Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reduce System Performance –Browser Hijacked performance and speed by


  • This topic is locked This topic is locked

#1
razmage11

razmage11

    New Member

  • Member
  • Pip
  • 2 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015
Ran by Administrator (administrator) on 

KLOWDS 

(13-10-2015 18:50:57)
Running from C:\Users\Administrator.klowds\Downloads
Loaded Profiles: Administrator (Available Profiles: razbo & rocky & yeti & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Administrator.klowds\AppData\Roaming\NetService\netservice.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Administrator.klowds\AppData\Local\Crsoft\crsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-877872159-248972997-1231205137-500\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-17] (Siber Systems)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5d1a1bbb-a2a3-4794-80dc-627aa2107cc8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b0e4835a-4f84-4aa7-a679-9b065e232a7c}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-877872159-248972997-1231205137-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-877872159-248972997-1231205137-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-877872159-248972997-1231205137-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> DefaultScope {AEE1C0DD-116B-4677-9CE7-E4549ACD32E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> {8B159412-84FD-4130-87C3-17046B578A96} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101315-A2DCF49A2D522453482F&form=CONBDF&conlogo=CT3331948&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> {AEE1C0DD-116B-4677-9CE7-E4549ACD32E0} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> {F4370CCE-7646-4137-9C42-90D90041849C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-31] (IObit)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-17] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-17] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-17] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-17] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\rocky\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-09-03] (Dashlane)
Toolbar: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-17] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-877872159-248972997-1231205137-500 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-07-02] (Adobe Systems Incorporated)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051

FireFox:
========
FF ProfilePath: C:\Users\Administrator.klowds\AppData\Roaming\Mozilla\Firefox\Profiles\u0inaogr.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-13] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150305-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150421-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
FF HKU\S-1-5-21-877872159-248972997-1231205137-500\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=MAF4DE6E0-F7B7-4297-8A63-9C24944D0F5E&SearchSource=55&CUI=&UM=8&UP=SPDD39E1CC-ECB1-4177-B73D-AE22901D3328&D=101315&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=MAF4DE6E0-F7B7-4297-8A63-9C24944D0F5E&SearchSource=55&CUI=&UM=8&UP=SPDD39E1CC-ECB1-4177-B73D-AE22901D3328&D=101315&SSPV="
CHR DefaultSearchKeyword: Default -> t
CHR Profile: C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-18]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2015-08-17]
CHR Extension: (Torrent Search) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-03-01]
CHR Extension: (GetTorrent) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjlegonfhdhjkaafgndlpgobijmlmm [2015-08-17]
CHR Extension: (Delicious Bookmark Bar Sync 1.1) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\agabedjjbijfpccchcmpfpcdfnlpjkoj [2015-08-17]
CHR Extension: (Google Docs) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]
CHR Extension: (Google Drive) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-18]
CHR Extension: (Facebook Right Column Remover) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\badghiafciannpipcgeajndglbcjkjih [2015-08-17]
CHR Extension: (Web Developer) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-03-01]
CHR Extension: (Facebook Look Back Video Downloader) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglkopdollcjlmnbjafgioegkaihoodj [2015-08-17]
CHR Extension: (General Audit Tool Core) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgjjjckpncjilffbnadepbacbnoigkh [2015-10-11]
CHR Extension: (ClickThrough) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfeoajfcanjhipllkbkpeagofopgoki [2015-03-01]
CHR Extension: (IP[bleep]) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmbpodpcgmnpfjmigcckcjfldcicnd [2015-08-17]
CHR Extension: (YouTube) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-18]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-10-11]
CHR Extension: (Torrent Search Engine) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bokjhgpnmjklkafpkgfafahhpdhdnhbo [2015-08-17]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-08-17]
CHR Extension: (Random Select Radio Buttons) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhihojoekiijkcmfdejobiodnlgijmb [2015-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-17]
CHR Extension: (APK Downloader) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-10-11]
CHR Extension: (Facebook Activity Remover) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhdaapekomkhcdfkeogcmhimmmkgkpb [2015-08-17]
CHR Extension: (InboxNow) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2015-10-11]
CHR Extension: (Select all Facebook friends) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbcjpjecmkjagmnhgfojblhjhnalbda [2015-10-11]
CHR Extension: (Replace New Tab Page) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-18]
CHR Extension: (HTML Editor) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacmeeeegjoaddfondbeaaafohldgfof [2015-10-11]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-08-17]
CHR Extension: (Social Video Chat MashMeTV) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgimnkkcekilmeifblloakploakdjcdm [2015-08-17]
CHR Extension: (Tampermonkey) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-08-17]
CHR Extension: (Enhanced Developer Console) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoghnkbhcnonnmcpnlfbkokgdmgamog [2015-10-11]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-08-17]
CHR Extension: (PageEdit) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2015-03-01]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-08-17]
CHR Extension: (Block site) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-08-17]
CHR Extension: (Easy WebContent Free HTML Editor) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn [2015-10-11]
CHR Extension: (Consumer Input) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2015-10-13]
CHR Extension: (My JDownloader) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2015-10-11]
CHR Extension: (Google Sheets) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-18]
CHR Extension: (Bookmarks Button) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2015-08-17]
CHR Extension: (Word Online) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-08-17]
CHR Extension: (Facebook Meta Inspector) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpedblkbobmjlipnnmalidalmhkangn [2015-03-01]
CHR Extension: (Right-Click enabler) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmfnoikodocoelbimkedjdiaoejbddd [2015-10-11]
CHR Extension: (EditThisCookie) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-03-01]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbcfeinid [2015-08-17]
CHR Extension: (Collusion for Chrome) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2015-08-17]
CHR Extension: (Web Developer Form Filler) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbagmkohmhcjgbepncmehejaljoclpil [2015-10-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-08-17]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-10-11]
CHR Extension: (Tampermonkey BETA) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2015-08-17]
CHR Extension: (ContactExportConfigurable) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddpdggcgmhgepammebejghlbnhndhfo [2015-04-03]
CHR Extension: (Kaiserapps - Web Developer Tools) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglhpbcdnlhflfpacllleoeofbipdgjl [2015-03-01]
CHR Extension: (Free Public Logins, a BugMeNot Alternative) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglnenhpokhheofljihhaidamhfjhafn [2015-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-11]
CHR Extension: (Form Tools) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihginompkjijnipckobcjioandcmjgp [2015-10-11]
CHR Extension: (Facebook Content Unlock) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjehmaffekhefhfcighkjoafgihknoog [2015-08-17]
CHR Extension: (SwagButton) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-08-17]
CHR Extension: (Mailto:) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf [2015-08-17]
CHR Extension: (Mibbit webchat) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-03-01]
CHR Extension: (Unofficial Gimme Bar Extension) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfiafambgalcabpdpikkchpdmmcocjl [2015-03-01]
CHR Extension: (Website Blocker (Beta)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-08-17]
CHR Extension: (Export History) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcohnnbbiggngobheobhdipbgmcbelhh [2015-08-17]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2015-10-11]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2015-03-01]
CHR Extension: (Enable right click) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-08-17]
CHR Extension: (SEO & Website Analysis) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-03-01]
CHR Extension: (Referer Control) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2015-08-17]
CHR Extension: (Appspector) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-08-17]
CHR Extension: (Stealthy) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2015-03-01]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-08-17]
CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2015-03-01]
CHR Extension: (dataslayer) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbablmmjldhamhcldjjigniffkkjgpo [2015-08-17]
CHR Extension: (Voice Recognition) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-10-11]
CHR Extension: (Cookies) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-10-11]
CHR Extension: (Facebook Multiple Sessions) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcehlllhikannljknlkmbofmeghfkpon [2015-08-17]
CHR Extension: (EasyCalendar) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-13]
CHR Extension: (Disconnect) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-10-11]
CHR Extension: (intoProxy) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnoehmhmdffejnkhccdagnppbbcclhne [2015-08-17]
CHR Extension: (Atavi - bookmark manager) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpchabeoojaflbaajmjhfcfiknckabpo [2015-08-17]
CHR Extension: (Web Developer Tools) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kafedakbaiofedkepgjhmppcaimcjknf [2015-10-11]
CHR Extension: (Cookie Manager) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2015-08-17]
CHR Extension: (Google Voice (by Google)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-08-17]
CHR Extension: (Select all FB) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpcloingkingimcaedjnppconpcjoan [2015-10-11]
CHR Extension: (ChromeVox) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2015-08-17]
CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-03-01]
CHR Extension: (Hangouts) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-08-17]
CHR Extension: (BugMeNot Lite) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2015-03-01]
CHR Extension: (Webcam Toy) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-17]
CHR Extension: (Facebook AdBlock) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2015-03-01]
CHR Extension: (Linkclump) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-10-11]
CHR Extension: (Cloud Application Manager) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond [2015-10-11]
CHR Extension: (Cinema PlusV12.10) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-10-13]
CHR Extension: (Facebook Invite All Friends 2015) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec [2015-10-11]
CHR Extension: (fPrivacy) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllliihmodekgjcioihaaodkbpeleph [2015-03-01]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-08-17]
CHR Extension: (Messenger (Unofficial)) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-10-11]
CHR Extension: (Block Site Plus) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfppccbikicoemimadnkllfoaaijicjh [2015-08-17]
CHR Extension: (CouponXplorer) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk [2015-10-11]
CHR Extension: (Minimal Bookmarks Tree) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohenkbngkbmdlkiemonbgdfgdjacaeb [2015-08-17]
CHR Extension: (MultiLogin) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-03-01]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-08-17]
CHR Extension: (Hangouts) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-08-17]
CHR Extension: (Editor Lite) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2015-10-11]
CHR Extension: (Bookmark manager) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgkimgbjgjknccgefmkpepkpngfjkld [2015-08-17]
CHR Extension: (Google Wallet) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-18]
CHR Extension: (Check All) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbihdpkeohjdfncchjhidbbonnihaob [2015-10-11]
CHR Extension: (AIO Search) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhijjefkkokfaiffkcemldacdabpeei [2015-03-01]
CHR Extension: (Bookmax - Bookmark Manager) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjpkfadmfhloombfmmlllnbhkoehckm [2015-08-17]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-08-17]
CHR Extension: (Video Chat FlirtyMania) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaahapngnjijjgplpikimpaepddnfae [2015-08-17]
CHR Extension: (Sidekick by HubSpot) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-10-11]
CHR Extension: (ScriptSafe) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-03-01]
CHR Extension: (Remove Facebook Redirections) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhdomkbnapoacbialllfpbcckckidck [2015-03-01]
CHR Extension: (Gmail) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-18]
CHR Extension: (Testofill, Form Filler for Testers) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdgajoinhkfldibdaledjikboognnl [2015-10-11]
CHR Extension: (RoboForm) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-02-18]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-08-03] (Advanced Micro Devices) [File not signed]
R4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-02-26] ()
R4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-02-26] (ASUSTeK Computer Inc.)
R4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2015-02-26] (ASUSTeK Computer Inc.)
R4 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2015-02-28] (ASUSTeK Computer Inc.) [File not signed]
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-13] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R4 Crashhd; C:\Users\Administrator.klowds\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-13] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R4 NetTcpHandler; C:\Users\Administrator.klowds\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R4 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [87040 2012-06-23] (Highresolution Enterprises) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A6100; C:\Windows\system32\DRIVERS\A6100.sys [2969816 2013-07-08] (Realtek Semiconductor Corporation )
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-02-26] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2015-02-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S3 avpnnic; C:\Windows\system32\DRIVERS\avpnnic.sys [14848 2015-01-19] (AT&T) [File not signed]
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-13] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-10-13] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2010-04-29] (Google Inc)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-13] (REALiX™)
S3 jrvad_service; C:\Windows\system32\drivers\JRiverWDMDriver.sys [36872 2015-01-06] (JRiver, Inc.)
R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
R3 USBlyzer; C:\Windows\system32\DRIVERS\USBlyzer.sys [114944 2014-03-19] (USBlyzer Team)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-09-02] (Windows ® Win 7 DDK provider)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; C:\Windows\System32\drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S1 {8c18950d-388e-4a16-b947-a882c417f551}Gw64; system32\drivers\{8c18950d-388e-4a16-b947-a882c417f551}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:50 - 2015-10-13 18:51 - 00045147 _____ C:\Users\Administrator.klowds\Downloads\FRST.txt
2015-10-13 17:48 - 2015-10-13 17:48 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_Administrator_HistoryPrediction.bin
2015-10-13 16:37 - 2015-10-13 16:37 - 00001102 _____ C:\Users\Administrator.klowds\Desktop\klowwds - Shortcut (2).lnk
2015-10-13 16:37 - 2015-10-13 16:37 - 00000957 _____ C:\Users\Administrator.klowds\Desktop\Users - Shortcut.lnk
2015-10-13 16:36 - 2015-10-13 16:36 - 00000712 _____ C:\Users\Administrator.klowds\Desktop\win7 - Shortcut.lnk
2015-10-13 15:16 - 2015-10-13 15:16 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator.klowds\Downloads\tdsskiller.exe
2015-10-13 14:36 - 2015-10-13 14:36 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Macromedia
2015-10-13 14:35 - 2015-10-13 14:42 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Mozilla
2015-10-13 14:35 - 2015-10-13 14:36 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Mozilla
2015-10-13 14:31 - 2015-10-13 14:31 - 02196480 _____ (Farbar) C:\Users\Administrator.klowds\Downloads\FRST64.exe
2015-10-13 14:11 - 2015-10-13 14:11 - 22815816 _____ C:\Users\Administrator.klowds\Downloads\RogueKillerX64_beta.exe
2015-10-13 14:05 - 2015-10-13 14:05 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\niemiro
2015-10-13 12:13 - 2015-10-13 12:13 - 00003304 _____ C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-10-13 12:13 - 2015-10-13 12:13 - 00000412 __RSH C:\Users\Administrator.klowds\ntuser.pol
2015-10-13 12:08 - 2015-10-13 12:08 - 00001317 _____ C:\Users\razbo\Desktop\Win Fix.lnk
2015-10-13 12:06 - 2015-10-13 12:06 - 86548480 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-10-13 12:06 - 2015-10-13 12:06 - 01003520 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2015-10-13 12:06 - 2015-10-13 12:06 - 00045056 _____ C:\WINDOWS\system32\config\SAM.iobit
2015-10-13 12:06 - 2015-10-13 12:06 - 00036864 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2015-10-13 12:04 - 2015-10-13 12:04 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_yeti_HistoryPrediction.bin
2015-10-13 12:03 - 2015-10-13 12:03 - 00003296 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Startup
2015-10-13 12:03 - 2015-10-13 12:03 - 00003292 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Update
2015-10-13 12:03 - 2015-10-13 12:03 - 00001380 _____ C:\Users\razbo\Desktop\Internet Booster.lnk
2015-10-13 12:03 - 2015-10-13 12:03 - 00001247 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-10-13 12:03 - 2015-10-13 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-10-13 12:03 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\SysWOW64\IObitSmartDefragExtension.dll
2015-10-13 12:03 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2015-10-13 12:03 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2015-10-13 12:03 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2015-10-13 12:01 - 2015-10-13 12:01 - 00000000 ____D C:\Users\razbo\AppData\LocalLow\Oracle
2015-10-13 12:00 - 2015-10-13 12:00 - 00000000 _____ C:\WINDOWS\system32\RENCFB4.tmp
2015-10-13 12:00 - 2015-10-13 12:00 - 00000000 _____ C:\WINDOWS\system32\RENCFB3.tmp
2015-10-13 12:00 - 2015-10-13 11:59 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-10-13 11:58 - 2015-10-13 11:58 - 00001366 _____ C:\Users\yeti\Desktop\System Control.lnk
2015-10-13 11:57 - 2015-10-13 11:57 - 00002428 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_razbo
2015-10-13 11:57 - 2015-10-13 11:09 - 00000256 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_razbo.job
2015-10-13 11:54 - 2015-10-13 11:54 - 00234800 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2015-10-13 11:54 - 2015-10-13 11:54 - 00071148 _____ C:\WINDOWS\system32\Drivers\BCM20702A1_001.002.014.1502.1764.hex
2015-10-13 11:54 - 2015-10-13 11:54 - 00000000 ____D C:\WINDOWS\LastGood
2015-10-13 11:53 - 2015-10-13 11:53 - 00002374 _____ C:\Users\razbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-13 11:48 - 2015-10-13 11:48 - 00002422 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_yeti
2015-10-13 11:48 - 2015-10-13 11:48 - 00000254 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_yeti.job
2015-10-13 11:44 - 2015-10-13 11:48 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-13 11:42 - 2015-10-13 11:42 - 743817613 _____ C:\WINDOWS\MEMORY.DMP
2015-10-13 11:42 - 2015-10-13 11:42 - 00001370 _____ C:\WINDOWS\PFRO.log
2015-10-13 11:41 - 2015-10-13 12:03 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\IObit
2015-10-13 11:35 - 2015-10-13 11:35 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-13 11:11 - 2015-10-13 11:11 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_rocky_HistoryPrediction.bin
2015-10-13 11:10 - 2015-10-13 11:10 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_razbo_HistoryPrediction.bin
2015-10-13 11:10 - 2015-10-13 11:10 - 00000000 ___RD C:\Users\rocky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-13 11:07 - 2015-10-13 11:07 - 00001250 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-10-13 11:07 - 2015-10-13 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-10-13 11:05 - 2015-10-13 11:05 - 29619504 _____ (IObit ) C:\Users\razbo\Downloads\IObit-Malware-Fighter-Setup.exe
2015-10-13 10:58 - 2015-10-13 10:58 - 00372904 _____ C:\Users\razbo\Documents\cc_20151013_105828.reg
2015-10-13 10:46 - 2015-10-13 10:46 - 00000020 ___SH C:\Users\razbo\ntuser.ini
2015-10-13 10:36 - 2015-10-13 10:36 - 00000000 ____D C:\Users\razbo\AppData\Local\PeerDistRepub
2015-10-13 10:20 - 2015-10-13 11:54 - 00001353 _____ C:\WINDOWS\setupact.log
2015-10-13 10:20 - 2015-10-13 11:54 - 00000534 _____ C:\WINDOWS\setuperr.log
2015-10-13 10:03 - 2015-10-13 12:02 - 00002254 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-10-13 10:03 - 2015-10-13 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-10-13 09:10 - 2015-10-13 11:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-13 09:08 - 2015-10-13 09:08 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-10-13 08:18 - 2015-10-13 08:18 - 01048576 _____ C:\WINDOWS\system32\defltbase.sdb
2015-10-13 07:53 - 2015-10-13 07:53 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Apple Computer
2015-10-13 07:53 - 2015-10-13 07:53 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-13 07:52 - 2015-10-13 07:52 - 11117856 _____ (IObit) C:\Users\Administrator.klowds\Downloads\iobituninstaller.exe
2015-10-13 07:52 - 2015-10-13 07:52 - 00001439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-10-13 07:52 - 2015-10-13 07:52 - 00001427 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-10-13 07:52 - 2015-10-13 07:52 - 00000000 ____D C:\Users\Administrator.klowds\AppData\IObit
2015-10-13 07:16 - 2015-10-13 09:52 - 00000000 ____D C:\ProgramData\DataFile
2015-10-13 06:47 - 2015-10-13 06:47 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\shortCutStore
2015-10-13 06:47 - 2015-10-13 06:47 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Crsoft
2015-10-13 06:34 - 2015-10-13 06:34 - 00032768 _____ C:\Users\Administrator.klowds\Documents\EasyBCD Backup (2015-10-13) (2).bcd
2015-10-13 05:43 - 2015-10-13 05:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\NetworkTiles
2015-10-13 03:53 - 2015-10-13 06:53 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\20916
2015-10-13 03:45 - 2015-10-13 04:03 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\gmsd_us_005010109
2015-10-13 03:45 - 2015-10-13 03:45 - 00001208 _____ C:\Users\Public\Desktop\Rapid Media Converter.lnk
2015-10-13 03:44 - 2015-10-13 03:45 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\BrowserHelper
2015-10-13 03:43 - 2015-10-13 06:47 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\RunDir
2015-10-13 03:43 - 2015-10-13 03:43 - 00004434 _____ C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
2015-10-13 03:43 - 2015-10-13 03:43 - 00003242 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-10-13 03:43 - 2015-10-13 03:43 - 00000296 _____ C:\task.vbs
2015-10-13 03:43 - 2015-10-13 03:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\NetService
2015-10-13 03:42 - 2015-10-13 03:57 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\bvxvexvbg
2015-10-13 03:42 - 2015-10-13 03:44 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-13 03:42 - 2015-10-13 03:42 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CrashRpt
2015-10-13 03:42 - 2015-10-13 03:42 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.4161
2015-10-13 03:41 - 2015-10-13 03:41 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\MyBrowser
2015-10-13 03:40 - 2015-10-13 03:40 - 00000000 ____D C:\ProgramData\FlashBeat
2015-10-13 03:37 - 2015-10-13 03:37 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\NeoSmart_Technologies
2015-10-13 03:36 - 2015-10-13 03:36 - 00000264 _____ C:\prefs.js
2015-10-13 03:36 - 2015-10-13 03:36 - 00000000 ____D C:\searchplugins
2015-10-13 03:34 - 2015-10-13 03:34 - 00004436 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
2015-10-13 03:33 - 2015-10-13 04:02 - 00002880 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-13 03:33 - 2015-10-13 04:02 - 00002880 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-13 03:33 - 2015-10-13 03:42 - 00000008 _____ C:\END
2015-10-13 03:33 - 2015-10-13 03:33 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-13 03:33 - 2015-10-13 03:33 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-13 03:33 - 2015-10-13 03:33 - 00001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-13 03:33 - 2015-10-13 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-13 03:33 - 2015-10-13 03:33 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-13 03:33 - 2015-10-13 03:33 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.4188
2015-10-13 03:32 - 2015-10-13 07:13 - 00000000 ____D C:\Program Files (x86)\WinPCOptimizer
2015-10-13 03:32 - 2015-10-13 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win PC Optimizer
2015-10-13 03:32 - 2015-10-13 03:32 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-10-13 03:31 - 2015-10-13 07:53 - 00000000 ____D C:\Users\Administrator.klowds\AppData\LocalLow\IObit
2015-10-13 03:31 - 2015-10-13 03:31 - 00026528 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2015-10-13 03:31 - 2015-10-13 03:31 - 00003086 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Administrator)
2015-10-13 03:30 - 2015-10-13 09:32 - 00000000 ____D C:\Program Files (x86)\84A13E20-1444732234-11DC-8D27-60A44C633FA4
2015-10-13 03:30 - 2015-08-19 14:58 - 00003326 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-13 03:29 - 2015-10-13 03:29 - 00013664 _____ C:\Users\Administrator.klowds\Downloads\[kat.cr]hitman.pro.3.7.9.build.241.2015.patch.frank.torrent
2015-10-13 03:29 - 2015-10-13 03:29 - 00013664 _____ C:\Users\Administrator.klowds\Downloads\[kat.cr]hitman.pro.3.7.9.build.241.2015.patch.frank (1).torrent
2015-10-13 03:29 - 2015-10-13 03:29 - 00000000 ____D C:\Users\Administrator.klowds\Documents\Probit Software
2015-10-13 03:25 - 2015-10-13 09:41 - 00000000 ____D C:\Program Files (x86)\Probit Software
2015-10-13 03:25 - 2015-10-13 07:47 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Store
2015-10-13 03:25 - 2015-10-13 07:40 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\WTools
2015-10-13 03:25 - 2015-10-13 03:25 - 00000078 _____ C:\Users\Administrator.klowds\AppData\Roaming\WindApp.installation.log
2015-10-13 03:25 - 2015-10-13 03:25 - 00000078 _____ C:\Users\Administrator.klowds\AppData\Roaming\Selection Tools.installation.log
2015-10-13 03:24 - 2015-10-13 03:25 - 00005804 _____ C:\Users\Administrator.klowds\AppData\Roaming\Bubble Dock.installation.log
2015-10-13 03:24 - 2015-10-13 03:25 - 00001294 _____ C:\Users\Administrator.klowds\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-13 03:24 - 2015-10-13 03:24 - 00000097 _____ C:\Users\Administrator.klowds\AppData\Roaming\WindApp.boostrap.log
2015-10-13 03:19 - 2015-10-13 07:14 - 00000000 ____D C:\Program Files (x86)\S5
2015-10-13 03:19 - 2015-10-13 03:19 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\c
2015-10-13 03:15 - 2015-10-13 03:15 - 00672262 _____ C:\Users\Administrator.klowds\Downloads\EasyRecoveryEssentialsPro-Windows8-SyED.rar
2015-10-13 02:34 - 2015-10-13 06:29 - 00045056 _____ C:\Users\Administrator.klowds\Documents\EasyBCD Backup (2015-10-13).bcd
2015-10-13 02:34 - 2015-10-13 02:34 - 01618512 _____ C:\Users\Administrator.klowds\Downloads\EasyBCD 2.2.exe
2015-10-13 02:34 - 2015-10-13 02:34 - 00001286 _____ C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2015-10-13 02:34 - 2015-10-13 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2015-10-13 02:34 - 2015-10-13 02:34 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2015-10-13 02:31 - 2015-10-13 10:21 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\qBittorrent
2015-10-13 02:31 - 2015-10-13 02:31 - 00003249 _____ C:\Users\Administrator.klowds\Downloads\[kat.cr]easybcd.2.2.0.182.dual.boot.win8.7.mac.linux.etc.torrent
2015-10-13 00:42 - 2015-10-13 00:42 - 00077025 _____ C:\Users\Administrator.klowds\Downloads\windowsmigration_ENUS.diagcab
2015-10-13 00:21 - 2015-10-13 00:21 - 00000020 ___SH C:\Users\Administrator.klowds\ntuser.ini
2015-10-12 07:58 - 2015-10-12 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-12 07:58 - 2015-10-12 07:58 - 00000000 ____D C:\Program Files\CPUID
2015-10-12 02:48 - 2015-10-12 02:48 - 00000000 ____D C:\Users\razbo\.oracle_jre_usage
2015-10-12 02:22 - 2015-10-12 02:22 - 00000000 ____D C:\Users\razbo\Desktop\New folder (2)
2015-10-12 02:21 - 2015-10-12 02:21 - 00000440 _____ C:\Users\yeti\RoboFormDataHere.txt
2015-10-12 02:21 - 2015-10-12 02:21 - 00000014 _____ C:\Users\yeti\cache.rfo
2015-10-12 02:21 - 2015-10-12 02:21 - 00000000 ____D C:\Users\razbo\Desktop\New folder
2015-10-12 02:16 - 2015-10-12 02:16 - 00000272 _____ C:\Users\rocky\mru.rfo
2015-10-12 02:04 - 2015-10-12 02:04 - 00691896 _____ C:\Users\rocky\cache.rfo
2015-10-12 02:04 - 2015-10-12 02:04 - 00000440 _____ C:\Users\rocky\RoboFormDataHere.txt
2015-10-12 01:50 - 2015-10-13 11:53 - 00000000 ___RD C:\Users\razbo\OneDrive
2015-10-11 21:56 - 2015-10-11 21:56 - 08050514 _____ C:\Users\yeti\Downloads\TheMilkyWay.themepack
2015-10-11 21:55 - 2015-10-11 21:55 - 14780124 _____ C:\Users\yeti\Downloads\PanoramicBeaches.deskthemepack
2015-10-11 21:55 - 2015-10-11 21:55 - 11375555 _____ C:\Users\yeti\Downloads\JoshSommersBeaches.themepack
2015-10-11 21:49 - 2015-10-11 21:49 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Logitech
2015-10-11 20:57 - 2015-10-12 01:29 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\uTorrent
2015-10-11 19:14 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\vlc
2015-10-11 19:12 - 2015-10-12 05:15 - 00000000 ____D C:\Users\yeti\Desktop\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG
2015-10-11 18:55 - 2015-10-11 18:55 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\Dashlane
2015-10-11 18:54 - 2015-10-11 19:08 - 10902660 ____R C:\Users\yeti\Downloads\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG.rar
2015-10-11 18:53 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\uTorrent
2015-10-11 18:53 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Dashlane
2015-10-11 17:52 - 2015-10-12 05:15 - 00000000 ____D C:\Users\yeti\Documents\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG
2015-10-11 17:40 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\Desktop\Tweaking.com - Windows Repair
2015-10-11 17:39 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\Desktop\Camera Roll
2015-10-11 17:39 - 2015-10-11 17:39 - 00000000 ____D C:\Users\yeti\AppData\Roaming\WinRAR
2015-10-11 17:31 - 2015-10-11 17:24 - 01478939 _____ C:\Users\Public\Downloads\Tweaking+Com.ace
2015-10-11 17:31 - 2015-10-11 14:44 - 00002093 _____ C:\Users\Public\Downloads\[kat.cr]tweaking.companion.version.3.2.torrent
2015-10-11 17:31 - 2015-10-11 14:44 - 00002093 _____ C:\Users\Public\Downloads\[kat.cr]tweaking.companion.version.3.2 (1).torrent
2015-10-11 17:31 - 2015-10-11 13:50 - 00011496 _____ C:\Users\Public\Downloads\IDEAL Administration 2013 13.1.0 + Key ---[www.bts.to]--- .torrent
2015-10-11 17:31 - 2015-10-11 13:46 - 00000694 _____ C:\Users\Public\Downloads\j5GMc0fxhRtH0KBWZNGiN3zdoS59rvl5JvXubyv7z2Iw-MV3ApuMIgCnmD1DvMxSHu7BVAXW3x9PlJhSAs5wQQPKcQR-wT1PcsE0SXnAJaU9iHzqNz0ov2I3LLhiOham.htm
2015-10-11 17:31 - 2015-10-11 13:32 - 00014135 _____ C:\Users\Public\Downloads\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG.torrent
2015-10-11 17:31 - 2015-10-11 12:33 - 54164080 _____ C:\Users\Public\Downloads\IA_Us.zip
2015-10-11 17:31 - 2015-04-02 05:17 - 00005089 _____ C:\Users\Public\Downloads\RogueKiller_10.5.5.0_Portable~~.torrent
2015-10-11 17:31 - 2015-03-01 14:33 - 41736254 _____ C:\Users\Public\Downloads\Curb+Press+Kit.zip
2015-10-11 17:29 - 2015-10-11 21:00 - 00065536 _____ C:\WINDOWS\system32\edb.log
2015-10-11 17:29 - 2015-10-11 17:29 - 00065536 _____ C:\WINDOWS\system32\edbtmp.log
2015-10-11 17:24 - 2015-10-11 17:24 - 01478939 _____ C:\Users\Administrator.klowds\Downloads\Tweaking+Com.ace
2015-10-11 16:56 - 2015-10-11 16:56 - 00000000 ____D C:\Users\Administrator.klowds\Desktop\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG
2015-10-11 16:01 - 2015-10-11 16:01 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\PeerDistRepub
2015-10-11 14:44 - 2015-10-11 14:44 - 00002093 _____ C:\Users\Administrator.klowds\Downloads\[kat.cr]tweaking.companion.version.3.2.torrent
2015-10-11 14:44 - 2015-10-11 14:44 - 00002093 _____ C:\Users\Administrator.klowds\Downloads\[kat.cr]tweaking.companion.version.3.2 (1).torrent
2015-10-11 14:18 - 2015-10-11 14:18 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Lenovo
2015-10-11 14:03 - 2015-10-13 01:05 - 00000000 ____D C:\Users\Administrator.klowds\AppData\LocalLow\Adobe
2015-10-11 14:03 - 2015-10-11 14:03 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CEF
2015-10-11 13:50 - 2015-10-11 13:50 - 00011496 _____ C:\Users\Administrator.klowds\Downloads\IDEAL Administration 2013 13.1.0 + Key ---[www.bts.to]--- .torrent
2015-10-11 13:46 - 2015-10-11 13:46 - 00000694 _____ C:\Users\Administrator.klowds\Downloads\j5GMc0fxhRtH0KBWZNGiN3zdoS59rvl5JvXubyv7z2Iw-MV3ApuMIgCnmD1DvMxSHu7BVAXW3x9PlJhSAs5wQQPKcQR-wT1PcsE0SXnAJaU9iHzqNz0ov2I3LLhiOham.htm
2015-10-11 13:37 - 2015-06-05 04:36 - 00000000 ____D C:\Users\Administrator.klowds\Documents\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG
2015-10-11 13:32 - 2015-10-11 13:32 - 00014135 _____ C:\Users\Administrator.klowds\Downloads\Tweaking.Windows.Repair.v3.2.1.Pro.Installer-Portable.Eng-BG.torrent
2015-10-11 12:36 - 2015-10-11 12:36 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Pointdev
2015-10-11 12:34 - 2015-10-12 05:25 - 00000000 ____D C:\Program Files (x86)\Pointdev
2015-10-11 12:32 - 2015-10-11 12:33 - 54164080 _____ C:\Users\Administrator.klowds\Downloads\IA_Us.zip
2015-10-11 11:48 - 2015-10-13 06:40 - 00000000 ___RD C:\Users\Administrator.klowds\OneDrive
2015-10-11 11:46 - 2015-10-11 11:46 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Publishers
2015-10-11 11:44 - 2015-10-11 11:46 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Comms
2015-10-11 11:44 - 2015-10-11 11:44 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\TileDataLayer
2015-10-11 00:21 - 2015-10-11 00:21 - 00000260 _____ C:\Users\yeti\Downloads\debug.log
2015-10-10 19:13 - 2015-10-12 01:30 - 00000000 ____D C:\Users\yeti\AppData\Local\CrashDumps
2015-10-10 12:50 - 2015-10-10 12:50 - 00085470 _____ C:\Users\yeti\Downloads\user_accesslog.zip
2015-10-09 19:32 - 2015-10-10 11:05 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Kodi
2015-10-09 07:26 - 2015-10-09 08:17 - 00000000 ____D C:\Users\yeti\AppData\Local\Battle.net
2015-10-09 07:26 - 2015-10-09 07:26 - 00000000 ____D C:\Users\yeti\AppData\Roaming\AMD
2015-10-09 07:26 - 2015-10-09 07:26 - 00000000 ____D C:\Users\yeti\AppData\Local\Blizzard Entertainment
2015-10-09 06:16 - 2015-10-11 21:35 - 00000000 ____D C:\Users\yeti\Documents\Outlook Files
2015-10-09 06:16 - 2015-10-09 06:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-09 05:46 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Local\sabnzbd
2015-10-09 05:45 - 2015-10-12 10:01 - 00000000 ____D C:\Program Files (x86)\SABnzbd
2015-10-09 05:45 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2015-10-09 05:35 - 2015-10-12 10:01 - 00000000 ____D C:\Program Files (x86)\Mimo
2015-10-09 05:35 - 2015-10-09 19:27 - 00000000 ____D C:\Users\yeti\Downloads\Mimo
2015-10-09 05:35 - 2015-10-09 07:08 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Mimo
2015-10-09 05:15 - 2015-10-09 05:15 - 01049551 _____ C:\Users\yeti\Downloads\frost-10-Dec-2003.jar
2015-10-09 05:14 - 2015-10-09 05:14 - 00046908 _____ C:\Users\yeti\Downloads\download.htm
2015-10-09 04:58 - 2015-10-09 04:58 - 15879278 _____ C:\Users\yeti\Downloads\CandyGirls previews.rar
2015-10-09 03:50 - 2015-10-12 10:01 - 00000000 ____D C:\Program Files (x86)\pidgin-otr
2015-10-09 03:43 - 2015-10-10 14:22 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\Adobe
2015-10-09 03:43 - 2015-10-09 03:43 - 00000000 ____D C:\Users\yeti\AppData\Roaming\PDAppFlex
2015-10-09 03:43 - 2015-10-09 03:43 - 00000000 ____D C:\Users\yeti\AppData\Local\CEF
2015-10-08 19:29 - 2015-10-12 09:58 - 00000000 ____D C:\Users\yeti\AppData\Local\Freenet
2015-10-08 16:03 - 2015-10-08 16:03 - 00000000 ____D C:\Users\yeti\AppData\Roaming\.silc
2015-10-08 15:46 - 2015-10-12 09:58 - 00000000 ____D C:\Users\yeti\.jIRC
2015-10-08 15:46 - 2015-10-08 15:46 - 01057967 _____ C:\Users\yeti\Downloads\jerk072011.zip
2015-10-08 15:42 - 2015-10-08 15:42 - 00319207 _____ C:\Users\yeti\Downloads\jIRCii.zip
2015-10-08 15:39 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\I2P
2015-10-08 15:15 - 2015-10-12 10:01 - 00000000 ____D C:\Program Files (x86)\i2p
2015-10-08 15:15 - 2015-10-12 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P
2015-10-08 15:15 - 2015-10-12 10:00 - 00000000 ____D C:\ProgramData\i2p
2015-10-08 15:15 - 2015-10-08 15:15 - 00000000 ____D C:\My RoboForm Data
2015-10-08 15:00 - 2015-10-12 05:15 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\Sun
2015-10-08 15:00 - 2015-10-08 15:00 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Sun
2015-10-08 15:00 - 2015-10-08 15:00 - 00000000 ____D C:\Users\yeti\.oracle_jre_usage
2015-10-08 14:16 - 2015-10-09 07:23 - 00000000 ____D C:\Users\yeti\AppData\Roaming\.purple
2015-10-08 14:15 - 2015-10-12 10:01 - 00000000 ____D C:\Program Files (x86)\Pidgin
2015-10-08 13:58 - 2015-10-08 13:58 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\Temp
2015-10-08 13:04 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\tor
2015-10-08 12:52 - 2015-10-12 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-10-08 12:20 - 2015-10-12 09:57 - 00000000 ____D C:\Users\yeti\AppData\Roaming\mIRC
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-06 08:46 - 2015-10-06 08:46 - 00000000 ____D C:\Users\razbo\AppData\Local\Publishers
2015-10-06 08:45 - 2015-10-06 08:47 - 00000000 ____D C:\Users\razbo\AppData\Local\Comms
2015-10-06 08:44 - 2015-10-06 08:44 - 00000000 ____D C:\Users\razbo\AppData\Local\TileDataLayer
2015-09-22 14:41 - 2015-09-22 14:41 - 00057720 _____ (SS) C:\WINDOWS\system32\Drivers\swsedrvr_vw_1_10_0_25.sys
2015-09-20 03:34 - 2015-09-20 03:34 - 00000048 _____ C:\Users\yeti\Desktop\Google (2).url
2015-09-19 02:00 - 2015-09-19 02:00 - 00000000 ____D C:\Users\yeti\AppData\Roaming\RoboForm
2015-09-18 22:52 - 2015-10-12 16:18 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-09-18 22:52 - 2015-09-18 22:52 - 00001848 _____ C:\Users\yeti\Desktop\ICQ.lnk
2015-09-18 22:52 - 2015-09-18 22:52 - 00001706 _____ C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-09-18 22:51 - 2015-10-12 16:18 - 00000000 ____D C:\Users\yeti\AppData\Roaming\ICQM
2015-09-18 22:51 - 2015-09-18 22:51 - 00001050 _____ C:\Users\yeti\Desktop\rocky - Shortcut.lnk
2015-09-18 22:48 - 2015-09-18 23:12 - 00000000 ____D C:\Users\yeti\AppData\Roaming\ICQ-Profile
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\Users\yeti\voip
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\translation
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\sounds
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\smiles
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\skin_cache
2015-09-18 22:48 - 2015-09-18 22:48 - 00000000 ____D C:\skin
2015-09-18 21:16 - 2015-09-18 21:16 - 00000000 ____D C:\Users\yeti\AppData\Local\Macromedia
2015-09-17 09:30 - 2015-10-13 18:35 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 09:30 - 2015-10-13 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-17 09:30 - 2015-10-13 12:06 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 09:30 - 2015-09-17 09:30 - 00929872 _____ (Google Inc.) C:\Users\yeti\Downloads\ChromeSetup.exe
2015-09-17 09:30 - 2015-09-17 09:30 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 09:30 - 2015-09-17 09:30 - 00003734 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 09:11 - 2015-09-17 09:11 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Macromedia
2015-09-14 22:27 - 2015-10-12 16:17 - 00000000 ____D C:\Users\yeti\AppData\Local\WinZip
2015-09-14 21:59 - 2015-10-12 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-09-14 21:58 - 2015-10-13 09:23 - 00000000 ____D C:\Users\yeti\AppData\Roaming\qBittorrent
2015-09-14 21:58 - 2015-09-14 21:58 - 11977503 _____ (The qBittorrent project) C:\Users\yeti\Downloads\qbittorrent_3.2.3_setup.exe
2015-09-14 21:58 - 2015-09-14 21:58 - 00000000 ____D C:\Users\yeti\AppData\Local\qBittorrent
2015-09-14 21:42 - 2015-10-11 05:10 - 00000000 ____D C:\Users\yeti\AppData\Local\Comms
2015-09-14 19:17 - 2015-10-12 14:58 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Mozilla
2015-09-14 19:17 - 2015-10-12 14:55 - 00000000 ____D C:\Users\yeti\AppData\Local\Mozilla
2015-09-14 18:56 - 2015-09-17 09:10 - 00000290 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_yeti.job
2015-09-14 18:56 - 2015-09-17 09:09 - 00002472 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_yeti
2015-09-14 16:56 - 2015-10-12 16:18 - 00000000 ____D C:\Users\yeti\AppData\Roaming\ProductData
2015-09-14 16:55 - 2015-10-13 11:42 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-14 14:46 - 2015-09-14 14:46 - 00000000 ____D C:\Users\yeti\AppData\Local\Lenovo
2015-09-14 11:49 - 2015-09-14 11:49 - 00000000 ____D C:\Users\yeti\AppData\Local\PeerDistRepub
2015-09-14 09:56 - 2015-09-14 09:58 - 00000000 ____D C:\Users\yeti\AppData\Roaming\asoftech
2015-09-14 08:21 - 2015-10-04 10:27 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{743D9F7C-B2E3-4FE0-9FB2-472689916C70}
2015-09-14 08:17 - 2015-09-14 08:17 - 00000048 _____ C:\Users\yeti\Desktop\Google.url
2015-09-14 08:11 - 2015-09-14 08:20 - 00000000 ____D C:\Users\yeti\AppData\Local\MicrosoftEdge
2015-09-14 07:59 - 2015-10-09 12:53 - 00000000 ____D C:\Users\yeti\Documents\My RoboForm Data
2015-09-14 07:59 - 2015-09-14 07:59 - 00000000 ____D C:\Users\yeti\AppData\LocalLow\Siber Systems
2015-09-14 07:46 - 2015-09-14 16:57 - 00002335 _____ C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 07:46 - 2015-09-14 16:57 - 00000000 ___RD C:\Users\yeti\OneDrive
2015-09-14 07:45 - 2015-10-09 03:43 - 00000000 ____D C:\Users\yeti\AppData\Local\Adobe
2015-09-14 07:45 - 2015-09-14 07:45 - 00000000 ____D C:\Users\yeti\AppData\Local\AMD
2015-09-14 07:44 - 2015-09-14 07:44 - 00000000 ____D C:\Users\yeti\AppData\Local\Publishers
2015-09-14 07:43 - 2015-10-13 12:03 - 00000000 ____D C:\Users\yeti\AppData\Roaming\IObit
2015-09-14 07:43 - 2015-10-12 17:04 - 00000000 ____D C:\Users\yeti
2015-09-14 07:43 - 2015-10-12 16:18 - 00000000 __RSD C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 07:43 - 2015-10-12 16:18 - 00000000 ___RD C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 07:43 - 2015-10-12 16:18 - 00000000 ___RD C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 07:43 - 2015-10-12 16:18 - 00000000 ___RD C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 07:43 - 2015-10-12 16:18 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 07:43 - 2015-10-12 14:58 - 00000000 ____D C:\Users\yeti\AppData\Local\Packages
2015-09-14 07:43 - 2015-10-12 14:53 - 00000000 ____D C:\Users\yeti\AppData\Local\Google
2015-09-14 07:43 - 2015-10-12 05:15 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Adobe
2015-09-14 07:43 - 2015-10-09 06:14 - 00000000 ____D C:\Users\yeti\AppData\Local\VirtualStore
2015-09-14 07:43 - 2015-09-14 07:43 - 00000020 ___SH C:\Users\yeti\ntuser.ini
2015-09-14 07:43 - 2015-09-14 07:43 - 00000000 ____D C:\Users\yeti\AppData\Roaming\Highresolution Enterprises
2015-09-14 07:43 - 2015-09-14 07:43 - 00000000 ____D C:\Users\yeti\AppData\Local\TileDataLayer
2015-09-14 07:43 - 2015-09-12 19:31 - 00000000 ____D C:\Users\yeti\AppData\Roaming\ATI
2015-09-14 07:43 - 2015-09-12 19:31 - 00000000 ____D C:\Users\yeti\AppData\Local\ATI
2015-09-14 06:13 - 2015-09-14 06:13 - 00053108 _____ C:\Users\rocky\Downloads\ICQ with video calls, free messages and low-cost phone calls.html
2015-09-14 05:56 - 2015-09-14 05:57 - 37258248 _____ (ICQ) C:\Users\rocky\Downloads\icq_rfrset (1).exe
2015-09-14 03:34 - 2015-09-14 03:34 - 00000000 ____D C:\Users\rocky\New folder
2015-09-13 17:13 - 2015-10-12 16:17 - 00000000 ____D C:\Users\rocky\Documents\AutomaticSolution Software
2015-09-13 15:54 - 2015-01-26 09:23 - 00037376 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys
2015-09-13 15:54 - 2015-01-26 09:22 - 00030720 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys
2015-09-13 15:54 - 2015-01-21 13:55 - 00020992 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandnetbus64.sys
2015-09-13 14:31 - 2015-09-13 14:31 - 00000000 ____D C:\Users\rocky\.android
2015-09-13 13:45 - 2015-09-13 13:46 - 04426120 _____ (Piriform Ltd) C:\Users\rocky\Downloads\rcsetup152.exe
2015-09-13 11:33 - 2015-09-14 03:52 - 00000000 _____ C:\Users\rocky\AppData\LocalLow\rightsCheck_1.txt
2015-09-13 11:33 - 2015-09-13 11:33 - 00001830 _____ C:\Users\rocky\Desktop\Dashlane.lnk
2015-09-13 11:33 - 2015-09-13 11:33 - 00000000 ____D C:\Users\rocky\AppData\LocalLow\Dashlane
2015-09-13 11:31 - 2015-10-12 16:17 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2015-09-13 11:31 - 2015-10-12 16:17 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Dashlane
2015-09-13 11:31 - 2015-10-12 16:14 - 00000000 ____D C:\Program Files (x86)\Dashlane
2015-09-13 10:44 - 2015-09-13 10:44 - 00013494 _____ C:\Users\rocky\Downloads\B6317B84AC2E883EDD26AB2B28A61860C8065DBB.torrent
2015-09-13 10:44 - 2015-09-13 10:44 - 00013494 _____ C:\Users\rocky\Downloads\[kat.cr]hitman.pro.v3.7.9.build.242.patch.torrent
2015-09-13 10:44 - 2015-09-13 10:44 - 00003079 _____ C:\Users\rocky\Downloads\B6317B84AC2E883EDD26AB2B28A61860C8065DBB.htm
2015-09-13 10:37 - 2015-10-13 10:53 - 00002614 __RSH C:\ProgramData\ntuser.pol
2015-09-13 10:09 - 2015-09-13 10:09 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\rocky\Downloads\tdsskiller.exe
2015-09-13 10:07 - 2015-10-13 03:28 - 11336600 _____ (SurfRight B.V.) C:\Users\rocky\Downloads\HitmanPro_x64.exe
2015-09-13 10:07 - 2015-09-13 10:21 - 01660416 _____ C:\Users\rocky\Downloads\AdwCleaner.exe
2015-09-13 10:07 - 2015-09-13 10:07 - 05635119 _____ (Swearware) C:\Users\rocky\Downloads\ComboFix.exe
2015-09-13 09:54 - 2015-09-13 09:54 - 02398082 _____ (Asoftech ) C:\Users\rocky\Downloads\auto-typer.exe
2015-09-13 09:51 - 2015-10-12 16:17 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2015-09-13 09:35 - 2015-09-13 09:35 - 00015221 _____ C:\Users\rocky\Downloads\Runescape_auto_type_auto_clicker_x-demonoid.pw-x.TORRENT
2015-09-13 09:31 - 2015-09-13 09:31 - 00000750 _____ C:\Users\rocky\Downloads\[kat.cr]jaghax.auto.typer.torrent
2015-09-13 05:51 - 2015-09-13 05:51 - 00000000 _____ C:\Users\rocky\Desktop\New Text Document (3).txt
2015-09-13 04:22 - 2015-10-13 03:57 - 00000000 ____D C:\Users\rocky\AppData\Local\16361
2015-09-13 04:14 - 2015-09-13 11:31 - 00513832 _____ (Dashlane inc.) C:\Users\rocky\Downloads\Dashlane_Launcher_biexplorer-1441010438.exe
2015-09-13 04:12 - 2015-09-13 04:12 - 00002499 _____ C:\Users\rocky\Desktop\DownloadManager.lnk
2015-09-13 04:08 - 2015-09-13 04:09 - 00002432 _____ C:\Users\rocky\Desktop\Wikipedia.lnk
2015-09-13 04:08 - 2015-09-13 04:09 - 00002416 _____ C:\Users\rocky\Desktop\Amazon.lnk
2015-09-13 03:58 - 2015-09-13 03:58 - 00000000 ____D C:\Users\rocky\AppData\Roaming\WinRAR
2015-09-13 00:33 - 2015-09-13 00:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-13 18:50 - 2015-03-19 19:30 - 00000000 ____D C:\FRST
2015-10-13 18:17 - 2015-08-07 13:06 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job
2015-10-13 17:54 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-13 17:42 - 2015-05-12 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 17:24 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-13 16:17 - 2015-08-07 13:06 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job
2015-10-13 16:07 - 2015-08-17 12:59 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CrashDumps
2015-10-13 15:56 - 2015-04-24 16:08 - 00000000 ____D C:\Users\razbo\Documents\My RoboForm Data
2015-10-13 15:56 - 2015-01-19 03:01 - 00003658 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-10-13 14:47 - 2015-03-07 18:07 - 00002526 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-10-13 14:47 - 2015-03-07 18:07 - 00000308 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2015-10-13 14:12 - 2015-04-21 20:52 - 00036608 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-13 14:05 - 2015-05-18 20:59 - 01319424 _____ (niemiro) C:\Users\razbo\Downloads\SFCFix (1).exe
2015-10-13 13:18 - 2015-02-23 17:18 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{610EEEAD-1C83-4A4C-890F-CB3D4E769BD7}
2015-10-13 12:20 - 2015-02-18 07:59 - 00144031 _____ C:\Users\Administrator.klowds\Desktop\Console1.msc
2015-10-13 12:15 - 2015-01-19 04:00 - 00000000 ____D C:\ProgramData\Oracle
2015-10-13 12:13 - 2015-09-12 19:22 - 00000000 ____D C:\Users\Administrator.klowds
2015-10-13 12:05 - 2015-05-03 13:18 - 00003974 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 12:04 - 2015-01-20 16:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-13 12:03 - 2015-02-01 12:14 - 00000000 ____D C:\Program Files (x86)\IObit
2015-10-13 12:02 - 2015-03-23 08:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-10-13 12:02 - 2015-01-19 04:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-13 12:01 - 2015-08-19 12:18 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-13 12:01 - 2015-01-19 04:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-13 11:59 - 2015-07-10 14:38 - 00000000 ____D C:\Program Files\Java
2015-10-13 11:58 - 2015-09-12 19:42 - 00876876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-13 11:58 - 2015-02-18 21:58 - 00004536 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-13 11:55 - 2015-04-24 16:27 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B85C4460-8786-4063-BD5B-4B2FEF2BACE5}
2015-10-13 11:54 - 2015-09-12 21:08 - 02297104 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
2015-10-13 11:54 - 2015-09-12 21:08 - 00227144 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
2015-10-13 11:54 - 2015-09-12 21:08 - 00112896 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwdi.dll
2015-10-13 11:53 - 2015-04-30 07:31 - 00000000 ____D C:\Users\razbo\AppData\LocalLow\IObit
2015-10-13 11:50 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-13 11:48 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-13 11:46 - 2015-09-12 19:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-10-13 11:45 - 2015-04-24 15:44 - 00000000 ____D C:\Users\razbo\AppData\Local\Packages
2015-10-13 11:44 - 2015-09-12 19:22 - 00000000 ___RD C:\Users\razbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-13 11:42 - 2015-01-20 16:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-13 11:11 - 2015-02-18 07:48 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\IObit
2015-10-13 11:10 - 2015-07-13 01:01 - 00000000 ____D C:\Users\rocky\AppData\Roaming\IObit
2015-10-13 11:09 - 2015-02-01 12:14 - 00000000 ____D C:\ProgramData\ProductData
2015-10-13 11:09 - 2015-02-01 12:14 - 00000000 ____D C:\ProgramData\IObit
2015-10-13 11:07 - 2015-04-24 15:48 - 00000000 ____D C:\Users\razbo\AppData\Roaming\IObit
2015-10-13 11:01 - 2015-05-17 21:31 - 00002478 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_razbo
2015-10-13 11:01 - 2015-04-24 16:22 - 00000292 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_razbo.job
2015-10-13 10:46 - 2015-09-12 19:22 - 00000000 ____D C:\Users\razbo
2015-10-13 10:00 - 2015-09-12 20:12 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-13 09:52 - 2015-05-14 08:54 - 00001222 _____ C:\WINDOWS\system32\.crusader
2015-10-13 08:07 - 2015-07-10 02:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-13 07:53 - 2015-03-07 18:07 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\ProductData
2015-10-13 07:30 - 2015-06-15 01:32 - 00000000 ____D C:\Users\razbo\Downloads\EASEUS Partition Master 10 Professional + Technican Edition Incl Key - SceneDL
2015-10-13 07:30 - 2015-02-07 09:51 - 00000000 ____D C:\Users\klowwds\Downloads\GOM Video Converter 1.1.1.69
2015-10-13 06:47 - 2015-03-23 04:08 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-13 06:26 - 2015-02-08 16:05 - 00000000 ____D C:\WINDOWS\pss
2015-10-13 05:43 - 2015-06-14 22:18 - 00000000 ___HD C:\$SysReset
2015-10-13 04:12 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-13 03:57 - 2013-08-22 06:25 - 00000252 _____ C:\WINDOWS\win.ini
2015-10-13 03:46 - 2015-07-13 14:54 - 00001848 _____ C:\Users\rocky\Desktop\chrome.exe - Shortcut.lnk
2015-10-13 03:17 - 2015-01-28 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-13 01:05 - 2015-02-18 07:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Adobe
2015-10-13 00:23 - 2015-02-18 07:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Packages
2015-10-12 16:33 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-12 16:32 - 2015-08-19 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-10-12 16:32 - 2015-07-13 10:49 - 00000000 ____D C:\Users\rocky\AppData\Roaming\qBittorrent
2015-10-12 16:32 - 2015-06-15 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2015-10-12 16:32 - 2015-06-15 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional
2015-10-12 16:32 - 2015-05-28 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webcamXP 5
2015-10-12 16:32 - 2015-05-11 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-10-12 16:32 - 2015-03-20 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-12 16:32 - 2015-01-19 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-12 16:26 - 2015-09-12 19:22 - 00000000 ____D C:\Users\rocky
2015-10-12 16:26 - 2015-09-12 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Typer Asoftech
2015-10-12 16:26 - 2015-07-22 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6
2015-10-12 16:26 - 2015-07-13 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCProxy
2015-10-12 16:26 - 2015-07-10 06:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-12 16:26 - 2015-07-10 06:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 __RSD C:\WINDOWS\Media
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\System
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-12 16:26 - 2015-07-10 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-12 16:26 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-12 16:26 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-12 16:26 - 2015-05-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
2015-10-12 16:26 - 2015-04-25 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBlyzer
2015-10-12 16:26 - 2015-03-03 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money Plus
2015-10-12 16:26 - 2015-02-27 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-10-12 16:26 - 2015-02-09 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-12 16:26 - 2015-02-01 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-12 16:26 - 2015-01-28 07:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Message Analyzer
2015-10-12 16:26 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-12 16:25 - 2015-07-10 06:14 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\IME
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\addins
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-12 16:25 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-12 16:25 - 2015-07-10 02:07 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-12 16:25 - 2015-07-10 02:07 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-12 16:25 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-12 16:25 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-12 16:25 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-12 16:25 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\servicing
2015-10-12 16:25 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-10-12 16:19 - 2015-07-10 06:12 - 00000000 ____D C:\WINDOWS\SKB
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-12 16:19 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-12 16:19 - 2015-07-10 04:06 - 00000000 ____D C:\WINDOWS\Setup
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-12 16:19 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Speech
2015-10-12 16:19 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-12 16:19 - 2015-06-12 19:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-10-12 16:19 - 2015-02-26 18:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2015-10-12 16:19 - 2015-02-26 18:22 - 00000000 ____D C:\WINDOWS\SysWOW64\Drivers\MFDLL
2015-10-12 16:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-10-12 16:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-10-12 16:18 - 2015-07-10 06:12 - 00000000 ____D C:\WINDOWS\OCR
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\security
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\schemas
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Resources
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\PLA
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Help
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-12 16:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Branding
2015-10-12 16:18 - 2015-04-28 05:38 - 00000000 ____D C:\win7
2015-10-12 16:18 - 2015-01-19 02:26 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-10-12 16:17 - 2015-08-19 15:33 - 00000000 ___RD C:\Users\rocky\Creative Cloud Files
2015-10-12 16:17 - 2015-08-19 10:51 - 00000000 ____D C:\Users\rocky\AppData\Roaming\MediaMonkey
2015-10-12 16:17 - 2015-08-18 23:33 - 00000000 ___HD C:\Users\rocky\AppData\Roaming\.ACEStream
2015-10-12 16:17 - 2015-08-18 08:49 - 00000000 ____D C:\Users\rocky\AppData\Roaming\PowerISO
2015-10-12 16:17 - 2015-08-17 05:17 - 00000000 ____D C:\Users\rocky\Desktop\(1298 unread) - bradeyoung - Yahoo Mail_files
2015-10-12 16:17 - 2015-08-16 19:48 - 00000000 ____D C:\Users\rocky\AppData\Roaming\TeraCopy
2015-10-12 16:17 - 2015-08-08 04:53 - 00000000 ____D C:\Users\rocky\AppData\Roaming\ICQM
2015-10-12 16:17 - 2015-08-07 13:55 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Battle.net
2015-10-12 16:17 - 2015-07-15 05:19 - 00000000 ____D C:\Users\rocky\AppData\Roaming\vlc
2015-10-12 16:17 - 2015-07-13 19:09 - 00000000 ____D C:\Users\rocky\Desktop\Tor Browser
2015-10-12 16:17 - 2015-07-13 19:03 - 00000000 ____D C:\Users\rocky\AppData\Roaming\tor
2015-10-12 16:17 - 2015-07-13 15:22 - 00000000 ____D C:\Users\rocky\AppData\Local\WinZip
2015-10-12 16:17 - 2015-07-13 06:53 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Ghostbuster
2015-10-12 16:17 - 2015-07-13 05:50 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Mozilla
2015-10-12 16:17 - 2015-07-13 04:43 - 00000000 ____D C:\Users\rocky\AppData\Roaming\ProductData
2015-10-12 16:17 - 2014-01-25 12:36 - 00000000 ____D C:\Users\rocky\Documents\unlimited_socks_software_api
2015-10-12 16:17 - 2010-06-15 04:44 - 00000000 ____D C:\Users\rocky\Documents\metadata-extractor
2015-10-12 16:16 - 2015-05-16 05:42 - 00000000 ____D C:\Users\razbo\AppData\Roaming\.ACEStream
2015-10-12 16:16 - 2015-04-24 16:22 - 00000000 ____D C:\Users\razbo\AppData\Roaming\ProductData
2015-10-12 16:15 - 2015-09-12 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-12 16:15 - 2015-09-11 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-10-12 16:15 - 2015-09-09 00:02 - 00000000 ____D C:\ProgramData\Unified Remote
2015-10-12 16:15 - 2015-09-09 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2015-10-12 16:15 - 2015-08-17 13:11 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\WinZip
2015-10-12 16:15 - 2015-08-16 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-10-12 16:15 - 2015-08-09 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2015-10-12 16:15 - 2015-07-14 18:06 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Hotspot Shield
2015-10-12 16:15 - 2015-07-11 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-12 16:15 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Windows NT
2015-10-12 16:15 - 2015-06-26 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG One Click Root
2015-10-12 16:15 - 2015-06-15 04:46 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Ghostbuster
2015-10-12 16:15 - 2015-06-15 00:29 - 00000000 ____D C:\ProgramData\Licenses
2015-10-12 16:15 - 2015-05-26 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLS Reader
2015-10-12 16:15 - 2015-05-26 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker
2015-10-12 16:15 - 2015-05-18 02:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-10-12 16:15 - 2015-05-13 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBP - Facebook Blaster Pro
2015-10-12 16:15 - 2015-05-13 07:50 - 00000000 ____D C:\Program Files\WinPcap
2015-10-12 16:15 - 2015-05-11 22:23 - 00000000 ___RD C:\Sandbox
2015-10-12 16:15 - 2015-05-11 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-10-12 16:15 - 2015-04-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2015-10-12 16:15 - 2015-04-27 14:17 - 00000000 ____D C:\ProgramData\LGMOBILEAX
2015-10-12 16:15 - 2015-04-24 21:51 - 00000000 ____D C:\ProgramData\Skype
2015-10-12 16:15 - 2015-04-24 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-12 16:15 - 2015-04-19 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-10-12 16:15 - 2015-04-02 04:52 - 00000000 ____D C:\Python27
2015-10-12 16:15 - 2015-04-02 04:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-12 16:15 - 2015-04-01 16:47 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-12 16:15 - 2015-03-18 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGFlashTool
2015-10-12 16:15 - 2015-03-17 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Setup Tool
2015-10-12 16:15 - 2015-03-10 00:00 - 00000000 ____D C:\ProgramData\Apple
2015-10-12 16:15 - 2015-03-08 14:41 - 00000000 ___HD C:\Users\klowwds\AppData\Roaming\.ACEStream
2015-10-12 16:15 - 2015-03-06 13:55 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-10-12 16:15 - 2015-03-06 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-12 16:15 - 2015-03-06 13:29 - 00000000 ____D C:\ProgramData\HP
2015-10-12 16:15 - 2015-03-04 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-10-12 16:15 - 2015-02-26 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-12 16:15 - 2015-02-26 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-10-12 16:15 - 2015-02-18 19:38 - 00000000 ____D C:\Users\klowwds\AppData\Local\Microsoft Help
2015-10-12 16:15 - 2015-02-18 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-12 16:15 - 2015-02-16 21:14 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-10-12 16:15 - 2015-02-16 21:14 - 00000000 ____D C:\ProgramData\CyberLink
2015-10-12 16:15 - 2015-02-15 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-10-12 16:15 - 2015-02-08 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-10-12 16:15 - 2015-02-06 09:22 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-12 16:15 - 2015-01-30 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Deployment Toolkit
2015-10-12 16:15 - 2015-01-30 00:51 - 00000000 ____D C:\ProgramData\Real
2015-10-12 16:15 - 2015-01-30 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
2015-10-12 16:15 - 2015-01-29 22:50 - 00000000 ____D C:\ProgramData\Cok Free Auto Typer
2015-10-12 16:15 - 2015-01-28 10:12 - 00000000 ____D C:\Program Files\WinRAR
2015-10-12 16:15 - 2015-01-28 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-10-12 16:15 - 2015-01-19 02:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-10-12 16:15 - 2015-01-19 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-10-12 16:14 - 2015-09-12 19:58 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-12 16:14 - 2015-09-12 19:58 - 00000000 ____D C:\Program Files\MSBuild
2015-10-12 16:14 - 2015-09-12 19:58 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-12 16:14 - 2015-09-12 19:17 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-10-12 16:14 - 2015-09-12 19:17 - 00000000 ____D C:\Program Files\AMD
2015-10-12 16:14 - 2015-09-09 21:38 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-10-12 16:14 - 2015-09-09 00:02 - 00000000 ____D C:\Program Files (x86)\Unified Remote 3
2015-10-12 16:14 - 2015-08-19 10:51 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2015-10-12 16:14 - 2015-08-16 19:28 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-12 16:14 - 2015-08-07 16:27 - 00000000 ____D C:\Program Files\Bitcoin
2015-10-12 16:14 - 2015-08-07 14:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2015-10-12 16:14 - 2015-07-13 15:33 - 00000000 ____D C:\CCProxy
2015-10-12 16:14 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-12 16:14 - 2015-07-10 04:04 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-12 16:14 - 2015-06-12 19:19 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-12 16:14 - 2015-05-28 20:45 - 00000000 ____D C:\Program Files (x86)\webcamXP5
2015-10-12 16:14 - 2015-05-26 18:48 - 00000000 ____D C:\Program Files (x86)\XLS Reader
2015-10-12 16:14 - 2015-05-26 16:14 - 00000000 ____D C:\Program Files (x86)\GSAutoClicker3
2015-10-12 16:14 - 2015-05-18 02:23 - 00000000 ____D C:\Program Files (x86)\Auslogics
2015-10-12 16:14 - 2015-05-17 21:26 - 00000000 ____D C:\Program Files (x86)\MetaX
2015-10-12 16:14 - 2015-05-13 19:45 - 00000000 ____D C:\Program Files (x86)\FBP - Facebook Blaster Pro
2015-10-12 16:14 - 2015-05-13 13:30 - 00000000 ____D C:\Program Files\TeraCopy
2015-10-12 16:14 - 2015-05-13 12:02 - 00000000 ____D C:\Ember Media Manager BETA
2015-10-12 16:14 - 2015-05-11 22:22 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-12 16:14 - 2015-05-11 22:17 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2015-10-12 16:14 - 2015-05-11 21:50 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-10-12 16:14 - 2015-04-25 00:19 - 00000000 ____D C:\Program Files (x86)\USBlyzer
2015-10-12 16:14 - 2015-04-24 21:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-12 16:14 - 2015-04-21 20:29 - 00000000 ____D C:\Program Files (x86)\eb864baf-7e4e-484f-97d0-3db5fe1d14fe
2015-10-12 16:14 - 2015-04-21 14:47 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-10-12 16:14 - 2015-04-19 17:15 - 00000000 ____D C:\Program Files (x86)\WinZip
2015-10-12 16:14 - 2015-03-23 04:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-12 16:14 - 2015-03-21 20:58 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-12 16:14 - 2015-03-21 05:17 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-10-12 16:14 - 2015-03-19 19:26 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-10-12 16:14 - 2015-03-19 16:48 - 00000000 ____D C:\Program Files (x86)\LinkMonitor
2015-10-12 16:14 - 2015-03-18 11:02 - 00000000 ____D C:\LG
2015-10-12 16:14 - 2015-03-17 23:36 - 00000000 ____D C:\Program Files (x86)\Starfield
2015-10-12 16:14 - 2015-03-10 00:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-12 16:14 - 2015-03-10 00:00 - 00000000 ____D C:\Program Files\Bonjour
2015-10-12 16:14 - 2015-03-10 00:00 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-12 16:14 - 2015-03-04 01:26 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-12 16:14 - 2015-03-03 14:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Money Plus
2015-10-12 16:14 - 2015-02-28 01:23 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2015-10-12 16:14 - 2015-02-27 19:13 - 00000000 ____D C:\Program Files\Recuva
2015-10-12 16:14 - 2015-02-26 18:22 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-12 16:14 - 2015-02-26 03:17 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-12 16:14 - 2015-02-25 23:54 - 00000000 ____D C:\Program Files (x86)\VROOT
2015-10-12 16:14 - 2015-02-18 00:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-12 16:14 - 2015-02-18 00:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-12 16:14 - 2015-02-15 19:08 - 00000000 ____D C:\Program Files\7-Zip
2015-10-12 16:14 - 2015-02-09 09:30 - 00000000 ____D C:\Program Files\PowerISO
2015-10-12 16:14 - 2015-02-09 08:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-10-12 16:14 - 2015-02-08 09:54 - 00000000 ____D C:\Program Files\Defraggler
2015-10-12 16:14 - 2015-02-01 12:04 - 00000000 ____D C:\Program Files\CCleaner
2015-10-12 16:14 - 2015-01-30 13:19 - 00000000 ____D C:\Program Files\Microsoft Deployment Toolkit
2015-10-12 16:14 - 2015-01-30 00:31 - 00000000 ____D C:\Program Files (x86)\JetAudio
2015-10-12 16:14 - 2015-01-29 14:53 - 00000000 ____D C:\Program Files (x86)\WordView
2015-10-12 16:14 - 2015-01-28 18:00 - 00000000 ____D C:\Program Files\DIFX
2015-10-12 16:14 - 2015-01-28 11:14 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-10-12 16:14 - 2015-01-28 07:14 - 00000000 ____D C:\Program Files\Microsoft Message Analyzer
2015-10-12 16:14 - 2015-01-28 06:46 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2015-10-12 16:14 - 2015-01-27 23:47 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-10-12 16:14 - 2015-01-27 23:46 - 00000000 ____D C:\Program Files\ASUS
2015-10-12 16:14 - 2015-01-25 08:11 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2015-10-12 16:14 - 2015-01-20 12:23 - 00000000 ____D C:\Program Files (x86)\Hp
2015-10-12 16:14 - 2015-01-19 02:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-12 16:14 - 2015-01-19 02:26 - 00000000 ___HD C:\Program Files (x86)\installshield installation information
2015-10-12 16:13 - 2015-08-07 06:16 - 00000000 ___HD C:\$Windows.~WS
2015-10-12 15:56 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\registration
2015-10-12 15:40 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Web
2015-10-12 15:40 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Vss
2015-10-12 15:39 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-12 15:36 - 2015-07-15 00:20 - 00000000 ____D C:\WINDOWS\SysWOW64\Hotspot Shield
2015-10-12 15:31 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-12 15:27 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-12 15:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-12 15:17 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-12 15:11 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\Performance
2015-10-12 14:59 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-12 14:58 - 2015-09-12 20:09 - 00000000 ____D C:\Windows.old
2015-10-12 14:52 - 2015-09-09 21:40 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Kodi
2015-10-12 14:52 - 2015-08-19 12:26 - 00000000 ____D C:\Users\rocky\AppData\Roaming\VisualVM
2015-10-12 14:52 - 2015-08-08 18:04 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Notepad++
2015-10-12 14:52 - 2015-07-13 08:34 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Macromedia
2015-10-12 14:51 - 2015-09-12 13:40 - 00000000 ____D C:\Users\rocky\AppData\Roaming\asoftech
2015-10-12 14:51 - 2015-08-19 12:11 - 00000000 ____D C:\Users\rocky\AppData\LocalLow\Oracle
2015-10-12 14:51 - 2015-08-07 19:12 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Bitcoin
2015-10-12 14:51 - 2015-08-07 04:28 - 00000000 ____D C:\Users\rocky\AppData\LocalLow\Sun
2015-10-12 14:51 - 2015-07-12 23:21 - 00000000 ____D C:\Users\rocky\AppData\Roaming\Adobe
2015-10-12 14:51 - 2015-07-12 23:21 - 00000000 ____D C:\Users\rocky\AppData\Local\VirtualStore
2015-10-12 14:49 - 2015-07-12 23:21 - 00000000 ____D C:\Users\rocky\AppData\Local\Packages
2015-10-12 14:45 - 2015-07-13 14:59 - 00000000 ____D C:\Users\rocky\AppData\Local\Logitech® Webcam Software
2015-10-12 14:45 - 2015-07-13 05:50 - 00000000 ____D C:\Users\rocky\AppData\Local\Mozilla
2015-10-12 14:44 - 2015-07-12 23:21 - 00000000 ____D C:\Users\rocky\AppData\Local\Google
2015-10-12 14:41 - 2015-08-19 12:25 - 00000000 ____D C:\Users\rocky\.eclipse
2015-10-12 14:41 - 2015-07-13 01:38 - 00000000 ____D C:\Users\rocky\AppData\Local\Apps\2.0
2015-10-12 14:39 - 2015-07-10 02:05 - 00000000 __RHD C:\Users\Default
2015-10-12 14:39 - 2015-04-24 13:54 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Sun
2015-10-12 14:39 - 2015-04-20 06:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Kodi
2015-10-12 14:39 - 2015-03-07 17:55 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\Kodi
2015-10-12 14:39 - 2015-02-07 20:19 - 00000000 ____D C:\Users\Administrator
2015-10-12 14:37 - 2015-09-12 19:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-12 14:37 - 2015-06-15 04:46 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Apps\2.0
2015-10-12 14:37 - 2015-05-13 23:36 - 00000000 ____D C:\RegBackup
2015-10-12 14:37 - 2015-02-18 07:46 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CyberLink
2015-10-12 14:37 - 2015-02-18 07:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Google
2015-10-12 14:36 - 2015-01-19 02:47 - 00000000 ____D C:\ProgramData\Logishrd
2015-10-12 14:35 - 2015-07-10 04:04 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-12 14:35 - 2015-02-26 18:22 - 00000000 ____D C:\ProgramData\ASUS
2015-10-12 14:35 - 2015-02-26 03:17 - 00000000 ____D C:\ProgramData\Battle.net
2015-10-12 14:35 - 2015-02-16 21:14 - 00000000 ____D C:\ProgramData\install_clap
2015-10-12 14:35 - 2015-01-31 13:12 - 00000000 ____D C:\ProgramData\GRETECH
2015-10-12 14:35 - 2015-01-20 16:20 - 00000000 ____D C:\ProgramData\Adobe
2015-10-12 14:33 - 2015-04-24 20:31 - 00000000 ____D C:\Program Files\WIDCOMM
2015-10-12 14:33 - 2015-03-05 02:22 - 00000000 ____D C:\Program Files\VideoLAN
2015-10-12 14:32 - 2015-07-11 23:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-12 14:32 - 2015-04-24 13:54 - 00000000 ____D C:\Program Files\Logitech
2015-10-12 14:31 - 2015-06-15 00:14 - 00000000 ____D C:\Program Files\JAM Software
2015-10-12 14:31 - 2015-04-24 14:05 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2015-10-12 14:30 - 2015-09-12 19:19 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-12 14:30 - 2015-07-22 02:38 - 00000000 ____D C:\Program Files (x86)\Technitium
2015-10-12 14:30 - 2015-07-10 04:04 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-12 14:30 - 2015-01-19 05:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-12 14:29 - 2015-09-12 19:58 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-12 14:29 - 2015-02-25 22:59 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2015-10-12 14:29 - 2015-01-29 14:55 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-10-12 14:29 - 2015-01-19 02:53 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2015-10-12 14:27 - 2015-07-22 02:06 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2015-10-12 14:27 - 2015-03-20 05:05 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-10-12 14:26 - 2015-06-26 02:49 - 00000000 ____D C:\Program Files (x86)\avicohh software
2015-10-12 14:26 - 2015-01-29 22:50 - 00000000 ____D C:\Program Files (x86)\Cok Software
2015-10-12 14:25 - 2015-09-12 19:18 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-10-12 14:25 - 2015-09-12 13:34 - 00000000 ____D C:\Program Files (x86)\Asoftech
2015-10-12 14:25 - 2015-05-14 02:18 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-10-12 14:25 - 2015-05-14 02:16 - 00000000 ____D C:\Program Files (x86)\AMD
2015-10-12 14:24 - 2015-04-25 19:46 - 00000000 __RHD C:\MSOCache
2015-10-12 14:23 - 2015-05-14 02:15 - 00000000 ____D C:\AMD
2015-10-12 10:01 - 2015-08-17 01:55 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-10-12 09:59 - 2014-10-16 06:50 - 00000000 ____D C:\Users\Administrator.klowds\Documents\setup
2015-10-12 02:48 - 2015-05-17 17:16 - 00000000 ____D C:\Users\razbo\AppData\Roaming\Sun
2015-10-11 17:35 - 2015-07-10 06:39 - 00000000 ____D C:\$Windows.~BT
2015-10-11 16:04 - 2015-07-13 00:59 - 00000000 ____D C:\Users\rocky\AppData\Local\CrashDumps
2015-10-11 16:04 - 2015-04-24 17:02 - 00000000 ____D C:\Users\razbo\AppData\Local\CrashDumps
2015-10-11 16:03 - 2015-04-02 07:08 - 00000000 ____D C:\Users\klowwds\AppData\Local\CrashDumps
2015-10-11 15:22 - 2015-03-02 04:25 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-11 14:03 - 2015-05-11 23:37 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\Adobe
2015-10-10 08:03 - 2015-01-19 02:54 - 00000000 ____D C:\Users\klowwds\Documents\My RoboForm Data
2015-10-10 05:23 - 2015-03-19 17:08 - 00000000 ____D C:\AdwCleaner
2015-10-09 12:54 - 2015-07-12 23:38 - 00000000 ____D C:\Users\rocky\Documents\My RoboForm Data
2015-09-18 22:48 - 2015-08-08 04:53 - 00002175 _____ C:\Users\rocky\Desktop\ICQ.lnk
2015-09-17 09:32 - 2015-01-19 03:01 - 00003572 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-09-15 09:12 - 2015-07-10 04:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 09:12 - 2015-07-10 04:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 22:24 - 2015-03-21 19:30 - 00000000 ____D C:\Program Files\SoftwareForMe Inc
2015-09-14 16:58 - 2015-08-19 15:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-14 14:33 - 2015-09-12 19:18 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-09-14 07:41 - 2015-07-13 04:25 - 00235754 _____ C:\Users\rocky\Desktop\Console1.msc
2015-09-14 04:41 - 2015-07-13 04:36 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{523C9F55-BA1D-4863-8BC0-11C63C972AA9}
2015-09-13 23:45 - 2015-02-28 11:31 - 05288480 _____ C:\WINDOWS\PE_Rom.dll
2015-09-13 22:04 - 2015-07-13 04:07 - 00000000 ____D C:\Users\rocky\AppData\Local\Adobe
2015-09-13 17:09 - 2015-08-07 13:55 - 00000000 ____D C:\Users\rocky\AppData\Local\Battle.net
2015-09-13 11:09 - 2015-06-15 00:26 - 00000000 ____D C:\Users\razbo\Downloads\uTorrent PRO 3.4.3 build 40466 Stable + Crack [S0ft4PC]
2015-09-13 11:09 - 2015-05-27 05:37 - 00000000 ____D C:\Users\razbo\AppData\Roaming\uTorrent
2015-09-13 11:09 - 2015-04-21 20:15 - 00000000 ____D C:\Users\klowwds\AppData\Local\84A13E20-1429647334-11DC-8D27-60A44C633FA4
2015-09-13 11:09 - 2015-03-21 21:00 - 00000000 ____D C:\Users\klowwds\AppData\Roaming\Yahoo!
2015-09-13 11:09 - 2015-02-27 03:46 - 00000000 ____D C:\Users\klowwds\Desktop\ypp0755b
2015-09-13 11:09 - 2015-02-25 23:54 - 00000000 ____D C:\Users\klowwds\AppData\Roaming\mgyun
2015-09-13 11:09 - 2015-02-14 04:37 - 00000000 ____D C:\Users\razbo\Documents\keygen2015 (SCooNZy)
2015-09-13 11:09 - 2015-02-09 09:29 - 00000000 ____D C:\Users\klowwds\Downloads\PowerISO 6.1 Multilingual (x86-x64) + Crack [ATOM]
2015-09-13 11:09 - 2015-02-01 19:59 - 00000000 ____D C:\Users\klowwds\Downloads\HackGenerator_v11
2015-09-13 10:50 - 2015-07-13 07:38 - 00000292 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_rocky.job
2015-09-13 10:49 - 2015-08-19 14:58 - 00002478 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_rocky
2015-09-13 10:37 - 2015-07-10 05:20 - 00348000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 04:04 - 2015-04-03 04:32 - 00000000 ____D C:\Program Files (x86)\LitexMedia

==================== Files in the root of some directories =======

2015-09-12 23:43 - 2015-09-12 23:43 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-10-13 03:24 - 2015-10-13 03:25 - 0001294 _____ () C:\Users\Administrator.klowds\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-13 03:24 - 2015-10-13 03:25 - 0005804 _____ () C:\Users\Administrator.klowds\AppData\Roaming\Bubble Dock.installation.log
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Administrator.klowds\AppData\Roaming\O4NNK576gCDqgivfrrIMRUAi
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Administrator.klowds\AppData\Roaming\oQNkhFDO8v8XDfLmd
2015-10-13 03:25 - 2015-10-13 03:25 - 0000078 _____ () C:\Users\Administrator.klowds\AppData\Roaming\Selection Tools.installation.log
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Administrator.klowds\AppData\Roaming\VH86XlWfnORG
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Administrator.klowds\AppData\Roaming\VH86XlWfnORGnxmRviLiAM0zjuU
2015-10-13 03:24 - 2015-10-13 03:24 - 0000097 _____ () C:\Users\Administrator.klowds\AppData\Roaming\WindApp.boostrap.log
2015-10-13 03:25 - 2015-10-13 03:25 - 0000078 _____ () C:\Users\Administrator.klowds\AppData\Roaming\WindApp.installation.log
2015-01-19 22:03 - 2015-01-19 22:03 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-03-06 13:51 - 2015-06-15 05:08 - 0005449 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_WebcamMax_webcammax.exe


Some files in TEMP:
====================
C:\Users\Administrator.klowds\AppData\Local\Temp\dllnt_dump.dll
C:\Users\klowwds\AppData\Local\Temp\6789.exe
C:\Users\klowwds\AppData\Local\Temp\7054.exe
C:\Users\klowwds\AppData\Local\Temp\7100.exe
C:\Users\klowwds\AppData\Local\Temp\7449.exe
C:\Users\klowwds\AppData\Local\Temp\7742.exe
C:\Users\klowwds\AppData\Local\Temp\8271.exe
C:\Users\klowwds\AppData\Local\Temp\8FFD427E-F52C-37D3-608D-352F36983F31.dll
C:\Users\klowwds\AppData\Local\Temp\dllnt_dump.dll
C:\Users\klowwds\AppData\Local\Temp\mdsetup.EXE
C:\Users\klowwds\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\klowwds\AppData\Local\Temp\Quarantine.exe
C:\Users\klowwds\AppData\Local\Temp\setup_608.exe
C:\Users\klowwds\AppData\Local\Temp\sqlite3.dll
C:\Users\rocky\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-04 10:46

==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Administrator (2015-10-13 18:51:29)
Running from C:\Users\Administrator.klowds\Downloads
Windows 10 Pro (X64) (2015-09-13 03:05:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-877872159-248972997-1231205137-500 - Administrator - Enabled) => C:\Users\Administrator.klowds
DefaultAccount (S-1-5-21-877872159-248972997-1231205137-503 - Limited - Disabled)
Guest (S-1-5-21-877872159-248972997-1231205137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877872159-248972997-1231205137-1017 - Limited - Enabled)
razbo (S-1-5-21-877872159-248972997-1231205137-1009 - Administrator - Enabled) => C:\Users\razbo
rocky (S-1-5-21-877872159-248972997-1231205137-1015 - Administrator - Enabled) => C:\Users\rocky
yeti (S-1-5-21-877872159-248972997-1231205137-1019 - Administrator - Enabled) => C:\Users\yeti

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3F48F53E-BC0F-A72E-AC89-EA9C3F8F4701}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 4.4.0.0 - Auslogics Labs Pty Ltd)
Auto Typer Asoftech (HKLM-x32\...\{1F54B2E9-B91E-4E17-8154-81970879EB5A}) (Version: 1.0 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CCProxy 8.0 (HKLM\...\CCProxy_is1) (Version: - Youngzsoft, Inc.)
Cok Free Auto Typer 3.0 (HKLM-x32\...\Cok Free Auto Typer_is1) (Version: 3.0 - Cok Free Software)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FBP - Facebook Blaster Pro (HKLM-x32\...\{13F864A8-B7AF-4D36-8F23-08C58C7E685B}) (Version: 9.0.4 - Digital Media Group)
Ghostbuster (HKU\S-1-5-21-877872159-248972997-1231205137-500\...\585841693e8401e3) (Version: 1.0.0.5 - Ghostbuster)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.2 - goldensoft.org)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{28981D56-C55A-4972-998F-823590FD43A2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kodi (HKU\S-1-5-21-877872159-248972997-1231205137-500\...\Kodi) (Version: - XBMC-Foundation)
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LGFlashTool 1.8.6.527 (HKLM-x32\...\LGFlashTool) (Version: 1.8.6.527 - LGE)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MetaX for Windows (HKLM-x32\...\{37C00961-B793-45A8-9BEF-0E9A281107B0}) (Version: 2.25 - No Bull Software)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Deployment Toolkit 2013 (6.2.5019.0) (HKLM\...\{CFF8B5ED-0A4D-4EDD-9159-32FE1D31C9E3}) (Version: 6.2.5019.0 - Microsoft Corporation)
Microsoft Message Analyzer (HKLM\...\{89A87FF1-607C-4551-B363-DDFA2719067E}) (Version: 4.0.6396.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RoboForm 7-9-15-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-15-8 - Siber Systems)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Sidekick Outlook plugin (HKLM-x32\...\{827BE278-1FD2-4319-A5A4-C106E6976010}) (Version: 1.2.7.0 - HubSpot, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TreeSize Professional V6.0.2 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.2 - JAM Software)
Ultimate Bot Setup (HKLM-x32\...\{E3FBF14B-C777-4737-9C49-197FB2C50A30}) (Version: 1.0.0 - Shivinder Singh Narr)
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.1 - Unified Intents AB)
USBlyzer - USB Protocol Analyzer (HKLM\...\USBlyzer) (Version: 2.1 Build 40 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git-20150421-0403 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
webcamXP 5 Free (HKLM-x32\...\wLite) (Version: 5.9.2.0 - Moonware Studios)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
XLS Reader (HKLM-x32\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )
X-Mouse Button Control 2.5 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-10-2015 03:56:10 Checkpoint by HitmanPro
13-10-2015 11:58:46 Installed Java 7 Update 80 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-10-13 11:56 - 00000818 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03D0DC6A-BAD2-42FC-B901-6B2F54C090A4} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {06DF6072-2E8F-42F8-ADB6-6095088A315A} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {091FEFA0-A541-4796-AA9B-A0657B046B13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {0A308030-35DF-419E-BE3A-1B4CCFFDEB16} - System32\Tasks\Uninstaller_SkipUac_razbo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {0EBD8514-9BBF-479E-91C2-D97D766442BC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1034FCE5-519B-4BE3-ADA1-9CDB6AB2CE41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {12B3781A-0162-4D55-A099-F8E9066C68B3} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-07-20] (IObit)
Task: {16DEE494-E45F-4C0D-911E-793C3442CAD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {17E73E52-AF8A-4B0E-B00C-F49F386D4851} - System32\Tasks\updateTask => c:\task.vbs [2015-10-13] ()
Task: {1959FC9A-3901-4F39-8A8D-E5028F2E6B8C} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1D02129F-381A-4929-8873-8C3C8571BAEB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1ECD09A1-F3E8-4B7C-9F94-13B16EBCE82B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-17] (Siber Systems)
Task: {21C72CD0-D613-4A28-AE7E-6A58B36617B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {2338CFAD-FAFD-41CA-BCCF-FE804D553B03} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2A8F595C-8651-4F23-9D69-CC5A10695994} - System32\Tasks\Uninstaller_SkipUac_klowwds => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {2D1BAEC0-04B0-4ECA-9467-5B0BEE3B15F7} - System32\Tasks\SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {326FA863-FA81-4063-8BCA-F81F2B3213FF} - System32\Tasks\Uninstaller_SkipUac_rocky => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {3A21CC50-D2D1-4D37-B482-52E492EA4DDE} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {3D6552F4-5A74-4195-8D04-257B5B6094E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {3E136149-E11A-4DB1-9406-A265B5976214} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {41F5C87A-9376-4E27-B9BD-EC4BBCC415A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4399D457-82E0-43DE-A1F5-5BBC4F214868} - \Smp -> No File <==== ATTENTION
Task: {43D9E7C7-4974-40C3-897C-191F871B427D} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "https://accounts.goo...rviceLoginAuth"
Task: {47B69202-8924-4330-B393-7D9A70DD2ECD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4A13E95C-DFA2-4E21-9981-1237C1C42707} - System32\Tasks\ASC8_SkipUac_yeti => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {50DA1C86-1C3D-42E2-ACD6-9A7DD0F58EC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {563314DE-6910-4E01-B312-092D772769DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {577103A6-7001-4DD6-BF1E-223277096311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {597C1045-E7D3-4E9E-94DE-C27B331488CC} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {5B382885-9A1D-4E95-B149-ED15D1DE40C5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5C189737-1236-4E4D-BF3A-4C5C181541D2} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {5F140450-F012-423D-B9ED-DBDF0F61D00B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {60BBEAEB-3F0B-476F-9136-752EC9A1F5D9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6DC66784-0A5A-401A-9C56-FCBC8B981146} - System32\Tasks\Uninstaller_SkipUac_yeti => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {799ACEBF-3B67-4DB0-90D4-70FEEA16156E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {79ECEA16-359F-4D29-9A90-E158E79C2DDF} - System32\Tasks\SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {7DE7259C-D24A-4102-883E-834F2B80E5A8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7F84AD46-8CCA-4C20-848C-A504CADFFDCD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {80F94C99-B9B4-494E-8581-E9921BAD21FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85925B63-43E9-40EC-BED6-6ECC81822FA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {86B4E4F8-DFB2-43D7-828C-54038C584727} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {880DE06C-D5FC-415A-B84A-3E27BAA2F587} - System32\Tasks\{B4D85ADB-CB40-440A-B71F-3D1CA95C59E1} => pcalua.exe -a C:\Users\klowwds\Downloads\wd97vwr32.exe -d C:\Users\klowwds\Downloads
Task: {8D782F50-A0AF-4D2F-8B60-1FC7D6DD4617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8EB9186A-F71D-4774-B4D3-6D26902B26BF} - System32\Tasks\ASC8_SkipUac_razbo => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {8EFBA9FD-E328-4696-B27B-1E98C0463205} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8F6B0989-2573-4C42-AE43-15F5AA3E0C27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {968D5ED9-4B0A-4AB9-8FD7-81DA7D1B6AFA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {96A1C83F-432C-413A-BFEE-9C0961911FCF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A027B223-4690-44D5-BF51-1609853F7474} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A04D5D02-9047-4861-B700-3411DB32D38E} - \YTDownloader -> No File <==== ATTENTION
Task: {A55A9EF8-56C9-4E9E-A7FF-A7EF893ED067} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB74666B-1F15-4012-8697-4DA24BF2A5A4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AD5D7820-EBBD-47C1-842A-D684BE4251C0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {AF4A56C9-3927-4458-AB47-9C3377F5F2FC} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B0D416CC-46D0-40F7-9897-864864888B26} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B125619B-4C3F-4435-BE3D-641E14B67291} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BC7048A4-1D3E-4C25-8EC7-ED6A2D197997} - \Optimize Start Menu Cache Files-S-1-5-21-877872159-248972997-1231205137-1001 -> No File <==== ATTENTION
Task: {C7F05019-6CC3-4CF0-8D00-60D24DC3280D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C8B09982-6F80-4B37-9270-1EF5046783C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CF2CBD6D-F1D9-4589-81AF-F1BBB5FA5BCF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D22400C9-E4F3-44EC-92F2-15366C140AE7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D4D708CF-E865-4F06-9151-BAD31B05B113} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D7E54AF3-BEDA-431A-9973-6C0AEEF877B1} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {DDE8831B-6FAE-4D87-848E-3744A8C4A6E1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E602A23A-1CA2-49F7-8B3D-5B7C62F5E48E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E9444B64-B843-40B8-831C-7B6AF3B233F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EF0F1DCA-9128-4DBB-9744-AD433DB434B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {F655219D-163C-49E2-AC1D-A295CF021F2A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {F6C7F60C-4E48-411B-AB48-DA39D74DFB55} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8B89A59-AE4A-4D0B-8942-691C3582373F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC88C0C3-8B6A-477F-A157-57469E126B53} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ASC8_SkipUac_razbo.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_yeti.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_klowwds.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_razbo.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_rocky.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_yeti.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\WebReg HP Photosmart C4700 Series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-12 20:07 - 2015-09-12 20:07 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-12 20:07 - 2015-09-12 20:07 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-11 23:17 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-03 16:00 - 2015-08-03 16:00 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-10-13 03:43 - 2015-07-08 18:26 - 00173088 _____ () C:\Users\Administrator.klowds\AppData\Roaming\NetService\netservice.exe
2015-02-26 18:22 - 2015-02-26 18:22 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-09-12 20:07 - 2015-09-12 20:07 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-03 15:59 - 2015-08-03 15:59 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-09-12 20:07 - 2015-09-12 20:07 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-12 20:07 - 2015-09-12 20:07 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-12 20:07 - 2015-09-12 20:07 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-12 20:07 - 2015-09-12 20:07 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-13 06:47 - 2015-09-24 19:19 - 00185800 _____ () C:\Users\Administrator.klowds\AppData\Local\Crsoft\crsvc.exe
2015-02-26 18:22 - 2015-10-13 11:49 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-02-26 18:22 - 2015-02-26 18:19 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-10-13 11:07 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2015-02-01 12:14 - 2015-02-01 12:14 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-02-26 18:23 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-02-26 18:23 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-02-26 18:23 - 2012-10-08 17:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-04-27 01:25 - 2012-06-19 12:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-02-28 01:50 - 2012-07-20 10:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-02-26 18:23 - 2013-04-15 14:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-02-26 18:23 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-02-26 18:23 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-02-26 18:23 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-02-26 18:23 - 2012-08-29 18:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-02-26 18:22 - 2015-02-26 18:20 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2015-02-26 18:23 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-02-26 18:23 - 2010-09-08 21:25 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\cpuutil.dll
2015-02-26 18:23 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\125616160355829c234829:Win32App
AlternateDataStreams: C:\2c9637146487f139621de20652:Win32App
AlternateDataStreams: C:\4405067e23b4d253a2cb73fb45:Win32App
AlternateDataStreams: C:\a88559a11a9e4d2d9e:Win32App
AlternateDataStreams: C:\bcf70074be4bc5194087d64ec9:Win32App
AlternateDataStreams: C:\CCProxy:Win32App
AlternateDataStreams: C:\f82e7d9f51018f799c:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files\Bonjour:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\Defraggler:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Deployment Toolkit:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Message Analyzer:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\PowerISO:Win32App
AlternateDataStreams: C:\Program Files\Recuva:Win32App
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\ASM104xUSB3:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App
AlternateDataStreams: C:\Program Files (x86)\FBP - Facebook Blaster Pro:Win32App
AlternateDataStreams: C:\Program Files (x86)\GSAutoClicker3:Win32App
AlternateDataStreams: C:\Program Files (x86)\MediaMonkey:Win32App
AlternateDataStreams: C:\Program Files (x86)\MetaX:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Money Plus:Win32App
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App
AlternateDataStreams: C:\Program Files (x86)\Unified Remote 3:Win32App
AlternateDataStreams: C:\Program Files (x86)\USBlyzer:Win32App
AlternateDataStreams: C:\Program Files (x86)\VROOT:Win32App
AlternateDataStreams: C:\Program Files (x86)\WinZip:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft Public Test:Win32App
AlternateDataStreams: C:\Program Files (x86)\XLS Reader:Win32App
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App
AlternateDataStreams: C:\ProgramData\HP:Win32App
AlternateDataStreams: C:\ProgramData\HP Product Assistant:Win32App
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB
AlternateDataStreams: C:\Users\klowwds\OneDrive:ms-properties
AlternateDataStreams: C:\Users\klowwds\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\klowwds\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\klowwds\AppData\Roaming\sidekick:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\JDownloader 2.0:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\Temp:Win32App
AlternateDataStreams: C:\Users\rocky\Downloads\LGUnitedMobileDriver_S52MAN314AP22_ML_WHQL_Ver_3.14.1.exe:Win32App

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-877872159-248972997-1231205137-500\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-877872159-248972997-1231205137-500\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-877872159-248972997-1231205137-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: amdacpusrsvc => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AsusFanControlService => 2
MSCONFIG\Services: AVP15.0.1 => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: BitMeterCaptureService => 2
MSCONFIG\Services: BitMeterWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Crashhd => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Media Center 20 Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetAutoconnectFocusSvc => 2
MSCONFIG\Services: netcfgsvr => 2
MSCONFIG\Services: NetClientSvc => 2
MSCONFIG\Services: NetLogSvc => 2
MSCONFIG\Services: NetTcpHandler => 2
MSCONFIG\Services: PhoneMyPC_Helper => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwiCardDetectSvc => 2
MSCONFIG\Services: w7Svc => 3
MSCONFIG\Services: XMouseButton Launcher => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 =>
MSCONFIG\startupreg: DeskBar =>
MSCONFIG\startupreg: DV =>
MSCONFIG\startupreg: EvtMgr6 =>
MSCONFIG\startupreg: NowUSeeIt Player =>
MSCONFIG\startupreg: Selection Tools =>
MSCONFIG\startupreg: SmartWeb =>
MSCONFIG\startupreg: YTDownloader =>
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AT&T Global Network Client.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Remote PC Server.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SpUninstallCleanUp"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKLM\...\StartupApproved\Run32: => "ASUS WiFi GO! FileTransfer Execute"
HKLM\...\StartupApproved\Run32: => "Syslog"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ATNSOFT Key Manager"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-877872159-248972997-1231205137-500\...\StartupApproved\Run: => "Easy Driver Pro"
HKU\S-1-5-21-877872159-248972997-1231205137-500\...\StartupApproved\Run: => "NowUSeeIt Player"
HKU\S-1-5-21-877872159-248972997-1231205137-500\...\StartupApproved\Run: => "Selection Tools"
HKU\S-1-5-21-877872159-248972997-1231205137-500\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{3FED5E5B-D691-4255-B805-CBEDACAD6501}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{B9808081-3091-4920-BCEA-65BA2DE1B45E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B763D65B-D631-4431-B6B6-610F3A66F59F}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{67A6E572-30F8-4C59-BCF9-431A885B6957}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [UDP Query User{996B58C9-4749-4441-A292-CF6C055D8F37}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{268944E1-E1BE-4EF6-B2D9-D42B20968E3F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{472D2826-40C4-493D-BF09-FD3975BE1197}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [TCP Query User{BF220EC8-4DD6-4CCB-AB67-F4AFC8E5FD08}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [UDP Query User{25978F3E-EFEA-4AFF-8E27-9C5A00991BBB}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [TCP Query User{B7C1D899-66F7-46F8-B149-9158A8EDB1F2}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [UDP Query User{0EEE68DF-5E33-45A1-8040-C233D72C74EA}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [TCP Query User{117D28EA-7765-4BF5-99C5-E6C81EA383CC}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [UDP Query User{C37F4C39-3266-420B-845A-D19F14BE507C}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [TCP Query User{7D4D416D-531E-4B21-8321-B305677B3197}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [UDP Query User{ED2E9047-6FD6-4425-BFBC-F89AF58FE613}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9523EB59-93FF-4B7B-9C1C-80C7894024C4}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{468C25E1-9E89-48DB-BA78-4DF06B068098}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{21DB82BC-DC0B-428D-801D-CE0BB8691EED}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{D022C6FB-C6FD-4F31-9631-2B3189329DB5}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{36F7D1FC-0391-4337-8100-D65DBF98C97F}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DC855D69-08F6-4824-9CA1-964AD871F8EF}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{B48768F3-E67B-4142-80A5-201AC2E73D5A}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{306CB431-3515-4985-A23B-F15FE801093E}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{21FCCC7F-725F-49EF-AC6D-C62BF307BFC9}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [UDP Query User{504DA670-6E1F-4C3A-AF4D-5F5EA9DD1D06}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{868BC391-8085-4C85-962D-66550E481C6B}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [{BE018028-326F-460C-909E-2DF895AD9827}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FDF6498B-DAD6-4D4C-83CC-901F504B2962}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{442165E1-2D86-4D2E-953C-96E01D205878}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{64DB7B99-B400-4949-AE85-21FBC1270EC1}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{43A58AAF-4DAE-4B44-8C3B-0C82757D98E0}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{C8A97AA4-82D3-4292-BF44-05FA17C8CA5C}] => (Allow) C:\Users\razbo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89E9001A-DBAD-4693-BA94-E5D29DE62C1A}] => (Allow) C:\Users\razbo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2085166C-2B25-458D-BD29-202531E5C2F2}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [{7ADE2A82-96EA-4A9C-B8B7-E2EB9571ADE0}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [UDP Query User{D7C0C455-C75C-4342-AA20-1B290C29609B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7D983C49-EC47-41B5-996D-0617391D5D64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F4F83C58-47EF-49C6-985A-F1CF1CCC2E3B}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [TCP Query User{73968A52-DF5B-4338-88A8-3139C5DFCD5C}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [UDP Query User{F8F10505-B1FA-4B80-AD70-3CD4F815CB78}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{ED2F51E4-E919-40C5-AED3-CBAF4218C5A1}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{99574532-E252-4B9E-B25A-010DC79F6C5B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{61A7BF37-1909-460D-B3B6-C99E4877FB8A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AC80B600-6FC6-4E9B-A2B0-D025BF7F935E}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [TCP Query User{8792AD97-8CF3-4075-99AC-916D43F1ECE6}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [UDP Query User{68202FB6-B028-43F5-99C0-A2A0A744F62F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{66235323-7DB7-4CCA-9E34-D7B00EA46E99}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{FCBE9970-B2D1-40BC-AD3F-FA1D988FE9C3}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{EF5475A0-EB8E-412C-A8A0-6BEDE044C16F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{D887439E-12C8-4053-BF53-F30BC947FB00}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{F5D5B69F-93EF-4650-B6EC-2525A3E12598}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{A9FE5579-680B-4D38-842A-402666EC6D3E}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [TCP Query User{3611143E-2CA2-4736-A277-4580F1E1FD24}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [UDP Query User{6DE0A573-8F65-4880-ABBF-0C850A04B076}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{BADAA19D-6E84-4B78-AE23-E343CC9A4B82}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9BCF3E4D-366B-4AA2-8B09-3C777B35F289}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{130DBF77-0824-474A-8547-D80A8C1D83B0}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{04800F8D-DDA2-46B8-9A0B-0D891BD7670B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{099F0B49-3B6A-4B41-8930-0E5E01D0A179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52E09A06-6EAF-4F3D-8DE1-53DB028F54DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89574734-B51E-42A6-B649-230D3CDC88EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD84DB04-9B36-4EC9-982E-A03C8D41D241}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D156716-55BD-4E02-8142-B037C931A247}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6FE9602-B8D8-4FCB-B73A-39227B2F3EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6096CA53-50CF-4991-9FD3-FA1BFB432B8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{65663FE1-9ADE-4036-9FC3-A82748A18251}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{62F868F1-93D2-47CF-8884-833B59FA43FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7E74874B-5CE6-4C40-8925-6D50E7DBDB05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{152E04C0-98A8-46F0-AF87-3DBF4301966D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{76A30184-2A1E-4CFA-AA09-BE6D6497F554}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{14401A15-5B0A-48AC-8F94-A82009034F31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D3505EE4-8E12-4C11-8CC8-3C5B9713BF54}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [UDP Query User{BF6EB70C-9693-4FED-9F6E-559B373B60D3}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [TCP Query User{32AC22F1-8649-47DB-8BEF-A3C14C53BBB2}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [{01836689-E1E6-488F-A3CA-89B39F932167}] => (Allow) LPort=1900
FirewallRules: [{83A515A1-1419-44A3-9597-3FA296B6FFE8}] => (Allow) LPort=2869
FirewallRules: [{393E38F3-778C-4AFB-9EAD-DE0CE65B3C5D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{C4D753C3-ECDD-4942-BCD7-C93DAD3332F8}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{02EF18BD-10D1-4D8F-9226-073D8F912599}] => (Allow) LPort=1900
FirewallRules: [{5CB198C3-0DC4-4073-B9BE-541F421E83CB}] => (Allow) LPort=2869
FirewallRules: [{CD3E8D71-0FE3-4CD3-B257-8ADC09FAF4D8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4DD0CD89-C605-495D-BA0F-99EE9D23B7AE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{A9DFE94D-F421-4B6D-AB45-C7699555F2A4}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [TCP Query User{2F80BEDD-4546-4951-AE26-32369F5EB6C1}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [{5C45E4B4-7CDB-4B9D-B628-20EC4AB94730}] => (Allow) C:\Users\klowwds\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{C6710B53-733E-44CE-BEC5-BC2209501651}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [TCP Query User{8EE739D5-9155-4CB8-A46C-3DB95B31EC03}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [UDP Query User{14833474-732C-4132-BAB3-7BFEEC37EFC7}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [TCP Query User{736EF2AB-E6FE-4870-92DD-52BA6C13D5F1}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [UDP Query User{A2763E57-1354-44D7-9E47-7066B63C0AE5}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{53383562-B016-4883-A5D0-94AF27F3953F}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{93EDF0E7-373E-43A2-8BEC-7483B4C2355A}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{97818ED7-BD8C-4C1F-8CBF-96EBBC0CA75C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{23917CEE-0541-482B-AD93-539009452C40}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{9FF9F6CF-109B-417F-A6D2-EE4D2F292510}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CBF955AF-13CF-4733-8944-208D36635EC5}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{B8E2023C-48FF-4F6A-B1F7-EE48CF91793C}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2015 04:07:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10240.16412, time stamp: 0x55b99447
Faulting module name: MSHTML.dll, version: 11.0.10240.16485, time stamp: 0x55de9ebe
Exception code: 0xc0000005
Fault offset: 0x00e65f6d
Faulting process id: 0xee4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (10/13/2015 03:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLOWDS)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/13/2015 12:23:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KLOWDS)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/13/2015 12:15:13 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/13/2015 12:15:13 PM) (Source: ESENT) (EventID: 486) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: An attempt to move the file "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB.log" to "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB0000F.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).

Error: (10/13/2015 12:15:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/13/2015 12:15:02 PM) (Source: ESENT) (EventID: 486) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: An attempt to move the file "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB.log" to "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB0000F.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).

Error: (10/13/2015 12:14:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/13/2015 12:14:51 PM) (Source: ESENT) (EventID: 486) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: An attempt to move the file "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB.log" to "C:\Users\yeti\AppData\Local\TileDataLayer\Database\EDB0000F.log" failed with system error 5 (0x00000005): "Access is denied. ". The move file operation will fail with error -1032 (0xfffffbf8).

Error: (10/13/2015 12:14:40 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (2796) TILEREPOSITORYS-1-5-21-877872159-248972997-1231205137-1019: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (10/13/2015 02:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Driver Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/13/2015 02:05:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Crash Handler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/13/2015 02:05:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (10/13/2015 12:51:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876

Error: (10/13/2015 12:51:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876

Error: (10/13/2015 12:51:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876

Error: (10/13/2015 12:46:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Data Sharing Service service terminated with the following error:
%%3239247876

Error: (10/13/2015 12:13:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft Phone Companion.

Error: (10/13/2015 12:13:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft .Net Native Runtime Package 1.1.23101.0.

Error: (10/13/2015 12:13:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: MSN News.


CodeIntegrity:
===================================
Date: 2015-10-13 10:07:28.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 10:07:28.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 10:07:28.821
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 10:07:28.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:32:08.955
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:32:08.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:29:50.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:29:50.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:29:50.004
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-13 03:29:49.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX™-4300 Quad-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16297.5 MB
Available physical RAM: 12644.41 MB
Total Virtual: 24297.5 MB
Available Virtual: 21429.23 MB

==================== Drives ================================

Drive c: (cool) (Fixed) (Total:1861.18 GB) (Free:1282.45 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:923.51 GB) (Free:837.58 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:8 GB) (Free:7.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B6A4089D)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4A56FFBE)
Partition 1: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by razmage11, 13 October 2015 - 09:05 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi are you aware that windows defender is turned off and you are unprotected

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-13] (Lavasoft Limited)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
insock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-13] (Lavasoft Limited)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-877872159-248972997-1231205137-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\rocky\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-09-03] (Dashlane)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=MAF4DE6E0-F7B7-4297-8A63-9C24944D0F5E&SearchSource=55&CUI=&UM=8&UP=SPDD39E1CC-ECB1-4177-B73D-AE22901D3328&D=101315&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=MAF4DE6E0-F7B7-4297-8A63-9C24944D0F5E&SearchSource=55&CUI=&UM=8&UP=SPDD39E1CC-ECB1-4177-B73D-AE22901D3328&D=101315&SSPV="
CHR DefaultSearchKeyword: Default -> t
CHR Extension: (Consumer Input) - C:\Users\Administrator.klowds\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc [2015-10-13]
S1 {8c18950d-388e-4a16-b947-a882c417f551}Gw64; system32\drivers\{8c18950d-388e-4a16-b947-a882c417f551}Gw64.sys [X]
2015-10-13 07:53 - 2015-10-13 07:53 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-13 03:45 - 2015-10-13 03:45 - 00001208 _____ C:\Users\Public\Desktop\Rapid Media Converter.lnk
2015-10-13 03:44 - 2015-10-13 03:45 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\BrowserHelper
2015-10-13 03:43 - 2015-10-13 06:47 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\RunDir
2015-10-13 03:43 - 2015-10-13 03:43 - 00003242 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-10-13 03:43 - 2015-10-13 03:43 - 00000296 _____ C:\task.vbs
2015-10-13 03:43 - 2015-10-13 03:43 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\NetService
2015-10-13 03:42 - 2015-10-13 03:57 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\bvxvexvbg
2015-10-13 03:42 - 2015-10-13 03:44 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-13 03:42 - 2015-10-13 03:42 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.4161
2015-10-13 03:41 - 2015-10-13 03:41 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\MyBrowser
2015-10-13 03:40 - 2015-10-13 03:40 - 00000000 ____D C:\ProgramData\FlashBeat
2015-10-13 03:37 - 2015-10-13 03:37 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\NeoSmart_Technologies
2015-10-13 03:36 - 2015-10-13 03:36 - 00000264 _____ C:\prefs.js
2015-10-13 03:36 - 2015-10-13 03:36 - 00000000 ____D C:\searchplugins
2015-10-13 03:33 - 2015-10-13 04:02 - 00002880 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-13 03:33 - 2015-10-13 04:02 - 00002880 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-13 03:33 - 2015-10-13 03:42 - 00000008 _____ C:\END
2015-10-13 03:33 - 2015-10-13 03:33 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-13 03:33 - 2015-10-13 03:33 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-13 03:33 - 2015-10-13 03:33 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.4188
2015-10-13 03:32 - 2015-10-13 07:13 - 00000000 ____D C:\Program Files (x86)\WinPCOptimizer
2015-10-13 03:32 - 2015-10-13 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win PC Optimizer
2015-10-13 03:32 - 2015-10-13 03:32 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-10-13 03:19 - 2015-10-13 07:14 - 00000000 ____D C:\Program Files (x86)\S5
2015-10-13 03:19 - 2015-10-13 03:19 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\c
2015-10-11 17:31 - 2015-10-11 13:46 - 00000694 _____ C:\Users\Public\Downloads\j5GMc0fxhRtH0KBWZNGiN3zdoS59rvl5JvXubyv7z2Iw-MV3ApuMIgCnmD1DvMxSHu7BVAXW3x9PlJhSAs5wQQPKcQR-wT1PcsE0SXnAJaU9iHzqNz0ov2I3LLhiOham.htm
2015-10-11 13:46 - 2015-10-11 13:46 - 00000694 _____ C:\Users\Administrator.klowds\Downloads\j5GMc0fxhRtH0KBWZNGiN3zdoS59rvl5JvXubyv7z2Iw-MV3ApuMIgCnmD1DvMxSHu7BVAXW3x9PlJhSAs5wQQPKcQR-wT1PcsE0SXnAJaU9iHzqNz0ov2I3LLhiOham.htm
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Administrator.klowds\AppData\Roaming\O4NNK576gCDqgivfrrIMRUAi
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Administrator.klowds\AppData\Roaming\oQNkhFDO8v8XDfLmd
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Administrator.klowds\AppData\Roaming\VH86XlWfnORGnxmRviLiAM0zjuU
C:\ProgramData\C__Program Files (x86)_WebcamMax_webcammax.exe
Task: {06DF6072-2E8F-42F8-ADB6-6095088A315A} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {17E73E52-AF8A-4B0E-B00C-F49F386D4851} - System32\Tasks\updateTask => c:\task.vbs [2015-10-13] ()
Task: {1959FC9A-3901-4F39-8A8D-E5028F2E6B8C} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {2338CFAD-FAFD-41CA-BCCF-FE804D553B03} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2D1BAEC0-04B0-4ECA-9467-5B0BEE3B15F7} - System32\Tasks\SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {4399D457-82E0-43DE-A1F5-5BBC4F214868} - \Smp -> No File <==== ATTENTION
Task: {79ECEA16-359F-4D29-9A90-E158E79C2DDF} - System32\Tasks\SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {80F94C99-B9B4-494E-8581-E9921BAD21FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85925B63-43E9-40EC-BED6-6ECC81822FA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {86B4E4F8-DFB2-43D7-828C-54038C584727} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {880DE06C-D5FC-415A-B84A-3E27BAA2F587} - System32\Tasks\{B4D85ADB-CB40-440A-B71F-3D1CA95C59E1} => pcalua.exe -a C:\Users\klowwds\Downloads\wd97vwr32.exe -d C:\Users\klowwds\Downloads
Task: {8D782F50-A0AF-4D2F-8B60-1FC7D6DD4617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A027B223-4690-44D5-BF51-1609853F7474} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A04D5D02-9047-4861-B700-3411DB32D38E} - \YTDownloader -> No File <==== ATTENTION
Task: {B125619B-4C3F-4435-BE3D-641E14B67291} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BC7048A4-1D3E-4C25-8EC7-ED6A2D197997} - \Optimize Start Menu Cache Files-S-1-5-21-877872159-248972997-1231205137-1001 -> No File <==== ATTENTION
Task: {D22400C9-E4F3-44EC-92F2-15366C140AE7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D7E54AF3-BEDA-431A-9973-6C0AEEF877B1} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {E602A23A-1CA2-49F7-8B3D-5B7C62F5E48E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E9444B64-B843-40B8-831C-7B6AF3B233F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F6C7F60C-4E48-411B-AB48-DA39D74DFB55} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8B89A59-AE4A-4D0B-8942-691C3582373F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\125616160355829c234829:Win32App
AlternateDataStreams: C:\2c9637146487f139621de20652:Win32App
AlternateDataStreams: C:\4405067e23b4d253a2cb73fb45:Win32App
AlternateDataStreams: C:\a88559a11a9e4d2d9e:Win32App
AlternateDataStreams: C:\bcf70074be4bc5194087d64ec9:Win32App
AlternateDataStreams: C:\CCProxy:Win32App
AlternateDataStreams: C:\f82e7d9f51018f799c:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files\Bonjour:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\Defraggler:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Deployment Toolkit:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Message Analyzer:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\PowerISO:Win32App
AlternateDataStreams: C:\Program Files\Recuva:Win32App
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\ASM104xUSB3:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App
AlternateDataStreams: C:\Program Files (x86)\FBP - Facebook Blaster Pro:Win32App
AlternateDataStreams: C:\Program Files (x86)\GSAutoClicker3:Win32App
AlternateDataStreams: C:\Program Files (x86)\MediaMonkey:Win32App
AlternateDataStreams: C:\Program Files (x86)\MetaX:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Money Plus:Win32App
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App
AlternateDataStreams: C:\Program Files (x86)\Unified Remote 3:Win32App
AlternateDataStreams: C:\Program Files (x86)\USBlyzer:Win32App
AlternateDataStreams: C:\Program Files (x86)\VROOT:Win32App
AlternateDataStreams: C:\Program Files (x86)\WinZip:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft Public Test:Win32App
AlternateDataStreams: C:\Program Files (x86)\XLS Reader:Win32App
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App
AlternateDataStreams: C:\ProgramData\HP:Win32App
AlternateDataStreams: C:\ProgramData\HP Product Assistant:Win32App
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB
AlternateDataStreams: C:\Users\klowwds\OneDrive:ms-properties
AlternateDataStreams: C:\Users\klowwds\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\klowwds\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\klowwds\AppData\Roaming\sidekick:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\JDownloader 2.0:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\Temp:Win32App
AlternateDataStreams: C:\Users\rocky\Downloads\LGUnitedMobileDriver_S52MAN314AP22_ML_WHQL_Ver_3.14.1.exe:Win32App
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
IE trusted site: HKU\S-1-5-21-877872159-248972997-1231205137-500\...\webcompanion.com -> hxxp://webcompanion.com
C:\ProgramData\ShopperPro
C:\ProgramData\SearchModule
C:\Program Files (x86)\Faster Web
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP