Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Doll host.exercise.32 regenerting


  • This topic is locked This topic is locked
38 replies to this topic

#1 Manutd#14

Manutd#14

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 02 November 2014 - 11:31 AM


It appears my system has been infected with some type of Malware and is causing dllhost.exe to replicate itself and consume my system's cpu resources.
Seems active once wifi is on.

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 06 November 2014 - 04:40 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 09 November 2014 - 11:41 AM

Hi Georgi,

Apologies for my late reply. I was  watching for a message in the Inbox and not filtering for my thread.

Thank you for your support.

 

Here are the logs:

1) FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Mittens (administrator) on MITTENS-HP on 09-11-2014 11:29:44
Running from C:\Users\Mittens\Desktop
Loaded Profile: Mittens (Available profiles: Mittens)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGBA.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [768144 2014-11-09] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Run: [EPSON WorkForce 630 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM - {0162FA41-7B5C-43CA-BB9A-0BD47AD6B403} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0F17A5B1-E4B0-4B15-B8FE-A9E4DC3406D3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM - {71E870F3-ABF0-4ACC-9A35-2C19A742E8AE} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 - {0162FA41-7B5C-43CA-BB9A-0BD47AD6B403} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0F17A5B1-E4B0-4B15-B8FE-A9E4DC3406D3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM-x32 - {71E870F3-ABF0-4ACC-9A35-2C19A742E8AE} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {9A2ADA4E-5C15-4382-B981-99542074574B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0162FA41-7B5C-43CA-BB9A-0BD47AD6B403} URL =
SearchScopes: HKCU - {0F17A5B1-E4B0-4B15-B8FE-A9E4DC3406D3} URL =
SearchScopes: HKCU - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {71E870F3-ABF0-4ACC-9A35-2C19A742E8AE} URL =
SearchScopes: HKCU - {9A2ADA4E-5C15-4382-B981-99542074574B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {AD41E1E8-780B-49DE-9264-761C500CD753} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Inuvo, Inc)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://disney.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Mittens\AppData\Local\Roblox\Versions\version-c04585a2d58a4f29\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mittens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Mittens\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF

Chrome:
=======
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSearchURL: Default -> http://isearch.avg.com/search?cid={C888AAFA-BCD2-4977-B301-792B71D37B46}&mid=7b4185fdd71e47d0871175e71492890a-ffaa4437917a61ebfbfa34e17b21615256f64bcc&lang=en&ds=gl011&pr=sa&d=2012-08-07 22:53:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-29]
CHR Extension: (AVG Security Toolbar) - C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-20]
CHR Extension: (Google Wallet) - C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Webroot Password Manager) - C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-05-12]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-02-02]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-05-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S4 AlotService; C:\Users\Mittens\AppData\LocalLow\alotservice\alotservice.exe [256328 2013-01-25] (Inuvo Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-17] (AVG Secure Search)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [768144 2014-11-09] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-17] (AVG Technologies)
S0 rCAPFlpp; C:\Windows\System32\drivers\rCAPFlpp.sys [115744 2014-11-08] (Webroot)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-11-09] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 11:29 - 2014-11-09 11:30 - 00036672 _____ () C:\Users\Mittens\Desktop\FRST.txt
2014-11-09 11:29 - 2014-11-09 11:29 - 00000000 ____D () C:\Users\Mittens\Desktop\FRST-OlderVersion
2014-11-08 22:31 - 2014-11-08 22:31 - 00115744 _____ (Webroot) C:\Windows\system32\Drivers\rCAPFlpp.sys
2014-11-06 01:27 - 2014-11-06 01:27 - 00000000 ____D () C:\e5f3f0825f5e67f91e06cf4f5cb3
2014-11-02 14:59 - 2014-11-02 15:05 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-02 14:03 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-02 14:03 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-02 14:03 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-02 14:03 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-02 14:03 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-02 14:03 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-02 14:03 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-02 14:03 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-02 14:03 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-02 14:03 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-02 14:03 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-02 14:03 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-02 14:03 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-02 14:03 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-02 14:03 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-02 14:02 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-02 14:02 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-02 14:02 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-02 14:02 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-02 14:02 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-02 14:02 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-02 14:02 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-02 14:02 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-02 14:02 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-02 14:02 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-02 14:02 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-02 14:02 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-02 14:02 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-02 14:02 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-02 14:02 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-02 14:02 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-02 14:02 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-02 14:02 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-02 14:02 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-02 14:02 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-02 14:02 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-02 14:02 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-02 14:02 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-02 14:02 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-02 14:02 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-02 14:02 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-02 14:02 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-02 14:02 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-02 14:02 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-02 14:02 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-02 14:02 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-02 14:02 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-02 14:02 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-02 14:02 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-02 14:02 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-02 14:02 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-02 14:02 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-02 14:02 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-02 14:02 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-02 14:02 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-02 14:02 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-02 14:02 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-02 14:02 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-02 14:02 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-02 14:02 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-02 14:02 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-02 14:02 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-02 14:02 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-02 14:02 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-02 14:02 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-02 14:02 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-02 14:02 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-02 14:02 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-02 14:02 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-02 14:02 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-02 14:02 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-02 14:02 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-02 14:02 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-02 14:02 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-02 14:02 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-02 14:01 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-02 14:01 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-02 14:01 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-02 14:01 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-02 14:01 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-02 14:01 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-02 14:01 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-02 14:01 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-02 14:01 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-02 14:01 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-02 14:01 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-02 13:59 - 2014-11-02 19:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 13:59 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-02 13:59 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-02 13:59 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-02 13:59 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-02 13:58 - 2014-11-02 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 13:58 - 2014-11-02 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 13:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 13:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 13:33 - 2014-11-09 11:29 - 00000000 ____D () C:\FRST
2014-11-02 13:32 - 2014-11-09 11:29 - 02115584 _____ (Farbar) C:\Users\Mittens\Desktop\FRST64.exe
2014-11-02 13:29 - 2014-11-02 13:29 - 00007601 _____ () C:\Users\Mittens\AppData\Local\Resmon.ResmonCfg
2014-11-02 13:26 - 2014-11-02 13:38 - 00000000 ____D () C:\Users\Mittens\Documents\2014-11-02 PC Issue
2014-11-02 13:20 - 2014-11-02 13:20 - 01106432 _____ (Farbar) C:\Users\Mittens\Downloads\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 11:30 - 2013-05-12 13:41 - 00000000 ____D () C:\ProgramData\WRData
2014-11-09 11:26 - 2013-05-12 13:41 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-11-09 11:26 - 2013-05-12 13:41 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-11-09 11:26 - 2013-05-12 13:41 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-11-09 11:26 - 2013-05-12 13:41 - 00000747 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-11-09 11:26 - 2012-03-31 10:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 11:26 - 2011-03-18 21:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 11:26 - 2010-12-10 00:08 - 01049935 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 09:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-09 08:09 - 2011-08-05 18:02 - 00000000 ____D () C:\Users\Mittens\AppData\Local\CrashDumps
2014-11-08 22:27 - 2014-09-29 18:55 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-08 13:40 - 2011-03-18 21:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 13:38 - 2012-02-20 00:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8F1325AA-1D72-4477-9C23-DB76496CE82B}
2014-11-08 13:29 - 2011-02-21 23:35 - 00000000 ____D () C:\Users\Mittens\AppData\Roaming\SoftGrid Client
2014-11-07 21:03 - 2009-07-14 00:13 - 00783376 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 00:04 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 00:04 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 03:21 - 2013-06-07 22:36 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-11-06 03:21 - 2013-06-05 20:16 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-06 03:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 03:18 - 2009-07-13 23:51 - 00070675 _____ () C:\Windows\setupact.log
2014-11-06 03:18 - 2009-07-13 23:45 - 00278976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 03:15 - 2014-05-09 17:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-06 01:34 - 2011-02-14 04:29 - 00422880 _____ () C:\Windows\PFRO.log
2014-11-06 01:34 - 2009-07-14 00:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 01:30 - 2013-08-31 16:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-06 01:28 - 2011-02-20 17:36 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-02 19:10 - 2011-10-05 13:57 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-02 15:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-11-02 14:00 - 2013-05-12 09:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 13:59 - 2011-11-12 13:32 - 00000000 ____D () C:\Users\Mittens\AppData\Roaming\Malwarebytes
2014-11-02 13:58 - 2011-11-12 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 13:58 - 2011-11-12 13:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-02 13:11 - 2011-11-05 19:55 - 00000000 ____D () C:\Users\Mittens\AppData\Local\Facebook
2014-11-02 13:09 - 2010-12-10 00:26 - 00000000 ____D () C:\ProgramData\Norton
2014-11-02 13:03 - 2011-03-18 21:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-02 13:03 - 2011-03-18 21:25 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-02 12:33 - 2012-08-07 21:42 - 00000000 ____D () C:\Program Files (x86)\SearchYa!

Files to move or delete:
====================
C:\ProgramData\0obx4bn.fee

Some content of TEMP:
====================
C:\Users\Mittens\AppData\Local\Temp\MSNA0C6.exe
C:\Users\Mittens\AppData\Local\Temp\WRupdate459329.exe
C:\Users\Mittens\AppData\Local\Temp\WRupdate595350952.exe
C:\Users\Mittens\AppData\Local\Temp\WRupdate595378346.exe
C:\Users\Mittens\AppData\Local\Temp\WRupdate595443710.exe
C:\Users\Mittens\AppData\Local\Temp\WRupdate599073105.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-09 09:02

==================== End Of Log ============================

 

2)  Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Mittens at 2014-11-09 11:31:05
Running from C:\Users\Mittens\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version:  - ALOT)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bullzip PDF Printer 4.0.0.463 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPL Ghostscript Lite 9.04 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{4F74D585-BCDB-4316-80FC-264E5B8E883E}) (Version: 3.5.23.1 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2131 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java™ 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
ROBLOX Player for Mittens (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.5.107 - Webroot)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-374358556-4083376510-2304712985-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

30-09-2014 00:07:21 Windows Backup
03-10-2014 13:22:54 Windows Update
12-10-2014 23:00:14 Windows Backup
02-11-2014 13:19:10 Windows Backup
02-11-2014 16:44:00 Removed ooVoo
02-11-2014 17:52:14 Removed Facebook Video Calling 3.1.0.521
03-11-2014 00:00:10 Windows Backup
06-11-2014 06:39:25 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-08-10 02:34 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C5779A1-BD61-4F6F-9702-DCE4DC2912F4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {249EFBC6-54A2-4385-B19E-49D47BD631C2} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2BC5B449-00FA-4398-B6BB-0DEA91798DBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {9A8B734D-2AD5-4277-8AAC-0B7EEA38BFE0} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{99C25857-11C9-4E29-8E0E-64095A88AB34}.exe
Task: {9E2666B4-EF86-4D7F-9E60-F86699568B39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {B2226127-EE80-4EB7-8105-83B6EB625C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {EC321487-76A0-4057-9C09-1ACE84261AE7} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{ACE7D17C-2517-4312-8B11-3D6DA840A2FE}.exe
Task: {FBDE8F11-DBCD-440C-9C38-14264030780D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{99C25857-11C9-4E29-8E0E-64095A88AB34}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{ACE7D17C-2517-4312-8B11-3D6DA840A2FE}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-13 21:24 - 2010-02-17 18:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2011-02-13 21:24 - 2010-02-09 15:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2010-07-02 13:51 - 2010-07-02 13:51 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2014-08-17 02:43 - 2014-08-17 02:43 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-08-07 21:53 - 2014-08-25 17:09 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-02-13 21:23 - 2010-07-28 17:34 - 00022424 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-17 02:43 - 2014-08-17 02:43 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2010-12-10 00:12 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-02-13 21:23 - 2010-06-23 18:11 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-02-13 21:23 - 2010-06-23 18:11 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-02-13 21:23 - 2010-06-23 18:12 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-02-13 21:23 - 2010-06-23 18:11 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-02-13 21:23 - 2010-06-23 17:38 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-02-13 21:23 - 2010-07-28 17:02 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2011-10-23 08:09 - 2011-08-22 00:18 - 00925696 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AlotService => 2
MSCONFIG\Services: CinemaNow Service => 2
MSCONFIG\Services: GameConsoleService => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-374358556-4083376510-2304712985-500 - Administrator - Disabled)
Guest (S-1-5-21-374358556-4083376510-2304712985-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-374358556-4083376510-2304712985-1002 - Limited - Enabled)
Mittens (S-1-5-21-374358556-4083376510-2304712985-1000 - Administrator - Enabled) => C:\Users\Mittens

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 09:06:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/09/2014 09:04:59 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21613532

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21613532

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2014 10:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9391

Error: (11/08/2014 10:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9391

System errors:
=============
Error: (11/09/2014 11:27:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/09/2014 08:09:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CA3A5461-96B5-46DD-9341-5350D3C94615}

Error: (11/09/2014 08:09:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.

Error: (11/09/2014 04:59:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.

Error: (11/08/2014 10:35:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/08/2014 07:44:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/07/2014 06:27:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/07/2014 00:26:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/07/2014 00:26:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/07/2014 00:26:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Microsoft Office Sessions:
=========================
Error: (11/09/2014 09:06:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/09/2014 09:04:59 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21613532

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21613532

Error: (11/09/2014 04:59:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007

Error: (11/08/2014 10:59:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2014 10:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9391

Error: (11/08/2014 10:59:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9391

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3893.86 MB
Available physical RAM: 2286.95 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5526.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.45 GB) (Free:308.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.01 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 09 November 2014 - 01:47 PM

Hi,

 

Go ahead and uninstall ALOT Appbar via the Control Panel.

 

Next please download the following file => [attachment=157655:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 09 November 2014 - 04:05 PM

Hello Georgi,
During the "fix", a scripts issue popped up, but then closed.
Once done there was request to restart. After reboot, I got a message "user service profile failed..."
After that another message popped up saying it can not find C\....\Desktop.
Now there is nothing on the desktop and I do not see Internet Explorer.
I found the "desktop" the previous user ID "mittens", so I can actually find the "fix log.txt"
I probably can copy to USB and move to another PC and post but asking first what to do

#6 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 09 November 2014 - 04:14 PM

Looking deeper into the files, I found IE folder and see the application, but wait you direction

#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 09 November 2014 - 05:53 PM

Hi,

 

Can you please post the fixlog.txt in your next reply?

Maybe for some reason, the user profile was corrupted you are using a temporary profile You may want to check the link below on how to fix the issue.

 

http://support.microsoft.com/kb/947215

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 09 November 2014 - 09:50 PM

Good evening Georgi,

Here is the fixlog.txt

And thank you for the tip on the profile. I will  look into that.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Mittens at 2014-11-09 15:43:48 Run:1
Running from C:\Users\Mittens\Desktop
Loaded Profile: Mittens (Available profiles: Mittens)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKLM - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM - {71E870F3-ABF0-4ACC-9A35-2C19A742E8AE} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM-x32 - {30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12} URL = http://www.searchya.com/?q={searchTerms}&s=1&a=foxtab&chnl=ft-173&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyCzz0FtAyByCzy0FtBtCtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=177131230
SearchScopes: HKLM-x32 - {71E870F3-ABF0-4ACC-9A35-2C19A742E8AE} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll (Inuvo, Inc)
C:\Program Files (x86)\alotappbar
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2014-11-02 14:59 - 2014-11-02 15:05 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-11-02 12:33 - 2012-08-07 21:42 - 00000000 ____D () C:\Program Files (x86)\SearchYa!
C:\ProgramData\0obx4bn.fee
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AlotService" /f
end
*****************

Processes closed successfully.
"HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}" => Key deleted successfully.
"HKCR\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71E870F3-ABF0-4ACC-9A35-2C19A742E8AE}" => Key deleted successfully.
"HKCR\CLSID\{71E870F3-ABF0-4ACC-9A35-2C19A742E8AE}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71E870F3-ABF0-4ACC-9A35-2C19A742E8AE}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{71E870F3-ABF0-4ACC-9A35-2C19A742E8AE}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
"HKCR\Wow6432Node\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} => Value not found.
"HKCR\Wow6432Node\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}" => Key not found.
"C:\Program Files (x86)\alotappbar" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\Program Files (x86)\SearchYa! => Moved successfully.
C:\ProgramData\0obx4bn.fee => Moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\exefile" => Key not found.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\AlotService" /f =========

The operation completed successfully.

 

========= End of Reg: =========

 

The system needed a reboot.

==== End of Fixlog ====



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 10 November 2014 - 04:31 AM

Hi,

 

I see nothing wrong in the fixlog file so FRST is definitely not the case for the damaged profile.

Before we continue further, it is advisable to fix the profile issue first. Let me know how it went.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#10 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 10 November 2014 - 09:19 PM

luckily with a reboot, all is back to normal.

 

Good to hear fixlog is OK



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 11 November 2014 - 07:38 AM

Hi,

 

Nice to hear that!

 

The infection seems to be removed but if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 2

 

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 3

 

logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png

 

 

That's it for now.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 11 November 2014 - 10:03 PM

1]

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mittens [Administrator]
Mode : Scan -- Date : 11/11/2014  21:57:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Secure Search\vprot.exe"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 5 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -- C:\Windows\TEMP\{99C25857-11C9-4E29-8E0E-64095A88AB34}.exe (--uninstall=1) -> Found
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{ACE7D17C-2517-4312-8B11-3D6DA840A2FE}.exe (--uninstall=1) -> Found
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_HP_rmv -- C:\Windows\TEMP\{99C25857-11C9-4E29-8E0E-64095A88AB34}.exe (--uninstall=1) -> Found
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{ACE7D17C-2517-4312-8B11-3D6DA840A2FE}.exe (--uninstall=1) -> Found
[Suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" (Registration ShowMessageTask2D) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 158 (Driver: Loaded) ¤¤¤
[IAT:Inl] (iexplore.exe @ shell32.DLL) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ WRusr.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ explorerframe.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - SetClipboardData : Unknown @ 0x6fff00d8 (jmp 0xfffffffff8c11c9c)
[IAT:Inl] (iexplore.exe @ USER32.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ USER32.dll) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ USER32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ GDI32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ LPK.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ LPK.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ ADVAPI32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SendNotifyMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b80 (jmp 0xfffffffffd0d0518)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SendMessageCallbackW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227cc0 (jmp 0xfffffffffd0d05e0)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ SHELL32.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SendNotifyMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b40 (jmp 0xfffffffffd080de3)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SendNotifyMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b80 (jmp 0xfffffffffd0d0518)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostThreadMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d10 (jmp 0xfffffffffd0d40af)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - SetWindowTextA : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e440 (jmp 0xfffffffffd0c6952)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ urlmon.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - SendNotifyMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b40 (jmp 0xfffffffffd080de3)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ version.DLL) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ iertutil.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ WININET.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ OLEACC.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ OLEAUT32.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ OLEAUT32.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ OLEAUT32.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - DrawTextExW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e3b0 (jmp 0xfffffffffd0ccf12)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ IMM32.DLL) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - DrawTextExW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e3b0 (jmp 0xfffffffffd0ccf12)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SendNotifyMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b80 (jmp 0xfffffffffd0d0518)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ comctl32.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ comctl32.dll) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - DrawTextExW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e3b0 (jmp 0xfffffffffd0ccf12)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SetWindowTextA : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e440 (jmp 0xfffffffffd0c6952)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SendNotifyMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b80 (jmp 0xfffffffffd0d0518)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ comctl32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ comdlg32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - DrawTextExW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e3b0 (jmp 0xfffffffffd0ccf12)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ uxtheme.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ CLBCatQ.DLL) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ ieproxy.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ IEUI.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostThreadMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d10 (jmp 0xfffffffffd0d40af)
[IAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ IEUI.dll) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ IEUI.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ d2d1.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ d2d1.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ dxgi.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ dxgi.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ CRYPT32.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ apphelp.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ d3d11.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ d3d11.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ PROPSYS.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ ieapfltr.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ jscript9.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ windowscodecs.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ SETUPAPI.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ SETUPAPI.dll) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ SETUPAPI.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ SETUPAPI.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ SETUPAPI.dll) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ uiautomationcore.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - SetWindowTextA : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e440 (jmp 0xfffffffffd0c6952)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - SetWindowTextW : C:\Windows\SysWOW64\WRusr.dll @ 0x7421e400 (jmp 0xfffffffffd0cc314)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - SendMessageTimeoutW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227c20 (jmp 0xfffffffffd0de44e)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - SendMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b00 (jmp 0xfffffffffd0de487)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - SetClipboardData : C:\Windows\SysWOW64\WRusr.dll @ 0x74227740 (jmp 0xfffffffffd09e8e9)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) GDI32.dll - TextOutW : C:\Windows\SysWOW64\WRusr.dll @ 0x742236f0 (jmp 0xfffffffffee062d4)
[IAT:Inl] (iexplore.exe @ Flash32_15_0_0_167.ocx) GDI32.dll - BitBlt : C:\Windows\SysWOW64\WRusr.dll @ 0x74227650 (jmp 0xfffffffffee117aa)
[IAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostThreadMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d10 (jmp 0xfffffffffd0d40af)
[IAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - SendMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227ac0 (jmp 0xfffffffffd0d1992)
[IAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageA : C:\Windows\SysWOW64\WRusr.dll @ 0x74227db0 (jmp 0xfffffffffd0d4206)
[IAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ WINMM.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ POWRPROF.dll) KERNEL32.dll - LoadLibraryExW : C:\Windows\SysWOW64\WRusr.dll @ 0x74223860 (jmp 0xfffffffffd42ef3b)
[IAT:Inl] (iexplore.exe @ DINPUT8.dll) USER32.dll - SendNotifyMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227b80 (jmp 0xfffffffffd0d0518)
[IAT:Inl] (iexplore.exe @ DINPUT8.dll) USER32.dll - PostMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227e00 (jmp 0xfffffffffd0d6b5b)
[IAT:Inl] (iexplore.exe @ DINPUT8.dll) USER32.dll - PostThreadMessageW : C:\Windows\SysWOW64\WRusr.dll @ 0x74227d60 (jmp 0xfffffffffd0df161)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-60A0RT0 +++++
--- User ---
[MBR] e22ccaab23dff29fe13806a26a14f594
[BSP] f548284d067438a7441a59b4e71e8056 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 459217 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 940886016 | Size: 17419 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_11112014_205143.log

 

 

2]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2014
Scan Time: 8:59:58 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.12.03
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mittens

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359604
Time Elapsed: 41 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

3)

[2014.11.11 21:43:03.207] - Begin
[2014.11.11 21:43:03.207] -
[2014.11.11 21:43:03.223] -     ....................................
[2014.11.11 21:43:03.223] -   ..::::::::::::::::::....................
[2014.11.11 21:43:03.223] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.11 21:43:03.223] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.11 21:43:03.223] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.11 21:43:03.239] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.11 21:43:03.239] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.11 21:43:03.239] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.11 21:43:03.239] -     ....................................
[2014.11.11 21:43:03.239] -
[2014.11.11 21:43:03.239] - --------------------------------------------------------------------------------
[2014.11.11 21:43:03.239] -
[2014.11.11 21:43:03.239] - INFO: OS: 6.1.7601 SP1
[2014.11.11 21:43:03.239] - INFO: Product Type: Workstation
[2014.11.11 21:43:03.239] - INFO: WoW64: True
[2014.11.11 21:43:03.239] - INFO: Machine guid: D8448CFF-6F0C-4176-9FFC-51ED1279C0F9
[2014.11.11 21:43:03.239] -
[2014.11.11 21:43:05.017] - INFO: Scanning for system infection...
[2014.11.11 21:43:05.017] - --------------------------------------------------------------------------------
[2014.11.11 21:43:05.017] -
[2014.11.11 21:43:05.017] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 21:43:05.017] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 21:43:05.017] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 21:43:05.017] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 21:43:05.017] - INFO: Processing classes...
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.017] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.033] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.048] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.064] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.079] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.095] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.11 21:43:05.111] - INFO: Processing clsid [\Registry\User\S-1-5-21-374358556-4083376510-2304712985-1000\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.11 21:43:05.111] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 21:43:05.111] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.111] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.111] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 21:43:05.111] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.111] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.126] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.126] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 21:43:05.126] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 21:43:05.126] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.11 21:43:05.126] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 21:43:05.126] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 21:43:05.126] - INFO: Win32/Poweliks not found
[2014.11.11 21:43:13.441] - End
 



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:28 AM

Posted 12 November 2014 - 04:15 PM

Hi,

 

Nice work, The logs above are clean. Just in case please go through the steps below and post back the results:

 

 

STEP 1
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

 

STEP 2

 

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 15 November 2014 - 07:58 AM

Hi Georgi,

Having trouble posting the logs. They do not seem to "paste". So I am not gone.

Good news is TDS found nothing.

Hitman had a list I can not decipher

Hopefully it works this time.

Jay


HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : MITTENS-HP
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Mittens-HP\Mittens
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-11-12 19:26:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 15m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 103
   Objects scanned . . . : 3,097,194
   Files scanned . . . . : 318,776
   Remnants scanned  . . : 1,741,547 files / 1,036,871 keys
Malware _____________________________________________________________________
   C:\ProgramData\Windows Genuine Advantage\{30A3CFC2-38F4-46DF-9A66-228981FDD8C4}\msiexec.exe
      Size . . . . . . . : 276,480 bytes
      Age  . . . . . . . : 44.0 days (2014-09-29 18:56:15)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : BC4B0C09A6FE7FA804F4C3E8EAAA05A6A1E0DF63596B497252A7090FDF229001
    > Kaspersky  . . . . : Trojan-Dropper.Win32.Injector.kqot
      Fuzzy  . . . . . . : 126.0
   C:\ProgramData\Windows Genuine Advantage\{396D7911-AAA0-4425-929B-2BE7B32D4D46}\msiexec.exe
      Size . . . . . . . : 276,480 bytes
      Age  . . . . . . . : 44.0 days (2014-09-29 18:56:07)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : BC4B0C09A6FE7FA804F4C3E8EAAA05A6A1E0DF63596B497252A7090FDF229001
    > Kaspersky  . . . . : Trojan-Dropper.Win32.Injector.kqot
      Fuzzy  . . . . . . : 126.0

Suspicious files ____________________________________________________________
   C:\Users\Mittens\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,115,584 bytes
      Age  . . . . . . . : 10.2 days (2014-11-02 13:32:21)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : B5A49DD5675F9E2E6380D915FA0C5A990D6278B237663BC84774AA4AEB8AAD0F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\Mittens\Desktop\FRST64.exe
      Size . . . . . . . : 2,116,096 bytes
      Age  . . . . . . . : 3.2 days (2014-11-09 15:41:31)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9D17E46B4EAEC0509800C43B23765D00810EA2CEF362301BFB2E0B174DFE5AFD
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/f9a214e7c0c234efd63c7838ce414ec6/545fd183/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Mittens\Desktop\FRST64.exe
      Forensic Cluster
         -26.6s C:\Users\Mittens\AppData\Local\Temp\37d8\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\
         -26.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\History\History.IE5\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\Windows\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\History\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\Windows\Cookies\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\Windows\DNTException\
         -26.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\Windows\Cookies\container.dat
         -26.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\
         -26.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
         -26.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Microsoft\Windows\IECompatCache\
         -25.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\History\desktop.ini
         -24.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\splittest[1].js
         -24.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\X5XEKWXH.htm
         -23.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\gapx[1].js
         -23.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\protect[1].js
         -23.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jquery[1].js
         -23.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\drupal[1].js
         -23.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\flowplayer-3.2.12.min[1].js
         -23.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\advertisement[1].js
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ipq2[1].js
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Adobe\Flash Player\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Adobe\Flash Player\AssetCache\2QUC28A9\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Adobe\Flash Player\AssetCache\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Adobe\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\
         -22.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
         -22.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\end[1].htm
         -22.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2svst[1].js
         -22.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[1].htm
         -22.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\21169_kabeln[1].eot
         -22.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[1].htm
         -22.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\21169_kabeln[1].woff
         -22.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[1].js
         -22.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[2].htm
         -22.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[3].htm
         -21.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[4].htm
         -21.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[5].htm
         -21.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[1].js
         -21.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\get[1].txt
         -21.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[2].js
         -21.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[2].js
         -21.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getc[1].txt
         -21.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[6].htm
         -21.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\beanstock728x90[1].htm
         -21.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[3].js
         -21.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[1].gif
         -21.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[7].htm
         -21.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[2].gif
         -21.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[2].htm
         -21.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tag[1].js
         -21.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[3].htm
         -21.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[4].htm
         -21.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[3].js
         -21.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[4].js
         -21.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tag[2].js
         -21.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[5].htm
         -21.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[6].htm
         -21.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\protect[2].js
         -20.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[4].js
         -20.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[8].htm
         -20.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\doubleclick[7].htm
         -20.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[3].gif
         -20.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[4].gif
         -20.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tag[3].js
         -20.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[9].htm
         -20.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[1].js
         -20.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl[10].htm
         -20.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\UCookieSetPug[1].htm
         -20.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tag[4].js
         -19.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdServerServlet[1].htm
         -19.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[1].htm
         -19.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[1].gif
         -19.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdDisplayTrackerServlet[1].htm
         -19.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl95PLVNAF.htm
         -19.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[1].htm
         -19.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdServerServlet[2].htm
         -19.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cc_af[1].js
         -19.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\21625784[1].htm
         -18.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflQ8FGF71U.htm
         -18.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[1].js
         -18.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tag[5].js
         -18.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdDisplayTrackerServlet[2].htm
         -18.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\rt=ifr[1].htm
         -18.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[5].js
         -18.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tt[1].htm
         -18.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[5].js
         -18.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cc[1].js
         -18.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\vox-static.liverail.com\
         -18.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#websking.com\
         -18.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#websking.com\settings.sol
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[1].js
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\GetAd[1].js
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\static\flowplayer\unl\flowplayer.unlimited-3.2.18.swf\
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\static\flowplayer\unl\
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\static\
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\static\flowplayer\
         -18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\websking.com\static\flowplayer\unl\flowplayer.unlimited-3.2.18.swf\org.flowplayer.sol
         -18.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[2].htm
         -18.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[2].js
         -18.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[6].js
         -17.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflZC1HFLUZ.htm
         -17.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[6].js
         -17.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[5].gif
         -17.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflI5ZFEKN5.htm
         -17.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[3].js
         -17.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cdsad[1].js
         -17.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\GetAd[2].js
         -17.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflGPQXZ7PZ.htm
         -17.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[1].js
         -17.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[2].js
         -16.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[2].js
         -16.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflFA6WIJ8Z.htm
         -16.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\user_sync[1].htm
         -16.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl6SU6ZE88.htm
         -16.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\iframe[1].htm
         -16.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[4].js
         -16.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[6].gif
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[2].js
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\eolas_v2[1].js
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdServerServlet[3].htm
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[5].js
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl4NS6TRC5.htm
         -16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[3].js
         -16.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[1].gif
         -16.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[4].js
         -16.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\te_re[1].js
         -16.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[5].js
         -16.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflHSU9YZG1.htm
         -15.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[2].htm
         -15.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[3].htm
         -15.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\21564796[1].htm
         -15.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[6].js
         -15.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdServerServlet[4].htm
         -15.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cdsad[2].js
         -15.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tt[2].htm
         -15.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[7].js
         -15.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\fetch[1].js
         -15.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdDisplayTrackerServlet[3].htm
         -15.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflJD9BVYWU.htm
         -15.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[8].js
         -15.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[4].htm
         -14.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[3].js
         -14.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs[7].js
         -14.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[9].js
         -14.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\getjs.static[7].js
         -14.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cdsad[3].js
         -14.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swflNI1ZCNF0.htm
         -14.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj[10].js
         -14.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[2].gif
         -14.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tt[3].htm
         -14.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\GetAd[3].js
         -14.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[1].htm
         -14.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[2].htm
         -14.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[5].htm
         -14.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[4].js
         -14.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[3].htm
         -13.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[4].htm
         -13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[1].htm
         -13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjMG48IYSQ.js
         -13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[2].htm
         -13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[5].htm
         -13.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c2swfl46GDJ207.htm
         -13.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[3].htm
         -13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[3].gif
         -13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[6].htm
         -13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[4].htm
         -13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjKLEU77XJ.js
         -13.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cs[1].htm
         -13.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\post_relevad[1].js
         -13.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjNV0TBZ3T.js
         -13.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[7].htm
         -13.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj0T3HE3CK.js
         -12.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\SPug[1].htm
         -12.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\f[1].txt
         -12.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[8].htm
         -12.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjKJKFCDYD.js
         -12.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\q1verify[1].js
         -12.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\AdDisplayTrackerServlet[4].htm
         -12.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\fltiu[1].js
         -12.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjX6CQDBTC.js
         -12.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[3].htm
         -12.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[9].htm
         -12.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjULH7M7PF.js
         -11.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjEJBOUPFD.js
         -11.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[4].htm
         -11.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj074YUVAL.js
         -11.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj1LGFRLW2.js
         -11.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[4].gif
         -11.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if[10].htm
         -11.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[2].gif
         -11.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ifMQBA029R.htm
         -11.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[1].htm
         -10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[2].htm
         -10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[3].htm
         -10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[4].htm
         -10.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[1].js
         -10.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjVMFPP0AV.js
         -10.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tt[4].htm
         -10.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\SPug[2].htm
         -10.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjWKLJOX90.js
         -10.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[3].js
         -9.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjZNBK4XIB.js
         -9.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjAE6BN8EV.js
         -9.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[5].gif
         -9.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj0FCOT1SA.js
         -9.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ifL8SXPZ0C.htm
         -9.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[2].js
         -9.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjW3NS9LRQ.js
         -9.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[5].htm
         -9.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[3].js
         -9.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\if4TJ8OZ2U.htm
         -8.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\player[1].htm
         -8.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jwplayer[1].js
         -8.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jquery-1.8.3[1].js
         -8.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttjQ0VVS3KN.js
         -8.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ttj4EYVCYLK.js
         -8.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ifR1NJGMU3.htm
         -8.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pxj[1].gif
         -8.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dt_with_modernizr_min[1].js
         -8.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bcS[1].js
         -8.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pxj[2].gif
         -8.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\vast[1].js
         -7.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Internet Explorer\DOMStore\
         -7.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Internet Explorer\
         -7.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jwpsrv[1].js
         -7.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\iv.static[1].js
         -7.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bcS[2].js
         -7.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cdsad[4].js
         -7.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\sed[1].htm
         -7.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jwpsrv_frq[1].js
         -7.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pxj[3].gif
         -7.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[4].js
         -7.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\crossdomain[1].xml
         -7.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\p-01-0VIaSjnOLg[7].gif
         -7.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ad[5].js
         -5.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bsredirect5[1].js
         -5.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[5].js
         -4.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\verifyc[1].js
         -4.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\T000DIXP.htm
         -4.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[6].js
         -4.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[6].js
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dvtp_src[1].js
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\besttv39.cdn.it.best-tv.com\
         -3.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\besttv39.cdn.it.best-tv.com\com.longtailvideo.jwplayer.sol
         -3.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dvtp_src_internal5[1].js
         -3.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\jquery-latest.min[1].js
         -3.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\skeleton[1].js
         -3.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[7].js
         -3.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[8].js
         -3.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\51214364[1].js
         -3.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[6].htm
         -3.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\visit[1].js
         -3.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\usermatch[6].htm
         -3.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[5].htm
         -3.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pixel[7].htm
         -3.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\avs484[1].js
         -3.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[9].js
         -3.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[10].js
         -2.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ha6[1].js
         -2.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ddc[6].htm
         -2.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncJEWUPVD1.js
         -2.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\1037[1].js
         -2.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncJA70VA38.js
         -1.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\iftfl[1].js
         -1.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncDH9KIJ1X.js
         -1.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[4].js
         -1.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncTBE8SQIV.js
         -1.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync8WJU0YZV.js
         -1.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncCY3Q548R.js
         -1.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncP7PO6JN2.js
         -1.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[1].htm
         -1.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync1QD8WNYC.js
         -1.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncF0FQHNTP.js
         -1.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\iftfl[2].js
         -1.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[1].htm
         -0.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncI8XT8CFM.js
         -0.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync504427GP.js
         -0.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncBTO9MTCB.js
         -0.2s C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\F9L9FSKU.txt
         -0.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncTG76N1WL.js
         -0.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncVH3LSGOM.js
         -0.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync2JF5MW08.js
          0.0s C:\Users\Mittens\Desktop\FRST64.exe
          0.0s C:\Users\Mittens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KK3J1N4\FRST64[1].exe
          0.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync44472GPC.js
          0.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync6ZB7322C.js
          0.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncYDQ5BD5P.js
          0.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncZMZXY0YO.js
          0.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync6KHLIB6A.js
          1.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncMUFQWBI5.js
          1.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncRVP97ELK.js
          1.3s C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\7FAJM4G1.txt
          1.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncV6L1PHDL.js
          1.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync7373XTJ9.js
          1.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\728x90[1].swf
          1.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncC1G0IQ80.js
          1.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncTV0R3YS0.js
          1.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[2].htm
          1.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncQJ6E2DVP.js
          1.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncX4D4B5M9.js
          2.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\x71[1].htm
          2.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync6HUD2BJS.js
          2.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[3].htm
          4.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ZAPSegments@x96[1].htm
          4.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pibiview[1].js
          4.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\image[1].gif
          4.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[2].htm
          5.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\1@x92[1].htm
          5.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ibiview[1].js
          5.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\at[1].js
          5.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\seg[1].gif
          6.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\@x96[1].htm
          6.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\seg=R09&ida=1&xid=914920241482203[1].htm
          6.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\3PDPHandler[1].gif
          6.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bg[1].htm
          6.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\image[2].gif
          6.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\i[1].gif
          7.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\js[7].js
          7.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[3].htm
          8.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\px[1].htm
          8.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\3PDPHandler[2].gif
          8.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bk-static[1].js
          8.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\c[1].gif
          8.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ibiview[2].js
          8.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\2554[1].htm
          8.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\at[2].js
          9.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bct[1].htm
          9.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\seg=R09&ida=1[1].htm
          9.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bg[2].htm
          9.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\genp=BRI00307[1].gif
          9.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\i[2].gif
          9.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\px[2].htm
          9.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\@x96[2].htm
          9.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bct[1].gif
         10.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[4].htm
         10.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bct[2].htm
         10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[1].htm
         10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[2].htm
         10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\ca[3].htm
         10.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bct[3].htm
         11.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\![1].htm
         11.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\seg[2].gif
         11.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\seg[3].gif
         12.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[5].htm
         12.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[6].htm
         12.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[8].htm
         12.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[7].htm
         12.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[9].htm
         13.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[10].htm
         13.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[3].gif
         13.3s C:\Users\Mittens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DO140GTI\up64[1]
         13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bizo-integration[1].js
         13.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[5].htm
         13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[4].gif
         13.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[5].gif
         14.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[6].gif
         14.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[7].gif
         15.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[8].gif
         15.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[6].htm
         15.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\SPug[3].htm
         15.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\profile[1].json
         15.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\crossdomain[2].xml
         16.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncVIQJRWE8.js
         16.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[9].gif
         16.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug[10].gif
         16.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\iftfl[3].js
         16.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Actions[1].swf
         16.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncXJL6E4JL.js
         16.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\HeatMapRecorder[1].swf
         16.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\resources[1].xml
         17.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncMCFY02JQ.js
         17.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[7].htm
         17.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncPWATXKDL.js
         17.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncDS8GQBLQ.js
         18.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncEXYJOTG8.js
         19.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncSZ1AISFY.js
         19.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[8].htm
         19.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncDD3JAMXG.js
         19.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\WSRT_s02_04-H264-900kb-stream[1].mov
         19.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync6R1B4R49.js
         20.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersyncEPY4Q5IB.js
         21.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[9].htm
         23.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\a_usersync[4].htm
         23.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\tracking[1].js
         24.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695[10].htm
         24.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bapi[1].js
         24.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\vce_st[1].js
         24.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\lookup[1].js
         24.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\rpc[1].js
         24.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dbapi[1].js
         25.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695NT94VKV7.htm
         25.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bapi[2].js
         26.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dbapi[2].js
         26.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bapi[3].js
         27.2s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dbapi[3].js
         27.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695Y94P60NE.htm
         28.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\bapi[4].js
         28.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\dbapi[4].js
         28.7s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695ZTG9N7VY.htm
         29.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695HT15RFK2.htm
         30.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f0695Z4TFPJ8H.htm
         32.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f06956W31Q2AZ.htm
         59.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cse[1].htm
         59.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pubmatic[1].gif
         60.0s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\pub[1].htm
         60.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cookiematch[1].gif
         60.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\idsync[1].htm
         60.9s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\receive[1].png
         61.3s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\Pug25V9QPWF.htm
         61.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\PugRJSWG91N.gif
         62.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\5487&vid_id=&vid_title=[1].xml
         62.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\3615&vid_id=[Mediashakers]&vid_title=[Mediashakers][1].xml
         62.5s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DJDGCN8P\aka.spotxcdn.com\
         62.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\SPug[4].htm
         63.4s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\cse[2].htm
         65.1s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\applist[1].xml
         65.6s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f06953BYC5F1M.htm
         71.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\411f1e96-3bde-4d85-b17e-63749e5f06951QORZH96.htm
         71.8s C:\Users\Mittens\AppData\Local\Temp\37d8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUTZ1BIT\QTIKFU8T.xml
   C:\Users\Mittens\Documents\2014-11-02 PC Issue\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 10.2 days (2014-11-02 13:32:52)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C3D38BE8C0CEE5862472EC7449D3457C46591C186BC1B1426DE3A41F3B8BDDAE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -17.0s C:\$Recycle.Bin\S-1-5-21-374358556-4083376510-2304712985-1000\$IBLMLFQ.exe
          0.0s C:\Users\Mittens\Documents\2014-11-02 PC Issue\FRST64.exe
          3.6s C:\$Recycle.Bin\S-1-5-21-374358556-4083376510-2304712985-1000\$IQ94GC6.exe
         14.2s C:\FRST\Hives\
         14.2s C:\FRST\Logs\
         14.2s C:\FRST\
         14.2s C:\FRST\Quarantine\
         20.4s C:\FRST\Hives\ERDNT.INF
         20.4s C:\FRST\Hives\ERDNT.CON
         20.4s C:\FRST\Hives\BCD
         20.5s C:\FRST\Hives\system
         21.2s C:\FRST\Hives\software
         23.6s C:\FRST\Hives\default
         23.9s C:\FRST\Hives\security
         23.9s C:\FRST\Hives\sam
         24.0s C:\FRST\Hives\Users\
         24.0s C:\FRST\Hives\Users\00000001\
         24.0s C:\FRST\Hives\Users\00000001\ntuser.dat
         24.7s C:\FRST\Hives\Users\00000002\
         24.7s C:\FRST\Hives\Users\00000002\UsrClass.dat
         25.0s C:\FRST\Hives\components
         26.3s C:\FRST\Hives\schema.dat
         27.9s C:\FRST\Hives\ERDNT.EXE
         27.9s C:\FRST\Hives\ERDNTWIN.LOC
         27.9s C:\FRST\Hives\ERDNTDOS.LOC
         28.3s C:\Users\Mittens\Documents\2014-11-02 PC Issue\FRST.txt
   C:\Users\Mittens\Downloads\FRST.exe
      Size . . . . . . . : 1,106,432 bytes
      Age  . . . . . . . : 10.3 days (2014-11-02 13:20:43)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 9A26A4A17046CAE88FD85538EC4A66D7D10037073B7828EEE4E852407E4AF98D
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

Potential Unwanted Programs _________________________________________________
   C:\ProgramData\Babylon\ (Babylon)
   C:\Users\Mittens\AppData\Local\APN\ (AskBar)
   C:\Users\Mittens\AppData\Local\APN\GoogleCRXs\ (AskBar)
   C:\Users\Mittens\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx (AskBar)
   ask
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Web Data
   ask.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Web Data
   C:\Users\Mittens\AppData\LocalLow\Claro LTD\ (Claro)
   C:\Users\Mittens\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\Mittens\AppData\Roaming\Babylon\log_file.txt (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\ (Claro)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\s\ (Softonic)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\ (Claro)
   HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS\ (AskBar)
   HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-374358556-4083376510-2304712985-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
Cookies _____________________________________________________________________
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:2843239.fls.doubleclick.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.e-kolay.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpserve.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.livenation.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbs.112.2o7.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:pd0.imp.revsci.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:warnerbros.112.2o7.net
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Mittens\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\2VS6G5Z3.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\4I876LD5.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\5W13BI1D.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\8X5ANFQ9.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\BN8FG453.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\CV9TGRH4.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\L9D911WP.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\MV6KE5WT.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\NFKZV6KX.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\OHNM7UMX.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\SM5W18TS.txt
   C:\Users\Mittens\AppData\Roaming\Microsoft\Windows\Cookies\Y8QTPHUC.txt

OK one down.



#15 Manutd#14

Manutd#14
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 15 November 2014 - 08:13 AM

TDS would paste using the icon in right side of tool bar, but then upon posting it just said "saving" for 10min. Then any click, web page frozen






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users