07 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
    .
     
    Error: (05/06/2014 06:42:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: firefox.exe29.0.0.522435001cf69511077916066C:\Program Files (x86)\Mozilla Firefox\firefox.exeb32f1ac5-d545-11e3-8c57-8c89a5c73c5f
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10000
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10000
     
    Error: (05/04/2014 06:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10031
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10031
     
    Error: (05/03/2014 00:47:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/03/2014 00:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9033
     
    Error: (05/03/2014 00:47:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9033
     
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 29%
    Total physical RAM: 6035.91 MB
    Available physical RAM: 4231.41 MB
    Total Pagefile: 12070.01 MB
    Available Pagefile: 10020.85 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:126.67 GB) NTFS
    Drive d: (Recover) (Fixed) (Total:50 GB) (Free:30.05 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: B84FF6CF)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
     
    ==================== End Of Log ============================
     
     
    Shortcut.txt
     
     
    Users shortcut scan result (x64) Version: 17-05-2014
    Ran by Median at 2014-05-17 09:24:33
    Running from C:\Users\Median\Desktop
    Boot Mode: Normal
    ==================== Shortcuts =============================
     
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Cinema.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\PS.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Account Billing.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enGB\AccountBilling.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Blizzard Technical Support.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enGB\TechSupport.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoidLauncher\Open Last Log File.lnk -> C:\VoidLauncher\VoidLauncher-Log.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoidLauncher\VoidLauncher.lnk -> C:\VoidLauncher\Start.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoidLauncher\Extras\Open VoidLauncher Directory.lnk -> C:\VoidLauncher ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoidLauncher\Extras\Uninstall.lnk -> C:\VoidLauncher\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Blue Tongue Software.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\BTS.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Learn more aboutJurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\Home.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Play Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\SimJP.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Register Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\Register.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Release Notes forJurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Setup Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\Setup\Setup.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Support for Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\Support.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\View Trailer.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\ump.mpg ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Check system requirements.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Detection\s5detection.exe (Blue Byte Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Play THE SETTLERS - Heritage of Kings.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\bin\settlershok.exe (Blue Byte Software)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\View Readme.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Manual\ReadMe.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Manual\Show online manual.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Manual\Manual.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\Scooby-Doo 2 - Monsters Unleashed.lnk -> C:\Program Files (x86)\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\Scooby.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\View README.lnk -> C:\Program Files (x86)\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk -> C:\Users\Median\AppData\Local\Temp\Phx9FB8\Packer.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\Empire Earth.lnk -> C:\Sierra\Empire Earth\Empire Earth.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\Scenario Editor Manual.lnk -> C:\Sierra\Empire Earth\EE Scenario Editor Manual.doc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\Uninstall Empire Earth.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe (InstallShield Software Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\Update Empire Earth.lnk -> C:\Sierra\Empire Earth\Sierra Update\SierraUp.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\View the Read Me file.lnk -> C:\Sierra\Empire Earth\readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Program Files (x86)\QuickTime\PictureViewer.exe (Apple Computer, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Updater.lnk -> C:\Program Files (x86)\QuickTime\QuickTimeUpdater.exe (Apple Computer, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\ReadMe.lnk -> C:\Program Files (x86)\QuickTime\readme.wri ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Python (command line).lnk -> C:\Windows\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Python Manuals.lnk -> C:\Python33\Doc\python332.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Copy\PowerDVD Copy.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD Copy\PowerDVDCopy.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power2Go\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power2Go\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\IsoViewer.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires Gold\Age of Empires Expansion.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\EMPIRESX.EXE (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires Gold\Age of Empires Readme.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\Readme.doc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires Gold\Age of Empires.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\EMPIRES.EXE (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires Gold\Rise of Rome Readme.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\Readmex.doc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit\jEdit on the Web.lnk -> C:\Program Files\jEdit\jEdit.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit\jEdit.lnk -> C:\Program Files\jEdit\jedit.exe (Contributors)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit\Uninstall jEdit.lnk -> C:\Program Files\jEdit\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.7.0_10\bin\jmc.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows\License.lnk -> C:\Program Files (x86)\Image Resizer for Windows\Ms-PL.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Dungeon Keeper 2 [Safe Mode].lnk -> C:\GOG Games\Dungeon Keeper 2\DKII_SOFT.EXE ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Dungeon Keeper 2.lnk -> C:\GOG Games\Dungeon Keeper 2\DKII-DX.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Uninstall Dungeon Keeper 2.lnk -> C:\GOG Games\Dungeon Keeper 2\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Documents\Manual.lnk -> C:\GOG Games\Dungeon Keeper 2\manual.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Documents\Readme.lnk -> C:\GOG Games\Dungeon Keeper 2\ReadMe.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Documents\Reference Card.lnk -> C:\GOG Games\Dungeon Keeper 2\reference_card.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Uninstall ffdshow.lnk -> C:\Program Files (x86)\ffdshow\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Electronic Arts Product Registration\Electronic Arts Product Registration.lnk -> C:\Program Files (x86)\Electronic Arts\Electronic Arts Product Registration\EAPR.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\EAsy System Info.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\Support\go_ez.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\Electronic Registration.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\Support\Harry Potter TM_eReg.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\Harry Potter TM.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\System\HP.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\Read Me.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\ReadMe_eng.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\Technical Support.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\Support\en-uk_eahelp.hlp ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter and the Chamber of Secrets\Harry Potter and the Chamber of Secrets.lnk -> C:\Program Files (x86)\EA Games\Harry Potter and the Chamber of Secrets\system\Game.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter and the Chamber of Secrets\Read Me.lnk -> C:\Program Files (x86)\EA Games\Harry Potter and the Chamber of Secrets\ReadMe.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter and the Chamber of Secrets\Technical Support.lnk -> C:\Program Files (x86)\EA Games\Harry Potter and the Chamber of Secrets\Support\en-uk_eahelp.hlp ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Readme.lnk -> C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\RollerCoaster Tycoon 3.lnk -> C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3.EXE (Frontier Developments Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Soaked Manual.lnk -> C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3S_MANUAL_ENU.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Soaked Readme.lnk -> C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\Soaked_Readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender\AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender\Help.lnk -> C:\Program Files (x86)\AdFender\AdFender.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender\Readme.lnk -> C:\Program Files (x86)\AdFender\Readme.txt ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Scooby-Doo™, Case File #1 The Glowing Bug Man.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo\Scooby-Doo™, Case File #1 The Glowing Bug Man\Launcher\TLCLauncher.exe (The Learning Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{801A37B1-B787-44EE-9029-4F4BC846E671}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
    Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
    Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor\WaveEditor.lnk -> C:\Program Files (x86)\CyberLink\WaveEditor\WaveEditor.exe (Cyberlink)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files (x86)\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Median\Links\Desktop.lnk -> C:\Users\Median\Desktop ()
    Shortcut: C:\Users\Median\Links\Downloads.lnk -> C:\Users\Median\Downloads ()
    Shortcut: C:\Users\Median\Desktop\MSACCESS - Shortcut.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE (Microsoft Corporation)
    Shortcut: C:\Users\Median\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\Median\Desktop\Photos\15th March 2010 - Shortcut.lnk -> G:\15th March 2010 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\2008 - Shortcut.lnk -> G:\2008 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\2011 - Shortcut.lnk -> G:\2011 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\2011 rian & kyle - Shortcut.lnk -> G:\2011 rian & kyle (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\2012 - Shortcut.lnk -> G:\2012 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\alcudia september 2009 - Shortcut.lnk -> G:\alcudia september 2009 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\callums birthday 2009 - Shortcut.lnk -> G:\callums birthday 2009 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\club_application - Shortcut.lnk -> G:\club_application (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\cowdnbeath united presentation - Shortcut.lnk -> G:\cowdnbeath united presentation (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\eastend park 1-5-2011 - Shortcut.lnk -> G:\eastend park 1-5-2011 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\june2009 - Shortcut.lnk -> G:\june2009 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\luuchars air show - Shortcut.lnk -> G:\luuchars air show (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\majorca july2011 - Shortcut.lnk -> G:\majorca july2011 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\mobile phone pics2 - Shortcut.lnk -> G:\mobile phone pics2 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\mobile photo's 2011-12 - Shortcut.lnk -> G:\mobile photo's 2011-12 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\mobile phototo,s - Shortcut.lnk -> G:\mobile phototo,s (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\mobile pictures - Shortcut.lnk -> G:\mobile pictures (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\molly's 1st birthday 2009 - Shortcut.lnk -> G:\molly's 1st birthday 2009 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\New Folder (2) - Shortcut.lnk -> G:\New Folder (2) (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\New Folder - Shortcut.lnk -> G:\New Folder (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\parent and child camp - Shortcut.lnk -> G:\parent and child camp (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\pics - Shortcut.lnk -> G:\pics (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\pics2 - Shortcut.lnk -> G:\pics2 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\pictures 2010 - Shortcut.lnk -> G:\pictures 2010 (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\SanDiskSecureAccess - Shortcut.lnk -> G:\SanDiskSecureAccess (No File)
    Shortcut: C:\Users\Median\Desktop\Photos\xmas 2011& new year 2012 - Shortcut.lnk -> G:\xmas 2011& new year 2012 (No File)
    Shortcut: C:\Users\Median\Desktop\Games\Age of Empires Expansion.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\EMPIRESX.EXE (Microsoft Corporation)
    Shortcut: C:\Users\Median\Desktop\Games\Age of Empires.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\EMPIRES.EXE (Microsoft Corporation)
    Shortcut: C:\Users\Median\Desktop\Games\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\Users\Median\Desktop\Games\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
    Shortcut: C:\Users\Median\Desktop\Games\Dungeon Keeper 2.lnk -> C:\GOG Games\Dungeon Keeper 2\DKII-DX.exe ()
    Shortcut: C:\Users\Median\Desktop\Games\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
    Shortcut: C:\Users\Median\Desktop\Games\Scooby-Doo 2 - Monsters Unleashed.lnk -> C:\Program Files (x86)\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\Scooby.exe ()
    Shortcut: C:\Users\Median\Desktop\Games\Six Launcher.lnk -> C:\Windows\Installer\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}\_985D6477562748CF925EF89F3E038BD3.exe (No File)
    Shortcut: C:\Users\Median\Desktop\Games\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    Shortcut: C:\Users\Median\Desktop\Games\THE SETTLERS - Heritage of Kings.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\bin\settlershok.exe (Blue Byte Software)
    Shortcut: C:\Users\Median\Desktop\Games\VoidLauncher.lnk -> C:\VoidLauncher\Start.exe ()
    Shortcut: C:\Users\Median\Desktop\Games\World of Tanks.lnk -> C:\Games\World_of_Tanks\WOTLauncher.exe (Wargaming.net)
    Shortcut: C:\Users\Median\Desktop\bat\Matrix - Shortcut.lnk -> C:\Users\Median\Desktop\bat\Matrix.bat ()
    Shortcut: C:\Users\Median\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Median\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Median\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Median\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\Median\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{F87F4A00-0BFA-46D4-A497-E025105A2F98}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo\Scooby-Doo™, Case File #1 The Glowing Bug Man\Case File #1.exe (Riverdeep-TLC)
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{E237851E-92A7-4806-8491-CB16A52AB822}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3.EXE (Frontier Developments Ltd)
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{D8F612F8-96FE-42CF-BE54-7F7F07510F6B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\System\HP.exe ()
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{B147D84B-4B5E-4EAA-8450-E54E4CDE4527}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\Scooby.exe ()
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{9080D9E5-3FAB-4545-AF45-3E21FB91C332}\PlayTasks\0\Play.lnk -> C:\Sierra\Empire Earth\Empire Earth.exe ()
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{80932F08-210A-4CAD-96FF-5B502CC198F7}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\EMPIRES.EXE (Microsoft Corporation)
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{422FC3EB-FE03-4385-A420-DCFF3485BC5B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\EA Games\Harry Potter and the Chamber of Secrets\system\Game.exe ()
    Shortcut: C:\Users\Median\AppData\Local\Microsoft\Windows\GameExplorer\{0FB217F3-8DE1-4394-A5DF-CC3ED0745A62}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\SimJP.exe ()
    Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ()
    Shortcut: C:\Users\sederunt\Links\Desktop.lnk -> C:\Users\Median\Desktop ()
    Shortcut: C:\Users\sederunt\Links\Downloads.lnk -> C:\Users\Median\Downloads ()
    Shortcut: C:\Users\sederunt\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\sederunt\Desktop\Spectromancer.lnk -> C:\Program Files (x86)\Spectromancer\spectromancer.exe ()
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor\WaveEditor.lnk -> C:\Program Files (x86)\CyberLink\WaveEditor\WaveEditor.exe (Cyberlink)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files (x86)\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\Links\Desktop.lnk -> C:\Users\Median\Desktop ()
    Shortcut: C:\Users\sederunt1\Links\Downloads.lnk -> C:\Users\Median\Downloads ()
    Shortcut: C:\Users\sederunt1\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\sederunt1\Desktop\Spectromancer.lnk -> C:\Program Files (x86)\Spectromancer\spectromancer.exe ()
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor\WaveEditor.lnk -> C:\Program Files (x86)\CyberLink\WaveEditor\WaveEditor.exe (Cyberlink)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files (x86)\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\Desktop\GameSpy Arcade.lnk -> C:\Program Files (x86)\GameSpy Arcade\Aphex.exe (No File)
    Shortcut: C:\Users\UpdatusUser\Desktop\Play Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Universal Interactive\Blue Tongue Software\Jurassic Park Operation Genesis\JPOG\SimJP.exe ()
    Shortcut: C:\Users\UpdatusUser\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
    Shortcut: C:\Users\UpdatusUser\Desktop\Spectromancer.lnk -> C:\Program Files (x86)\Spectromancer\spectromancer.exe ()
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveEditor\WaveEditor.lnk -> C:\Program Files (x86)\CyberLink\WaveEditor\WaveEditor.exe (Cyberlink)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files (x86)\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Computer, Inc.)
     
     
     
     
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive\Jurassic Park Operation Genesis\Uninstall Jurassic Park Operation Genesis.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe () -> /M{A347C572-F7B4-43A3-BD51-FFC99184F70D}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Register product.lnk -> C:\Program Files (x86)\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Register\RegistrationReminder.exe (Blue Byte Software) -> -g THE SETTLERS - Heritage of Kings -l english -i 2057
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Uninstall THE SETTLERS - Heritage of Kings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\Warner Bros\Scooby-Doo\Monsters Unleashed\Uninstall Game.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B9BD9BF5-F1D1-4904-B348-40D0E9FF0023}\setup.exe" -l0x9 \ -uninst
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) -> -autostart
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\unvise32qt.exe (MindVision) -> C:\Windows\system32\QUICKT~1\UNINST~1.LOG
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\IDLE (Python GUI).lnk -> C:\Windows\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe () -> "C:\Python33\Lib\idlelib\idle.pyw"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Module Docs.lnk -> C:\Windows\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe () -> "C:\Python33\Tools\scripts\pydocgui.pyw"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Uninstall Python.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x{92389de9-939e-341b-a076-1d52d7dbca71}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Age of Empires Gold\Uninstall Age of Empires Gold.lnk -> C:\Program Files (x86)\Microsoft Games\Age of Empires\Uninstal.Exe (Microsoft Corporation) -> /runtemp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit\Launch jEdit Server.lnk -> C:\Program Files\jEdit\jedit.exe (Contributors) -> -background -nogui --l4j-dont-wait
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jEdit\Quit jEdit Server.lnk -> C:\Program Files\jEdit\jedit.exe (Contributors) -> -quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> splitter.ax,Configure
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Audio decoder configuration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\ffdshow\ffdshow.ax",configureAudio
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\VFW configuration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Windows\SysWOW64\ff_vfw.dll",configureVFW
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Video decoder configuration.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\ffdshow\ffdshow.ax",configure
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts\Electronic Arts Product Registration\Uninstall.lnk -> C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe () -> /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1033
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\3D Setup.lnk -> C:\Program Files (x86)\EA Games\Harry Potter TM\System\HP.exe () -> -c
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter TM\Uninstall Harry Potter TM.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe"  -l0x9 Uninstall
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games\Harry Potter and the Chamber of Secrets\Uninstall Harry Potter and the Chamber of Secrets.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe"  -l0x9 Uninstall
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop\Scooby-Doo™, Jinx At The Sphinx™.lnk -> C:\Program Files (x86)\The Learning Company\Scooby-Doo™, Jinx At The Sphinx™\TLCRUN.EXE (The Learning Company) ->  Main
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Check for Updates.lnk -> C:\Program Files (x86)\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe (Pocket Soft, Inc.) -> -n:{907B4640-266B-4A21-92FB-CD1A86CD0F63} -e
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3\Uninstall RollerCoaster Tycoon® 3.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Median\Desktop\Games\IDLE (Python GUI).lnk -> C:\Windows\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe () -> "C:\Python33\Lib\idlelib\idle.pyw"
    ShortcutWithArgument: C:\Users\Median\Desktop\Games\ROBLOX Player.lnk -> C:\Users\Median\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\RobloxPlayerLauncher.exe (ROBLOX Corporation) -> -browser
    ShortcutWithArgument: C:\Users\Median\Desktop\Games\ROBLOX Studio 2013.lnk -> C:\Users\Median\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe (ROBLOX Corporation) -> -ide
    ShortcutWithArgument: C:\Users\Median\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Median\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
    ShortcutWithArgument: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\sederunt\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\sederunt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\sederunt1\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\sederunt1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\UpdatusUser\Desktop\Outerbound Games.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) ->  "C:\Users\Median\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OuterBound Games"
    ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
     
     
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Settlers.com.url -> hxxp://www.thesettlers.com/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Ubi.com.url -> hxxp:\\www.ubi.com
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\Sierra Web Site.url -> hxxp://www.sierra-online.co.uk/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra\Empire Earth\The Empire Earth Website.url -> hxxp://www.empireearth.com/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows\Documentation.url -> hxxp://imageresizer.codeplex.com/documentation
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Dungeon Keeper 2\Documents\Support.url -> hxxp://www.gog.com/support/dungeon_keeper_2
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow\Homepage.url -> hxxp://ffdshow-tryout.sourceforge.net/
    InternetURL: C:\Users\Default\Favorites\eBay.co.uk.url -> hxxp://www.ebay.de/?mpt=1173498776949
    InternetURL: C:\Users\Median\Favorites\eBay.co.uk.url -> hxxp://www.ebay.de/?mpt=1173498776949
    InternetURL: C:\Users\Median\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
    InternetURL: C:\Users\Median\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
    InternetURL: C:\Users\Median\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
    InternetURL: C:\Users\Median\Desktop\Games\ARMA 2 Operation Arrowhead.url -> steam://rungameid/33930
    InternetURL: C:\Users\Median\Desktop\Games\ARMA 2.url -> steam://rungameid/33910
    InternetURL: C:\Users\Median\Desktop\Games\Dota 2.url -> steam://rungameid/570
    InternetURL: C:\Users\Median\Desktop\Games\Garry's Mod.url -> steam://rungameid/4000
    InternetURL: C:\Users\Median\Desktop\Games\Magicka.url -> steam://rungameid/42910
    InternetURL: C:\Users\Median\Desktop\Games\Orcs Must Die! 2.url -> steam://rungameid/201790
    InternetURL: C:\Users\Median\Desktop\Games\Sanctum 2.url -> steam://rungameid/210770
    InternetURL: C:\Users\Median\Desktop\Games\Sid Meier's Civilization V (DirectX 9).url -> steam://rungameid/8930//%5Cdx9
    InternetURL: C:\Users\Median\Desktop\Games\Sid Meier's Civilization V.url -> steam://rungameid/8930
    InternetURL: C:\Users\Median\Desktop\Games\Terraria.url -> steam://rungameid/105600
    InternetURL: C:\Users\Median\Desktop\Games\The Binding of Isaac.url -> steam://rungameid/113200
    InternetURL: C:\Users\Median\Desktop\Games\The Mighty Quest For Epic Loot.url -> steam://rungameid/239220
    InternetURL: C:\Users\sederunt\Favorites\eBay.co.uk.url -> hxxp://www.ebay.de/?mpt=1173498776949
    InternetURL: C:\Users\sederunt\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
    InternetURL: C:\Users\sederunt\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
    InternetURL: C:\Users\sederunt\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
    InternetURL: C:\Users\sederunt1\Favorites\eBay.co.uk.url -> hxxp://www.ebay.de/?mpt=1173498776949
    InternetURL: C:\Users\sederunt1\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
    InternetURL: C:\Users\sederunt1\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
    InternetURL: C:\Users\sederunt1\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
    InternetURL: C:\Users\UpdatusUser\Favorites\eBay.co.uk.url -> hxxp://www.ebay.de/?mpt=1173498776949
     
    ==================== End of log =============================
     
     
    Thanks again.

    • 0

    #4
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts

    Please remove Spybot Search and Destroy. It wont protect your computer from new variants, but it will intervene with our tools.

     

    Download the enclosed file. Attached File  fixlist.txt   3.02KB   88 downloads

     

    Save it in the same location FRST is saved.

     

    Launch FRST and click on the Fix button.

     

    The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
     
    Lets scan the computer.
     
     

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
     

    Download : ADWCleaner to your desktop.
     
    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs and click on the AdwCleaner icon.
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
     

    bf_new.gif Please download Malwarebytes' Anti-Malware from Here
     
    Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
    • Select the language and click OK.
    • Accept the agreement
    • Make sure a checkmark is placed next to Enable the Free Trial and Launch
    • Malwarebytes' Anti-Malware, then click on finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now".
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click on Quanrantee All,.
    • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
    • Upon restart, launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Right click on your next reply and select Paste.
    • Submit your reply.
     
     
    Extra Note:
     
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     
    Re-scan with FRST and post the new log.

     


    • 0

    #5
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Thank you for the reply.

     

     

     

    Fixlog.txt

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
    Ran by Median at 2014-05-18 09:30:53 Run:1
    Running from C:\Users\Median\Desktop\Games\Farbar
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    Task: {D7A6C6FA-5178-4665-A059-C23B19C0C3C8} - \DigitalSite No Task File <==== ATTENTION
    AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [4210176 2014-05-04] ()
    AppInit_DLLs-x32: c:\progra~2\gssupp~1\assist~1.dll => C:\Program Files (x86)\GS Supporter\Assistant.dll [4296192 2014-05-04] ()
    R2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [174928 2014-05-04] ()
    C:\Program Files (x86)\GS Supporter
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ProxyServer:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...idswT5PVQm_281w,
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...q={searchTerms}
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperba...q={searchTerms}
    BHO: NewSaaveer - {05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} - C:\ProgramData\NewSaaveer\m7_hrE.x64.dll ()
    C:\ProgramData\NewSaaveer
    BHO: saave ennEt - {827240CD-F3D5-047D-EFE9-034179DA1B23} - C:\Program Files (x86)\saave ennEt\03lGBoE3q.x64.dll ()
    C:\Program Files (x86)\saave ennEt
    BHO: sAve uneet - {C0549C6B-D108-7E6D-584A-DD4A822080C3} - C:\Program Files (x86)\sAve uneet\Zbffa7n.x64.dll ()
    C:\Program Files (x86)\sAve uneet
    BHO-x32: NewSaaveer - {05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} - C:\ProgramData\NewSaaveer\m7_hrE.dll ()
    C:\ProgramData\NewSaaveer
    BHO-x32: saave ennEt - {827240CD-F3D5-047D-EFE9-034179DA1B23} - C:\Program Files (x86)\saave ennEt\03lGBoE3q.dll ()
    C:\Program Files (x86)\saave ennE
    BHO-x32: sAve uneet - {C0549C6B-D108-7E6D-584A-DD4A822080C3} - C:\Program Files (x86)\sAve uneet\Zbffa7n.dll ()
    C:\Program Files (x86)\sAve uneet
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [174928 2014-05-04] ()
    R1 {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64; C:\Windows\System32\drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys [61112 2014-04-24] (StdLib)
    C:\Windows\system32\Drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys
    C:\Users\Median\AppData\Local\nsp95D4.tmp
    C:\Windows\Tasks\SN.Booster-S-615019665.job
    Task: {51A757BE-6303-4D2B-81F8-289C03164E76} - System32\Tasks\SN.Booster-S-615019665 => c:\programdata\miniapp\sn.booster\SN.Booster.exe [2013-05-04] ()
    Task: C:\Windows\Tasks\SN.Booster-S-615019665.job => c:\programdata\miniapp\sn.booster\SN.Booster.exe
    c:\programdata\miniapp\sn.booster
    End
    *****************
     
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7A6C6FA-5178-4665-A059-C23B19C0C3C8} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7A6C6FA-5178-4665-A059-C23B19C0C3C8} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
    " C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL" => Value Data removed successfully.
    "c:\progra~2\gssupp~1\assist~1.dll" => Value Data removed successfully.
    e9f32388 => Service stopped successfully.
    e9f32388 => Service deleted successfully.
    C:\Program Files (x86)\GS Supporter => Moved successfully.
    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
    HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} => Key deleted successfully.
    HKCR\CLSID\{05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} => Key deleted successfully.
    C:\ProgramData\NewSaaveer => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827240CD-F3D5-047D-EFE9-034179DA1B23} => Key deleted successfully.
    HKCR\CLSID\{827240CD-F3D5-047D-EFE9-034179DA1B23} => Key deleted successfully.
    C:\Program Files (x86)\saave ennEt => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0549C6B-D108-7E6D-584A-DD4A822080C3} => Key deleted successfully.
    HKCR\CLSID\{C0549C6B-D108-7E6D-584A-DD4A822080C3} => Key deleted successfully.
    C:\Program Files (x86)\sAve uneet => Moved successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{05AD4AE4-BD61-55A7-72B3-CF06DAA85CA0} => Key deleted successfully.
    "C:\ProgramData\NewSaaveer" => File/Directory not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{827240CD-F3D5-047D-EFE9-034179DA1B23} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{827240CD-F3D5-047D-EFE9-034179DA1B23} => Key deleted successfully.
    "C:\Program Files (x86)\saave ennE" => File/Directory not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0549C6B-D108-7E6D-584A-DD4A822080C3} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{C0549C6B-D108-7E6D-584A-DD4A822080C3} => Key deleted successfully.
    "C:\Program Files (x86)\sAve uneet" => File/Directory not found.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    e9f32388 => Service not found.
    {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64 => Service stopped successfully.
    {0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64 => Service deleted successfully.
    C:\Windows\system32\Drivers\{0bd9bacb-0a2d-4412-900e-b2473afd87b4}Gw64.sys => Moved successfully.
    C:\Users\Median\AppData\Local\nsp95D4.tmp => Moved successfully.
    C:\Windows\Tasks\SN.Booster-S-615019665.job => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{51A757BE-6303-4D2B-81F8-289C03164E76} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A757BE-6303-4D2B-81F8-289C03164E76} => Key deleted successfully.
    C:\Windows\System32\Tasks\SN.Booster-S-615019665 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SN.Booster-S-615019665 => Key deleted successfully.
    C:\Windows\Tasks\SN.Booster-S-615019665.job not found.
    c:\programdata\miniapp\sn.booster => Moved successfully.
     
    ==== End of Fixlog ====
     
     
    JRT.txt
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Median on 18/05/2014 at  9:34:36.24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2341886027-534968240-3223439117-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon setup_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon setup_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(3)_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(3)_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon setup_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\babylon setup_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(2)_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(3)_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(3)_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] C:\Windows\syswow64\shoB50C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC7B1.tmp
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\fighters"
    Successfully deleted: [Folder] "C:\Users\Median\AppData\Roaming\fighters"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/05/2014 at  9:38:21.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    ADWCleaner
     
     
    # AdwCleaner v3.018 - Report created 11/02/2014 at 19:25:27
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Median - MEDIAN-PC
    # Running from : C:\Users\Median\Downloads\adwcleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\SpeedMaxPc
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\alotappbar
    Folder Deleted : C:\Program Files (x86)\Perion
    Folder Deleted : C:\Users\Median\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Median\AppData\Local\Zoom_Downloader
    Folder Deleted : C:\Users\Median\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\Median\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Median\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Median\AppData\Roaming\digitalsite
    Folder Deleted : C:\Users\Median\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Median\AppData\Roaming\SpeedMaxPc
    Folder Deleted : C:\Users\Median\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
    File Deleted : C:\END
    File Deleted : C:\Users\Median\AppData\Local\funmoods.crx
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\BrowserMngr_extensions.sqlite
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\browsermngr_prefs.js
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\invalidprefs.js
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\BabylonMngr.xml
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\delta.xml
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\searchplugins\SweetIm.xml
    File Deleted : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\user.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
    File Deleted : C:\Windows\Tasks\digitalsite.job
    File Deleted : C:\Windows\System32\Tasks\digitalsite
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\f
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\speedmaxpc_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKCU\Software\596da8ab76fbf41
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Alexa Internet
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\delta LTD
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SpeedMaxPC
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SpeedMaxPC
    Key Deleted : HKLM\Software\Web Assistant
    Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.16428
     
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
     
    -\\ Mozilla Firefox v27.0 (en-US)
     
    [ File : C:\Users\Median\AppData\Roaming\Mozilla\Firefox\Profiles\qa5wdbu7.default\prefs.js ]
     
    Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=119969&babsrc=HP_ss&mntrId=204C8C89A5C73C5F");
    Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
    Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=113959&tt=270912_7a_3912_2");
    Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "2");
    Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
    Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
    Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "7C5A90EE9087405FECE1F41527073C05");
    Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.id", "204c3cc00000000000008c89a5c73c5f");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15613");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
    Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1212:42:39");
    Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
    Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
    Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
    Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
    Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=204c3cc00000000000008c89a5c73c5f&q=");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1212:42:39");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=270912_7a_3912_2");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1212:42:39");
    Line Deleted : user_pref("extensions.crossrider.bic", "1393ff441e166e910a876a72aa8ae905");
    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.bbDpng", "15");
    Line Deleted : user_pref("extensions.delta.cntry", "GB");
    Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.delta.hdrMd5", "23D97EF1DE6F051EA8C01BD562771A76");
    Line Deleted : user_pref("extensions.delta.id", "204c3cc00000000000008c89a5c73c5f");
    Line Deleted : user_pref("extensions.delta.instlDay", "15809");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.16.1616:27:29");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.sg", "azb");
    Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1616:27:29");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
    Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
    Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
    Line Deleted : user_pref("extensions.funmoods.cntry", "GB");
    Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
    Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
    Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
    Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
    Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
    Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
    Line Deleted : user_pref("extensions.funmoods.hdrMd5", "6504E3EA57CF75BE2461A766FB1C826E");
    Line Deleted : user_pref("extensions.funmoods.hmpg", false);
    Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387");
    Line Deleted : user_pref("extensions.funmoods.id", "8C89A5C73C5F3CC0");
    Line Deleted : user_pref("extensions.funmoods.instlDay", "15603");
    Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
    Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:12:15");
    Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Line Deleted : user_pref("extensions.funmoods.newTab", false);
    Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387");
    Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.sg", "none");
    Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
    Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
    Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0CyBtA0CyD0FtA0C0CtDtN0D0Tzu0CtByCyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1525193387&[...]
    Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:12:15");
    Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
    Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:12:15");
    Line Deleted : user_pref("extensions.incredibar.admin", false);
    Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
    Line Deleted : user_pref("extensions.incredibar.cntry", "GB");
    Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
    Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
    Line Deleted : user_pref("extensions.incredibar.did", "10657");
    Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
    Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
    Line Deleted : user_pref("extensions.incredibar.hdrMd5", "45FF9E03949847C9942DF0BE714F1FC8");
    Line Deleted : user_pref("extensions.incredibar.hmpg", false);
    Line Deleted : user_pref("extensions.incredibar.id", "204c3cc00000000000008c89a5c73c5f");
    Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
    Line Deleted : user_pref("extensions.incredibar.instlDay", "15585");
    Line Deleted : user_pref("extensions.incredibar.instlRef", "");
    Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1410:46:35");
    Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Line Deleted : user_pref("extensions.incredibar.newTab", false);
    Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
    Line Deleted : user_pref("extensions.incredibar.ppd", "");
    Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
    Line Deleted : user_pref("extensions.incredibar.productid", "26");
    Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Line Deleted : user_pref("extensions.incredibar.sg", "none");
    Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
    Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
    Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQIpAMZ4m&loc=IB_TB&i=26&search=");
    Line Deleted : user_pref("extensions.incredibar.upn2", "6PQIpAMZ4m");
    Line Deleted : user_pref("extensions.incredibar.upn2n", "92543511279242914");
    Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1410:46:35");
    Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Line Deleted : user_pref("extensions.incredibar_i.did", "10657");
    Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Line Deleted : user_pref("extensions.incredibar_i.id", "204c3cc00000000000008c89a5c73c5f");
    Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15585");
    Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
    Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQIpAMZ4m&loc=IB_TB&i=26&search=");
    Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQIpAMZ4m");
    Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92543511279242914");
    Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1410:46:35");
    Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6PQIpAMZ4m");
    Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
    Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6PQIpAMZ4m_active_MB131_MB132_UA-25323614-7_2012-09-02-10-46-30");
    Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6PQIpAMZ4m_active_MB131_MB132_UA-25323614-7_2012-09-02-10-46-30");
     
    -\\ Google Chrome v32.0.1700.107
     
    [ File : C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [27669 octets] - [11/02/2014 19:23:13]
    AdwCleaner[S0].txt - [26938 octets] - [11/02/2014 19:25:27]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26999 octets] ##########
     
     
     
    Malwarebytes 
     
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 18/05/2014
    Scan Time: 10:07:38
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.1.1004
    Malware Database: v2014.05.18.02
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Median
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 378788
    Time Elapsed: 13 min, 32 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 2
    PUP.Optional.SNBoost.A, HKLM\SOFTWARE\WOW6432NODE\SN.Booster, Quarantined, [bd1dc58dd0abc76f0d05216732d06799], 
    PUP.Optional.DataMngr.A, HKU\S-1-5-21-2341886027-534968240-3223439117-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [8456d1817902ed495da9d8dbb54e827e], 
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 1
    PUP.Optional.WeatherAlerts, C:\Users\Median\AppData\Local\WeatherAlerts, Quarantined, [a535dc76255692a461473241f012837d], 
     
    Files: 29
    PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{1767583D-4281-4281-A06A-0AA3CC847ACB}\Custom.dll, Quarantined, [f1e91a3816651a1c1f21034007f9768a], 
    PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{8671745B-5916-490B-ABE0-11345D9256AD}\Custom.dll, Quarantined, [4b8f6fe363186dc9ae92c67def11f907], 
    PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{8D9BA670-FE09-458E-A765-B62B56788486}\Custom.dll, Quarantined, [0bcf6ae8d3a85fd7320e241fe51bb24e], 
    PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{B97F73F3-38C2-4370-A19B-70E0629C5105}\Custom.dll, Quarantined, [9c3e1b3792e9fe38b48c53f0e51b649c], 
    PUP.Optional.Somoto, C:\Users\Median\Downloads\MouseMonitor_downloader_by_MyFavoriteGadgets.exe, Quarantined, [00dab59d403bd85ef8a13837d430ec14], 
    PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(2).exe, Quarantined, [bd1d1a387cffac8a84d119f0f11055ab], 
    PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(3).exe, Quarantined, [17c3064cc8b336003e174cbdb64bbf41], 
    PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1.exe, Quarantined, [716951017b00a6903d18ea1fcd34c13f], 
    PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetupV1(1).exe, Quarantined, [cc0ee76b3744a59185d030d908f9e11f], 
    PUP.Bundle.Installer.OI, C:\Users\Median\Downloads\downloadmanager_Setup.exe, Quarantined, [f2e8163cc7b4d0668a8ef1a6c43cad53], 
    PUP.Optional.Bandoo, C:\Users\Median\Downloads\iLividSetup-r1139-n-bc.exe, Quarantined, [f6e47ed462190432441115f45ea3b848], 
    PUP.Optional.ToolBarInstaller.A, C:\Users\Median\Downloads\cpu-z_1.62-setup-en.exe, Quarantined, [697192c004774cea6a48b073bf4506fa], 
    PUP.Optional.SweetIM, C:\Users\Median\Downloads\pacman_mp_pgr.exe, Quarantined, [8e4cca887a0167cf7f73d8971be9d42c], 
    PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup(1).exe, Quarantined, [6971fb571e5de551ecf1f736ee13c43c], 
    PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup(2).exe, Quarantined, [defc57fb8deeda5cf2eb1716bf42c43c], 
    PUP.Optional.InstallCore.A, C:\Users\Median\Downloads\ZipExtractorSetup.exe, Quarantined, [f7e38ec46d0ea2941bc2aa8315ec3dc3], 
    PUP.Optional.ArcadeFrontier.A, C:\Users\Median\Downloads\ArcadeFrontierGames.exe, Quarantined, [ebef4d055f1cbb7b96632c2c2ad716ea], 
    PUP.Bundle.Installer.OI, C:\Users\Median\Downloads\Setup (1).exe, Quarantined, [eeec3f1396e573c3d1472a6d0cf448b8], 
    PUP.BundleInstaller.OI, C:\Users\Median\Downloads\Setup.exe, Quarantined, [f1e9a7ab39420b2b314c4e66867a1de3], 
    PUP.Optional.Softonic.A, C:\Users\Median\Downloads\SoftonicDownloader_for_hattrick-organizer.exe, Quarantined, [f1e993bf82f9c571c6eee639d0314ab6], 
    PUP.Optional.LiveSoftAction.A, C:\Users\Median\Downloads\Minecraft provided through GetNow.exe, Quarantined, [d6044210e09b48ee54b751ca946dca36], 
    PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326 (1).exe, Quarantined, [8456d67c7cff3303083c2155f90810f0], 
    PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326(1).exe, Quarantined, [bc1e0052ef8cc76feb59ccaa7d8425db], 
    PUP.Optional.InstalleRex, C:\Users\Median\Downloads\minecraftdl_16326.exe, Quarantined, [11c9d082b7c47eb871d32c4ac839ff01], 
    PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Free_Download_Manager_Setup (1).exe, Quarantined, [51890250d1aaba7c480ebe8f6a97e719], 
    PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Free_Download_Manager_Setup.exe, Quarantined, [06d4de747b009b9bb0a6fa53fb065fa1], 
    PUP.Optional.OptimumInstaller.A, C:\Users\Median\Downloads\Updater_Setup.exe, Quarantined, [89511b37710a171f7ed89bb2d42dc53b], 
    PUP.Optional.Superfish.A, C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [9842133fd4a76dc9a26bee96aa586e92], 
    PUP.Optional.Superfish.A, C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d109ec66dc9f25119b728df741c1db25], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
    FRST 2
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
    Ran by Median (administrator) on MEDIAN-PC on 18-05-2014 10:16:17
    Running from C:\Users\Median\Desktop\Games\Farbar
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Farbar) C:\Users\Median\Desktop\Games\Farbar\Farbar.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=MDNF&bmod=MDNF
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Median\AppData\Local\Roblox\Versions\version-6cfc785e896545ae\\NPRobloxProxy.dll ( ROBLOX Corporation)
     
    Chrome: 
    =======
    CHR StartupUrls: "https://www.google.co.uk/"
    CHR DefaultSearchKeyword: google.co.uk
    CHR Extension: (Google Docs) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-07]
    CHR Extension: (Google Drive) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-07]
    CHR Extension: (YouTube) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-07]
    CHR Extension: (Google Search) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-07]
    CHR Extension: (Google Wallet) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
    CHR Extension: (Gmail) - C:\Users\Median\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-07]
    CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2014-05-07]
     
    ==================== Services (Whitelisted) =================
     
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-10] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-18 09:53 - 2014-05-18 10:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-18 09:53 - 2014-05-18 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-18 09:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-18 09:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-18 09:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-18 09:51 - 2014-05-18 09:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Median\Desktop\mbam-setup-2.0.1.1004.exe
    2014-05-18 09:50 - 2014-05-18 09:50 - 00006728 _____ () C:\Users\Median\Desktop\AdwCleaner[S1].txt
    2014-05-18 09:46 - 2014-05-18 09:46 - 264417340 _____ () C:\Users\Median\Desktop\backup.reg
    2014-05-18 09:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-18 09:40 - 2014-05-18 09:40 - 01325827 _____ () C:\Users\Median\Desktop\AdwCleaner.exe
    2014-05-18 09:38 - 2014-05-18 09:38 - 00003669 _____ () C:\Users\Median\Desktop\JRT.txt
    2014-05-18 09:34 - 2014-05-18 09:34 - 01016261 _____ (Thisisu) C:\Users\Median\Desktop\JRT.exe
    2014-05-18 09:34 - 2014-05-18 09:34 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-17 09:20 - 2014-05-18 10:16 - 00000000 ____D () C:\FRST
    2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
    2014-05-14 18:27 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-14 18:27 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-14 18:27 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-14 18:27 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-14 18:27 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-14 18:27 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-14 18:14 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 18:14 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 18:14 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 18:14 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 18:14 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 18:14 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 18:14 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 18:14 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 18:14 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 18:14 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 18:14 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 18:14 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 18:14 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 18:14 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 18:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 18:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 18:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 18:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 18:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 18:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 18:13 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 18:13 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 18:13 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 18:13 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 18:13 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 18:13 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
    2014-05-11 11:21 - 2014-05-11 11:22 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
    2014-05-11 11:12 - 2014-05-11 11:13 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
    2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
    2014-05-11 10:36 - 2014-05-11 10:37 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
    2014-05-10 18:13 - 2014-05-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-10 18:03 - 2014-05-10 18:04 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
    2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-05-07 19:06 - 2014-05-18 10:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-07 19:06 - 2014-05-18 09:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-07 19:06 - 2014-05-18 09:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 19:06 - 2014-05-18 09:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
    2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
    2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-07 18:51 - 2014-05-07 18:52 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
    2014-05-06 10:06 - 2014-05-14 18:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
    2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
    2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
    2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
    2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
    2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
    2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
    2014-05-04 14:40 - 2014-05-18 09:30 - 00000000 ____D () C:\ProgramData\MiniApp
    2014-05-04 14:40 - 2014-05-11 10:44 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
    2014-05-04 14:40 - 2014-05-04 14:53 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
    2014-04-29 21:15 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-29 21:15 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-29 21:15 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-29 21:15 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-29 21:15 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-29 21:15 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-29 21:15 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-29 21:15 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-29 21:15 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-29 21:15 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-29 21:15 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-29 21:15 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-29 21:15 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-29 21:15 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-29 21:15 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-29 21:15 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-29 21:15 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-29 21:15 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-29 21:15 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-29 21:15 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-29 21:15 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-29 21:15 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-29 21:15 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-29 21:15 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-29 21:15 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-29 21:15 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-29 21:15 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-29 21:15 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-29 21:15 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-29 21:15 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-29 21:15 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-29 21:15 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-29 21:15 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-29 21:15 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-29 21:15 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-29 21:15 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-29 21:15 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-29 21:15 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-29 21:15 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-29 21:15 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-29 21:15 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-29 21:15 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-29 21:15 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-29 21:14 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-27 12:17 - 2014-04-27 12:19 - 00000000 ____D () C:\Users\Median\Downloads\Instances
    2014-04-27 12:17 - 2014-04-27 12:18 - 00000000 ____D () C:\Users\Median\Downloads\Configs
    2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
    2014-04-27 12:14 - 2014-05-10 17:54 - 00000000 ____D () C:\Users\Median\Downloads\authlib
    2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
    2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-26 20:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-26 20:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-26 20:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-26 20:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-18 10:16 - 2014-05-17 09:20 - 00000000 ____D () C:\FRST
    2014-05-18 10:10 - 2014-05-18 09:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-18 10:08 - 2014-05-07 19:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-18 10:08 - 2014-02-25 14:44 - 00162154 _____ () C:\Windows\PFRO.log
    2014-05-18 10:08 - 2014-02-11 20:58 - 00023106 _____ () C:\Windows\setupact.log
    2014-05-18 10:08 - 2012-07-26 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-05-18 10:08 - 2012-07-26 17:14 - 01095579 _____ () C:\Windows\WindowsUpdate.log
    2014-05-18 10:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-18 09:57 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-18 09:57 - 2009-07-14 05:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-18 09:53 - 2014-05-18 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-18 09:53 - 2014-05-18 09:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-18 09:52 - 2014-05-18 09:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Median\Desktop\mbam-setup-2.0.1.1004.exe
    2014-05-18 09:50 - 2014-05-18 09:50 - 00006728 _____ () C:\Users\Median\Desktop\AdwCleaner[S1].txt
    2014-05-18 09:49 - 2014-05-07 19:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-18 09:48 - 2014-02-11 20:23 - 00000000 ____D () C:\AdwCleaner
    2014-05-18 09:46 - 2014-05-18 09:46 - 264417340 _____ () C:\Users\Median\Desktop\backup.reg
    2014-05-18 09:43 - 2014-05-07 19:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-18 09:43 - 2014-05-07 19:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-18 09:40 - 2014-05-18 09:40 - 01325827 _____ () C:\Users\Median\Desktop\AdwCleaner.exe
    2014-05-18 09:38 - 2014-05-18 09:38 - 00003669 _____ () C:\Users\Median\Desktop\JRT.txt
    2014-05-18 09:34 - 2014-05-18 09:34 - 01016261 _____ (Thisisu) C:\Users\Median\Desktop\JRT.exe
    2014-05-18 09:34 - 2014-05-18 09:34 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-18 09:32 - 2013-01-12 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-18 09:30 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\MiniApp
    2014-05-18 09:29 - 2013-11-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-05-18 09:27 - 2013-12-10 17:06 - 00000128 _____ () C:\Windows\WININIT.INI
    2014-05-18 09:27 - 2013-11-25 20:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-05-17 19:59 - 2012-07-26 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-05-17 12:09 - 2012-08-06 19:08 - 00000000 ___RD () C:\Users\Median\Desktop\Games
    2014-05-17 11:06 - 2013-12-09 20:03 - 00000000 ____D () C:\Users\Median\AppData\Local\Battle.net
    2014-05-16 13:32 - 2013-01-12 18:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-16 13:32 - 2012-08-11 17:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-16 13:32 - 2011-12-01 22:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-16 12:46 - 2012-12-22 14:28 - 00000000 ____D () C:\Users\Median\AppData\Roaming\jEdit
    2014-05-15 17:47 - 2014-05-15 17:47 - 00000000 ____H () C:\Users\Median\Documents\Default.rdp
    2014-05-15 16:36 - 2009-07-14 03:34 - 00000554 _____ () C:\Windows\win.ini
    2014-05-14 20:21 - 2014-05-10 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-14 20:21 - 2012-07-27 09:25 - 00000000 ____D () C:\Users\Median\AppData\Roaming\Mozilla
    2014-05-14 18:47 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-14 18:35 - 2014-05-06 10:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-14 18:27 - 2013-08-14 10:45 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-14 18:26 - 2011-07-18 21:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-12 17:44 - 2014-01-21 19:36 - 00000000 ____D () C:\Users\Median\Downloads\MagicFarm2
    2014-05-11 11:44 - 2012-07-26 18:16 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.minecraft
    2014-05-11 11:22 - 2014-05-11 11:22 - 02525416 _____ () C:\Users\Median\Downloads\EJM Ultimate Resource Pack.zip
    2014-05-11 11:22 - 2014-05-11 11:21 - 10966842 _____ () C:\Users\Median\Downloads\Epic Jump Map Ultimate Fix.zip
    2014-05-11 11:13 - 2014-05-11 11:12 - 13968067 _____ () C:\Users\Median\Downloads\Little Timmys Birthday Adventure.zip
    2014-05-11 10:53 - 2014-05-11 10:53 - 02721096 _____ () C:\Users\Median\Downloads\Abducted by the Taco.zip
    2014-05-11 10:44 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\504c2cf8db11ac3b
    2014-05-11 10:37 - 2014-05-11 10:36 - 16466175 _____ () C:\Users\Median\Downloads\The Lost Potato by ICrafting_ v1.2.5.zip
    2014-05-10 18:04 - 2014-05-10 18:03 - 08530545 _____ () C:\Users\Median\Downloads\The Evil Doctors Castle.zip
    2014-05-10 17:54 - 2014-04-27 12:14 - 00000000 ____D () C:\Users\Median\Downloads\authlib
    2014-05-10 17:54 - 2013-01-06 11:13 - 00000000 ____D () C:\Users\Median\AppData\Roaming\ftblauncher
    2014-05-09 15:55 - 2013-12-09 20:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
    2014-05-09 07:14 - 2014-05-14 18:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 07:11 - 2014-05-14 18:14 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-07 19:09 - 2014-03-12 21:14 - 00000000 ____D () C:\Users\Median\AppData\Local\Windows Live
    2014-05-07 19:07 - 2014-05-07 19:07 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-05-07 19:07 - 2014-05-07 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-05-07 19:07 - 2012-07-26 17:15 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-07 19:06 - 2014-05-07 19:06 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup(1).exe
    2014-05-07 19:05 - 2014-05-07 19:05 - 00884712 _____ (Google Inc.) C:\Users\Median\Downloads\ChromeSetup.exe
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieUserList
    2014-05-07 19:01 - 2014-05-07 19:01 - 00000000 __SHD () C:\Users\Median\AppData\Local\EmieSiteList
    2014-05-07 18:52 - 2014-05-07 18:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-05-07 18:52 - 2014-05-07 18:52 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-05-07 18:52 - 2014-05-07 18:51 - 30818216 _____ (Oracle Corporation) C:\Users\Median\Downloads\jre-7u55-windows-x64.exe
    2014-05-07 18:41 - 2013-06-30 10:05 - 00000000 ____D () C:\Users\Median\AppData\Roaming\.technic
    2014-05-06 18:28 - 2013-06-18 19:06 - 00000000 ____D () C:\Users\Median\AppData\Local\Unity
    2014-05-06 14:16 - 2009-07-14 06:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-06 05:40 - 2014-05-14 18:27 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-06 05:17 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-06 04:25 - 2014-05-14 18:27 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-06 04:07 - 2014-05-14 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-06 04:00 - 2014-05-14 18:27 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-06 03:10 - 2014-05-14 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-05 19:07 - 2014-05-05 19:07 - 00003186 _____ () C:\Windows\System32\Tasks\{2993FA29-010B-49C0-A484-CE35B488583F}
    2014-05-05 19:06 - 2014-05-05 19:06 - 01599241 _____ () C:\Users\Median\Downloads\fml-1.7.2-7.2.171.894-installer-win.exe
    2014-05-05 14:32 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-05-04 15:15 - 2014-05-04 15:15 - 02269863 _____ () C:\Users\Median\Downloads\forge-1.6.4-9.11.1.965-installer.jar
    2014-05-04 14:53 - 2014-05-04 14:40 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-05-04 14:51 - 2014-05-04 14:51 - 00000000 ____D () C:\Users\Median\AppData\Roaming\FML
    2014-05-04 14:48 - 2014-05-04 14:48 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (2).jar
    2014-05-04 14:47 - 2014-05-04 14:47 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787 (1).jar
    2014-05-04 14:46 - 2014-05-04 14:46 - 01238892 _____ () C:\Users\Median\Downloads\fml-installer-1.6.4-6.4.41.787.jar
    2014-05-04 14:41 - 2014-05-04 14:41 - 00000000 ____D () C:\Users\Median\AppData\Local\Packages
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt1\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\sederunt\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Median\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\HomeGroupUser$
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Guest
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
    2014-05-04 14:40 - 2014-05-04 14:40 - 00000000 ____D () C:\Users\Administrator
    2014-05-04 14:40 - 2012-07-26 17:53 - 00000000 ____D () C:\Users\Median\AppData\Local\Google
    2014-05-02 17:06 - 2013-12-09 20:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-04-30 17:12 - 2013-12-06 20:06 - 00000000 ____D () C:\Users\Median\Desktop\bat
    2014-04-30 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-29 19:00 - 2012-07-27 13:19 - 00000000 ____D () C:\Users\Median\AppData\Local\ArmA 2 OA
    2014-04-27 12:19 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Instances
    2014-04-27 12:18 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Configs
    2014-04-27 12:17 - 2014-04-27 12:17 - 00778192 _____ () C:\Users\Median\Downloads\ATLauncher (1).exe
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Servers
    2014-04-27 12:17 - 2014-04-27 12:17 - 00000000 ____D () C:\Users\Median\Downloads\Backups
    2014-04-27 12:14 - 2014-04-27 12:14 - 00000000 _____ () C:\Users\Median\Downloads\FTBOSSent1.3.8.txt
    2014-04-26 20:36 - 2014-04-26 20:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-26 20:36 - 2014-04-26 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-26 20:36 - 2013-10-22 18:13 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-26 20:36 - 2013-06-28 11:45 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-04-22 18:11 - 2013-12-22 11:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
     
    Files to move or delete:
    ====================
    C:\Users\Median\jagex_cl_runescape_LIVE.dat
    C:\Users\Median\random.dat
    C:\Users\Public\AlexaNSISPlugin.4588.dll
     
     
    Some content of TEMP:
    ====================
    C:\Users\Median\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe
    [2014-05-14 18:14] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
     
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
     
    LastRegBack: 2013-12-23 14:29
     
    ==================== End Of Log ============================
     
     
    Thanks again for the help.

    • 0

    #6
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts
    Run FRST as you did before.
     
    Type the following in the edit box on FRST, after "Search:".
     
    winlogon.exe
     
    It then should look like:
     
    Search: winlogon.exe
     
    Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

    • 0

    #7
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Here you go!

     

    Farbar Recovery Scan Tool (x64) Version: 17-05-2014
    Ran by Median at 2014-05-19 17:30:32
    Running from C:\Users\Median\Desktop\Games\Farbar
    Boot Mode: Normal
     
    ================== Search Files: "winlogon.exe" =============
     
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
    [2014-05-14 18:14] - [2014-03-04 12:08] - 0455680 ____A (Microsoft Corporation) 6CE2AE073BD21C542FC2C707CAE944CC
     
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
    [2014-05-14 18:14] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
     
    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2010-11-21 04:24] - [2010-11-21 04:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457
     
    C:\Windows\System32\winlogon.exe
    [2014-05-14 18:14] - [2014-03-04 10:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
     
    C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2014-05-18 09:53] - [2014-04-03 09:49] - 0742200 ____A (MalwareBytes) 96820649733BFB2B0499C371904B7B40
     
    ====== End Of Search ======

    • 0

    #8
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts

    How is the computer doing?


    • 0

    #9
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Adfender is coping but i do feel that the pc runs slower with the ads


    • 0

    #10
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts

    Please download ComboFix from Here to your Desktop.
     
    **Note:  In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
     

    -----------------------------------------------------------

    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • Install the Recovery Console if prompted.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" .
    • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.


    • 0

    Advertisements


    #11
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Thanks for helping.  It deleted something that i didn't want deleted but it is easily replaced.

     

    ComboFix 14-05-19.01 - Median 21/05/2014  17:01:43.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6036.4410 [GMT 1:00]
    Running from: c:\users\Median\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Packer.exe.lnk
    c:\users\Median\AppData\Roaming\technic-launcher.jar
    c:\users\Public\AlexaNSISPlugin.4588.dll
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-04-21 to 2014-05-21  )))))))))))))))))))))))))))))))
    .
    .
    2014-05-21 09:43 . 2014-05-02 16:49 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA8395FC-F495-4AE3-B8BA-DE7537095EBD}\gapaengine.dll
    2014-05-21 09:43 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE0F797D-410F-49FB-9989-3997CDB417F1}\mpengine.dll
    2014-05-19 20:04 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-05-19 16:18 . 2014-05-19 16:31 -------- d-----w- c:\program files (x86)\Heroes & Generals
    2014-05-19 16:18 . 2014-05-19 16:18 -------- d-----w- c:\program files (x86)\HeroesAndGenerals
    2014-05-18 08:53 . 2014-05-21 15:53 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-18 08:53 . 2014-05-18 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-05-18 08:53 . 2014-05-18 08:53 -------- d-----w- c:\programdata\Malwarebytes
    2014-05-18 08:53 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-18 08:53 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-18 08:53 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-18 08:41 . 2010-08-30 07:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-05-18 08:34 . 2014-05-18 08:34 -------- d-----w- c:\windows\ERUNT
    2014-05-17 08:20 . 2014-05-19 16:22 -------- d-----w- C:\FRST
    2014-05-14 17:27 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
    2014-05-14 17:27 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2014-05-14 17:27 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-14 17:27 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-05-14 17:13 . 2014-04-12 02:22 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-05-07 18:01 . 2014-05-07 18:01 -------- d-sh--w- c:\users\Median\AppData\Local\EmieUserList
    2014-05-07 18:01 . 2014-05-07 18:01 -------- d-sh--w- c:\users\Median\AppData\Local\EmieSiteList
    2014-05-07 17:52 . 2014-05-07 17:52 313256 ----a-w- c:\windows\system32\javaws.exe
    2014-05-07 17:52 . 2014-05-07 17:52 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-05-07 17:52 . 2014-05-07 17:52 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-05-07 17:52 . 2014-05-07 17:52 189352 ----a-w- c:\windows\system32\java.exe
    2014-05-06 09:06 . 2014-05-14 17:35 -------- d-s---w- c:\windows\system32\CompatTel
    2014-05-04 13:51 . 2014-05-04 13:51 -------- d-----w- c:\users\Median\AppData\Roaming\FML
    2014-05-04 13:41 . 2014-05-04 13:41 -------- d-----w- c:\users\Median\AppData\Local\Packages
    2014-04-29 20:15 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2014-04-29 20:14 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-04-26 19:36 . 2014-04-14 19:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-16 12:32 . 2012-08-11 16:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-05-16 12:32 . 2011-12-01 21:26 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-14 17:26 . 2011-07-18 20:31 93223848 ----a-w- c:\windows\system32\MRT.exe
    2014-05-02 16:49 . 2012-10-02 11:02 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-03-11 08:52 . 2012-03-20 19:44 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2014-03-04 09:44 . 2014-04-10 09:49 362496 ----a-w- c:\windows\system32\wow64win.dll
    2014-03-04 09:44 . 2014-04-10 09:49 243712 ----a-w- c:\windows\system32\wow64.dll
    2014-03-04 09:44 . 2014-04-10 09:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2014-03-04 09:44 . 2014-04-10 09:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2014-03-04 09:44 . 2014-04-10 09:49 1163264 ----a-w- c:\windows\system32\kernel32.dll
    2014-03-04 09:17 . 2014-04-10 09:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2014-03-04 09:17 . 2014-04-10 09:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-03-04 09:16 . 2014-04-10 09:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2014-03-04 09:16 . 2014-04-10 09:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2014-03-04 08:09 . 2014-04-10 09:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2014-03-04 08:09 . 2014-04-10 09:49 2048 ----a-w- c:\windows\SysWow64\user.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-18 09:50 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 12:32]
    .
    2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 18:06]
    .
    2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 18:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-27 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-27 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-27 440600]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72741-17534-1/4
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-10 - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.13"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-21  17:13:29
    ComboFix-quarantined-files.txt  2014-05-21 16:13
    .
    Pre-Run: 135,213,633,536 bytes free
    Post-Run: 136,335,249,408 bytes free
    .
    - - End Of File - - 8E2A54C49029CF143DDAA74F48F5083F

    • 0

    #12
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts

    Any improvement?


    • 0

    #13
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Nope.  I dont think there is much chance of the PC being saved.


    • 0

    #14
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 10,962 posts

    Reset your browsers to default. Read here for instructions.
     
    Please run a free online scan with the ESET Online Scanner
     
    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
     
    Note: This scan works with Internet Explorer or Mozilla FireFox.
     
    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    Click the green ESET Online Scanner box
     

    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    • Click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close, make sure you copy the logfile first!
    • Then click on: Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    • 0

    #15
    GingerPowder

    GingerPowder

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    I dont use firefox or explorer, chrome all the way.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP